Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
  1. #16
    Status
    Offline
    margarine's Avatar
    Newbie
    Join Date
    Aug 2010
    Location
    Surabaya
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    gan,,ne setingan filter dan nat ane
    Filter ane:
    Code:
    /ip firewall filter> pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0 X ;;; place hotspot rules here
         chain=unused-hs-chain action=passthrough 
     1   ;;; Allow semua akses internet to client
         chain=forward action=accept dst-address=10.126.177.0/24 
         in-interface=pppoe-modem out-interface=ether3-wifi 
     2   ;;; Allow semua akses internet to client
         chain=forward action=accept dst-address=192.168.34.0/24 
         in-interface=pppoe-modem out-interface=ether5-server 
     3   ;;; Allow semua akses internet to client
         chain=forward action=accept dst-address=10.126.167.0/24 
         in-interface=pppoe-modem out-interface=ether4-wn422 
     4   ;;; Allow semua akses internet to client
         chain=forward action=accept dst-address=192.168.177.0/24 
         in-interface=pppoe-modem out-interface=ether2-lokal 
     5   ;;; Allow Remote winbox dari Publik
         chain=input action=accept protocol=tcp in-interface=pppoe-modem 
         dst-port=8291 
     6   ;;; Allow NTP Traffic
         chain=input action=accept protocol=udp in-interface=pppoe-modem 
         src-port=123 
     7   ;;; Allow DNS Traffic
         chain=input action=accept protocol=udp in-interface=pppoe-modem 
         src-port=53 
     8   ;;; Allow Hotspot Transparent Traffic
         chain=input action=accept protocol=tcp in-interface=pppoe-modem 
         src-port=80 
     9   ;;; Allow Ping Traceroute Traffic
         chain=input action=accept protocol=icmp in-interface=pppoe-modem 
    10   ;;; Allow Access userman dari luar
         chain=input action=accept protocol=tcp dst-address=180.247.60.xx 
         dst-port=8781 
    11   ;;; Log Ip Yang Di Tolak
         chain=input action=add-src-to-address-list connection-state=new 
         address-list=spam address-list-timeout=30m in-interface=pppoe-modem 
    12   ;;; Drop Semua Akses yang tidak di ijinkan
         chain=input action=drop in-interface=pppoe-modem 
    13   ;;; Drop Traceroute
         chain=forward action=drop protocol=icmp icmp-options=11:0 
    14   ;;; Drop Traceroute
         chain=forward action=drop protocol=icmp icmp-options=3:3 
    15 X ;;; DNS Enforcer
         chain=forward action=drop protocol=tcp dst-address=!180.131.144.144 
         dst-port=53 
    16 X ;;; DNS Enforcer
         chain=forward action=drop protocol=udp dst-address=!180.131.145.145 
         dst-port=53 
    17   ;;; Port scanners to list 
         chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 
         address-list=port scanners address-list-timeout=2w 
    18   ;;; NMAP FIN Stealth scan
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=port scanners address-list-timeout=2w 
    19   ;;; SYN/FIN scan
         chain=input action=add-src-to-address-list tcp-flags=fin,syn 
         protocol=tcp address-list=port scanners address-list-timeout=2w 
    20   ;;; SYN/RST scan
         chain=input action=add-src-to-address-list tcp-flags=syn,rst 
         protocol=tcp address-list=port scanners address-list-timeout=2w 
    21   ;;; FIN/PSH/URG scan
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp 
         address-list=port scanners address-list-timeout=2w 
    22   ;;; ALL/ALL scan
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp 
         address-list=port scanners address-list-timeout=2w 
    23   ;;; NMAP NULL scan
         chain=input action=add-src-to-address-list 
         tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=port scanners address-list-timeout=2w
    Nat ane:
    Code:
    /ip firewall> na pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0 X ;;; place hotspot rules here
         chain=unused-hs-chain action=passthrough 
     1   chain=srcnat action=masquerade out-interface=pppoe-modem 
     2   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.126.177.0/24 
     3   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.126.167.0/24 
     4   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=192.168.34.0/24 
     5 X ;;; DNS Enforcer
         chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 
         protocol=tcp dst-address=!180.131.144.144 dst-port=53 
     6 X ;;; DNS Enforcer
         chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 
         protocol=udp dst-address=!180.131.145.145 dst-port=53 
     7   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.10.10.0/24 
     8   chain=dstnat action=redirect to-ports=3128 protocol=tcp dst-port=80
    dan ini ip address ane:
    Code:
    /ip add pr
    Flags: X - disabled, I - invalid, D - dynamic 
     #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
     0   192.168.117.117/24 192.168.117.0   192.168.117.255 ether1-modem           
     1   192.168.177.1/24   192.168.177.0   192.168.177.255 ether2-lokal           
     2   10.126.177.1/24    10.126.177.0    10.126.177.255  ether3-wifi            
     3   10.126.167.1/24    10.126.167.0    10.126.167.255  ether4-wn422           
     4   10.10.17.1/24      10.10.17.0      10.10.17.255    ether3-wifi            
     5   192.168.34.1/24    192.168.34.0    192.168.34.255  ether5-server          
     6 D 180.247.60.xx/32   180.247.60.1    0.0.0.0         pppoe-modem
    mohon bantuan agan2 semua..
    kasus ane, interface 1 untuk modem
    interface 2, untuk komputer lokal. tapi ane setting switch ke interface 3
    interface 3 ane set hotspot
    interface 4 ane set switch ke interface 3
    interface 5 yang mau tak buat server. kemarin interface ini hotspot juga tapi ane hapus trus mau tak buat langsung konek aja..
    di interface 5 ini klo ping kemana aja bisa, tapi klo konek pake browser gak bisa..
    maaf gan klo berantakan bahasa n penjelasannya..

  2. #17
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by margarine Click here to enlarge
    Code:
    /ip firewall> na pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0 X ;;; place hotspot rules here
         chain=unused-hs-chain action=passthrough 
     1   chain=srcnat action=masquerade out-interface=pppoe-modem 
     2   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.126.177.0/24 
     3   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.126.167.0/24 
     4   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=192.168.34.0/24 
     5 X ;;; DNS Enforcer
         chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 
         protocol=tcp dst-address=!180.131.144.144 dst-port=53 
     6 X ;;; DNS Enforcer
         chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 
         protocol=udp dst-address=!180.131.145.145 dst-port=53 
     7   ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=10.10.10.0/24 
     8   chain=dstnat action=redirect to-ports=3128 protocol=tcp dst-port=80
    sebelumnya maaf kalo salah,
    NAT nya cb diperbaiki dl kok masquerade nya banyak amat kalo ditempat sy cm pake 1 masquerade bisa untuk hotspot maupun lokal, trs ada dstnat ke port 3128 apakah memakai external proxy?kalo iya brrti dstnatnya salah,
    sekali lg CMIIW

  3. The Following User Says Thank You to dhopack For This Useful Post:


  4. #18
    Status
    Offline
    margarine's Avatar
    Newbie
    Join Date
    Aug 2010
    Location
    Surabaya
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    To agan2 semua yang membantu ane,,ane ucapkan terimakasih banyak gan..
    akhirnya ane nyoba restore ke file backup ane bulan kemarin
    dan semua kembali berjalan normal..setelah ane mencari tau setingan mana yang salah,ane bingung karna gak ada setingan yang berbeda dengan yang kemarin
    ane membandingkan file rsc(export file) setingan error dengan rsc file bulan lalu..
    setelah ane coba2 lagi,kyaknya permasalahannya di switchnya rb750 ane..
    karna klo misalnya interface 5 awalnya bisa konek internet,kemudian di switch ke interface lain, lalu gak di switch lagi tanpa ada perubahan pada setingannya, maka interface 5 itu dah gak bisa konek..tapi dia bisa ping melalui terminal.

    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    sebelumnya maaf kalo salah,
    NAT nya cb diperbaiki dl kok masquerade nya banyak amat kalo ditempat sy cm pake 1 masquerade bisa untuk hotspot maupun lokal, trs ada dstnat ke port 3128 apakah memakai external proxy?kalo iya brrti dstnatnya salah,
    sekali lg CMIIW
    port 3128 itu ane make webproxy bawaan dari mikrotik..bukan pake external proxy..

  5. #19
    Status
    Offline
    m3tr0mini's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Posts
    660
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    permasalahan ada di NAT...
    cek lagi....baik interface maupun src-address list.

  6. #20
    Status
    Offline
    margarine's Avatar
    Newbie
    Join Date
    Aug 2010
    Location
    Surabaya
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by m3tr0mini Click here to enlarge
    permasalahan ada di NAT...
    cek lagi....baik interface maupun src-address list.
    perubahan yang ane lakukan:
    masquirade dari 10.126.167.0; 10.10.10.0; dan 192.168.34.0 udah ane hapus gan..
    kira2 ada lagi??

  7. #21
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    setelah diotak atik ya dicoba lagi kalo masih gagal diotak atik dicoba lagi sampe dapat setingannya, itulah namanya trial+error hehehe Click here to enlarge

  8. #22
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    perangkat apa yang anda gunakan buat router anda? lebih baik anda tidak menggunakan web-proxy internal mikrotik karena beban processor yang cukup tinggi

  9. #23
    Status
    Offline
    saifulrohmah's Avatar
    Baru Gabung
    Join Date
    Sep 2011
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rahwana Click here to enlarge
    Kalau ping semua jalan, maka logika nya NAT sudah jalan dan sudah benar
    Kemungkinannya : ada firewall filter yang secara tidak sengaja ada dan menghalangi atau ada proxy yang menghadang.
    Atau... mikrotiknya perlu di restart/reset karena bugs atau kesalahan lain


    Ayom Rahwana
    ===============
    PT. Laxo Global Akses
    Cabang : Sidoarjo, Surabaya, Kediri, Tulungagung, Malang, Solo, Purwokerto
    -------------------
    Paket Tahun Baru : Hanya Rp. 2,5 jt full international atau Rp. 1 jt up to 1 Mbps
    Hubungi : info@laxo.net.id
    Toooppppp Click here to enlarge

 

 
Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 29
    Last Post: 18-12-2015, 10:31
  2. Bisa ping IP address tapi gak bisa buka halaman webnya
    By mzachmad in forum Beginner Basics
    Replies: 3
    Last Post: 17-07-2009, 00:24
  3. Replies: 27
    Last Post: 17-03-2009, 10:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •