Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 4 of 4
  1. #1
    Status
    Offline
    taufiqtgz's Avatar
    Newbie
    Join Date
    Dec 2009
    Location
    635'44.17"S
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ASK] Firewall Mikrotik dan konfigurasi yang cocok

    Tanya Kepada Seluruh Mastah di Forum Mikrotik

    Mikrotik saya Konfigurasinya gini

    - speedy modem bridge mode
    - PC Mikrotik (PPP, lancard ada 3)
    LAN 1 = pppp
    LAn 2 = lab (192.168.5.0/24)
    Lan 3 = Hotspot dan lan PC (192.168.4.0/24)

    - Firewall NAT saya menggunakan masquerade
    - Firewall Filter (mulai drop Conficker, Spam, dan virus)
    - simple queue (per network)

    Pertanyaanya

    Kenapa Jaringan Saya sering Drop di network LAN 3/Hotspot (192.168.4.0/24) padahal di Network LAN 2/LAB (192.168.5.0/24) itu lancar sekali ndak ada masalah.
    -Apakah ini karena Virus atau Firewall saya yang bermasalah atau konfigurasi saya yang masih salah
    please Help ME Click here to enlargeClick here to enlarge

  2. #2
    Status
    Offline
    triadisantoso's Avatar
    Member
    Join Date
    May 2010
    Location
    Lampung, Indonesia
    Posts
    199
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    drop gimana mas bro...? trafic gede apa gimana?

  3. #3
    Status
    Offline
    adhielesmana's Avatar
    Administrator
    Join Date
    Jan 2009
    Location
    http://www.adhielesmana.com
    Posts
    3,054
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by taufiqtgz Click here to enlarge
    Tanya Kepada Seluruh Mastah di Forum Mikrotik

    Mikrotik saya Konfigurasinya gini

    - speedy modem bridge mode
    - PC Mikrotik (PPP, lancard ada 3)
    LAN 1 = pppp
    LAn 2 = lab (192.168.5.0/24)
    Lan 3 = Hotspot dan lan PC (192.168.4.0/24)

    - Firewall NAT saya menggunakan masquerade
    - Firewall Filter (mulai drop Conficker, Spam, dan virus)
    - simple queue (per network)

    Pertanyaanya

    Kenapa Jaringan Saya sering Drop di network LAN 3/Hotspot (192.168.4.0/24) padahal di Network LAN 2/LAB (192.168.5.0/24) itu lancar sekali ndak ada masalah.
    -Apakah ini karena Virus atau Firewall saya yang bermasalah atau konfigurasi saya yang masih salah
    please Help ME Click here to enlargeClick here to enlarge
    siapa yang tau? kalo konfigurasi anda saja tidak di export ke sini...

  4. #4
    Status
    Offline
    taufiqtgz's Avatar
    Newbie
    Join Date
    Dec 2009
    Location
    635'44.17"S
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by aditardy Click here to enlarge
    drop gimana mas bro...? trafic gede apa gimana?
    iya kadang trafic tinggi speedynya pake paket biz 3mb

    Click here to enlarge Originally Posted by adhielesmana Click here to enlarge
    siapa yang tau? kalo konfigurasi anda saja tidak di export ke sini...
    set IP address
    Code:
     0   ;;; to modem
         192.168.1.2/30     192.168.1.0     192.168.1.3     wan      
     1   ;;; hotspot network
         10.5.50.1/24       10.5.50.0       10.5.50.255     Hotspot  
     2   10.5.53.1/24       10.5.53.0       10.5.53.255     lc1      
     3 D 118.96.136.x/32  118.96.136.1    0.0.0.0         speedu
    set route
    Code:
     0 ADC 10.5.50.0/24       10.5.50.1                                  Hotspot  
     1 ADC 10.5.53.0/24       10.5.53.1                                  lc1      
     2 ADC 118.96.136.1/32    118.96.136.x                            speedu   
     3 ADC 192.168.1.0/30     192.168.1.2                                wan      
     4 AD  0.0.0.0/0                          r 118.96.136.1    1        speedu
    set Firewall NAT
    Code:
     0   ;;; in to ex web
         chain=dstnat dst-address=public protocol=tcp dst-port=80 
         action=dst-nat to-addresses=10.5.50.253 to-ports=80 
    
     1   ;;; ex to in web
         chain=srcnat dst-address=10.5.50.253 protocol=tcp dst-port=80 
         action=src-nat to-addresses=public to-ports=0-65535 
    
     2   ;;; nat baca modem
         chain=srcnat out-interface=wan src-address=10.5.50.253 
         dst-address=192.168.1.1 action=masquerade 
    
     3   ;;; masquerade hotspot network
         chain=srcnat out-interface=speedu src-address=10.5.50.0/24 
         action=masquerade 
    
     4   ;;; masquerade loc2 network
         chain=srcnat out-interface=speedu src-address=10.5.53.0/24 
         action=masquerade
    Set firewall Mangle
    Code:
     0   ;;; 445-UDP
         chain=prerouting protocol=udp dst-port=445 action=mark-connection new-connection-mark=conn-conficker passthrough=yes 
    
     1   ;;; 445-TCP
         chain=prerouting protocol=tcp dst-port=445 action=mark-connection new-connection-mark=conn-conficker passthrough=yes 
    
     2   ;;; conficker-pkt
         chain=prerouting connection-mark=conn-conficker action=mark-packet new-packet-mark=conficker-pkt passthrough=no
    set firewall Filter
    Code:
     0   ;;; Allow Remote winbox dari Publik
         chain=input in-interface=wan protocol=tcp dst-port=8291 action=accept 
    
     1   ;;; Allow NTP Traffic
         chain=input in-interface=wan protocol=udp src-port=123 action=accept 
    
     2   ;;; Allow DNS Traffic
         chain=input in-interface=wan protocol=udp src-port=53 action=accept 
    
     3   ;;; Allow Ping Traceroute Traffic
         chain=input in-interface=wan protocol=icmp action=accept 
    
     4   ;;; Log Ip Yang Di Tolak
         chain=input in-interface=wan connection-state=new action=add-src-to-address-list address-list=spam 
         address-list-timeout=30m 
    
     5   ;;; Drop Semua Akses yang tidak di ijinkan
         chain=input in-interface=wan action=drop 
    
     6   ;;; ;;Block W32.Kido - Conficker
         chain=forward protocol=udp src-port=135-139 action=drop 
    
     7   chain=forward protocol=udp dst-port=135-139 action=drop 
    
     8   chain=forward protocol=udp src-port=445 action=drop 
    
     9   chain=forward protocol=udp dst-port=445 action=drop 
    
    10   chain=forward protocol=tcp src-port=135-139 action=drop 
    
    11   chain=forward protocol=tcp dst-port=135-139 action=drop 
    
    12   chain=forward protocol=tcp src-port=445 action=drop 
    
    13   chain=forward protocol=tcp dst-port=445 action=drop 
    
    14   chain=forward protocol=tcp dst-port=4691 action=drop 
    
    15   chain=forward protocol=tcp dst-port=5933 action=drop 
    
    16   ;;; Block LLMNR
         chain=forward protocol=udp dst-port=5355 action=drop 
    
    17   chain=forward protocol=udp dst-port=4647 action=drop 
    
    18   ;;; drop conficker
         chain=forward packet-mark=conficker-pkt action=drop 
    
    19   ;;; Log Spammer to address list for future investigation
         chain=forward protocol=tcp dst-port=25 src-address-list=spammer action=add-src-to-address-list 
         address-list=WasASpammerOnce address-list-timeout=0s 
    
    20   ;;; BLOCK SPAMMERS OR INFECTED USERS
         chain=forward protocol=tcp dst-port=25 src-address-list=spammer action=tarpit 
    
    21   ;;; Detect and add-list SMTP virus or spammers
         chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!WhiteListed 
         action=add-src-to-address-list address-list=spammer address-list-timeout=30m 
    
    22   ;;; Flood protect
         chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect 
    
    23   ;;; burts rate
         chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept 
    
    24   ;;; dropped flood
         chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop
    Set Queue simple
    Code:
     0    name="Lan53" target-addresses=10.5.53.0/24 dst-address=0.0.0.0/0 interface=lc1 parent=none direction=both priority=8 
          queue=default-small/default-small limit-at=0/0 max-limit=512000/1000000 burst-limit=1000000/1000000 
          burst-threshold=512000/512000 burst-time=10s/10s total-queue=default-small 
    
     1    name="Lan50" target-addresses=10.5.50.0/24 dst-address=0.0.0.0/0 interface=lc2 parent=none direction=both priority=8 
          queue=default-small/default-small limit-at=0/0 max-limit=1000000/2000000 burst-limit=1000000/2000000 
          burst-threshold=512000/1000000 burst-time=10s/10s total-queue=default-small
    menurut bang adhie ada yang kurang dan mungkin bisa saya benahi.. (saya menggunakan lancard onboard realtek, d-link dan tplink)

    ---------- Post added at 10:02 ---------- Previous post was at 09:52 ----------

    penampakan trafic hasil graph

    Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Motherboard Yang cocok untuk PC Box Radio Link Mikrotik
    By topik80 in forum Wireless Networking
    Replies: 7
    Last Post: 08-03-2013, 20:46
  2. [ASK] AP yang paling cocok untuk rt/rw net
    By Daps Oks in forum Wireless Networking
    Replies: 28
    Last Post: 24-05-2012, 01:41
  3. RB jenis apa yang cocok ...!!!
    By nuna466 in forum Beginner Basics
    Replies: 8
    Last Post: 18-05-2010, 12:02
  4. Rb yang cocok yang mana ya??
    By GOGI in forum Wireless Networking
    Replies: 23
    Last Post: 28-05-2009, 17:55

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •