bro, masih terjadi nih tadi siang dan setelah wa restart mikrotiknya baru bisa lagi browsingnya
ada masukan?
bro, masih terjadi nih tadi siang dan setelah wa restart mikrotiknya baru bisa lagi browsingnya
ada masukan?
update lagi nih soalnya masih suka ngadat, mohon bantuannya
bukannya tidak mau bro tapi saya tidak bisa karena ini bukan punya saya alias punya kantor dan saya tidak punya hak akses full buat itu
berikut firewall saya:
mudah2an bisa bantu/ip firewall export
# dec/27/2012 10:23:26 by RouterOS 4.10
# software id = 2D90-3HEC
#
/ip firewall layer7-protocol
add comment="" name=netspier regexp=email.netspier.net
add comment="" name=mail-fly.com regexp=mail-fly.com
add comment="" name=facebook regexp="^.+(facebook).*\$"
add comment="" name=Twitter regexp="^.+(twitter).*\$"
add comment="" name=spamcop regexp="^.+(spamcop).*\$"
add comment="" name=father regexp="^.+(babe).*\$"
add comment="" name=xxx regexp="^.+(search).*\$"
add comment="" name=megaxus regexp="^.+(megaxus).*\$"
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \
udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="" disabled=no dst-port=1234 in-interface=Local protocol=tcp
add action=drop chain=forward comment="" content=facebook disabled=no layer7-protocol=facebook protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="" content=twitter disabled=no layer7-protocol=Twitter protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="" content=spamcop disabled=no layer7-protocol=spamcop protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="" content=babe disabled=no layer7-protocol=father protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="" content=megaxus disabled=no layer7-protocol=spamcop protocol=tcp src-address=0.0.0.0/0
add action=drop chain=forward comment="" content=xxx disabled=no layer7-protocol=xxx protocol=tcp src-address=0.0.0.0/0
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="" disabled=no in-interface=Local
add action=drop chain=input comment="" disabled=no dst-port=3128 in-interface=Public protocol=tcp
add action=drop chain=forward comment="" disabled=no layer7-protocol=netspier
add action=drop chain=forward comment="" disabled=no layer7-protocol=mail-fly.com
add action=accept chain=input comment="" disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=8278 protocol=tcp
add action=accept chain=input comment="Input Established Connection" connection-state=established disabled=no
add action=accept chain=input comment="input established related" connection-state=related disabled=no
add action=accept chain=input comment="" disabled=no protocol=udp
add action=accept chain=input comment="" disabled=no protocol=icmp
add action=drop chain=input comment="" connection-state=invalid disabled=no in-interface=Public
add action=drop chain=forward comment="Drop Suspect Spam" disabled=no dst-port=25 protocol=tcp src-address-list=suspectspambot
add action=add-src-to-address-list address-list=suspectspambot address-list-timeout=1d chain=forward comment="Add to suspect list" connection-limit=10,32 \
content=suspectspambot disabled=no dst-port=25 protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=80,443 protocol=tcp to-addresses=192.168.88.1 to-ports=8080
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=119.252.164.250 dst-port=1234 protocol=tcp to-addresses=192.168.88.77 to-ports=1234
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=119.252.164.250 dst-port=3051-3055 protocol=tcp to-addresses=119.252.164.251 to-ports=\
3051-3055
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=119.252.164.250 dst-port=3056 protocol=tcp to-addresses=192.168.88.88 to-ports=3056
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=119.252.164.250 dst-port=389,1503,1718,1719,1720,1731 protocol=udp to-addresses=\
192.168.88.77 to-ports=1234
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=119.252.164.250 dst-port=389,1503,1718,1719,1720,1731 protocol=tcp to-addresses=\
192.168.88.77 to-ports=1234
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Local
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Public src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Public src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Public src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Public
add action=redirect chain=dstnat comment="Permission Please to Mr. Andeep" disabled=no dst-port=80 protocol=tcp to-ports=3128
add action=redirect chain=dstnat comment="Permission Please to Mr. Andeep" disabled=no dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat comment="" disabled=no dst-address=192.168.88.0/24 out-interface=Public
add action=masquerade chain=srcnat comment="" disabled=no dst-address=192.168.1.0/24 out-interface=Public
add action=masquerade chain=srcnat comment="" disabled=no dst-address=192.168.2.0/24 out-interface=Public
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061,3056,1234
set pptp disabled=no ports=1234
Last edited by gundam; 27-12-2012 at 11:24.
jum'at kemarin tiba2 mikrotik saya mati total, dan setelah di cek adaptornya mati dan mencoba pake adaptor lain (punya router wifi) mau hidup dan sampai sekarang blm ada masalah tidak mau internetan/browsing lagi. apakah itu bisa berpengaruh?
update lagi, ternyata bermasalah lagi T_T
need suggestion before gw "lem biru" ni mikrotik
muanteb para suhu nih
update lagi nih (ntah di baca apa tidak ama suhu2 di sini)
bila saat tidak bisa browsing, kita bisa buka website yang pake "https", jadi yang "http" tidak bisa.
saya cek web proxy, firewall, nat, dll itu tidak ada yang block http atau port 80
mudah2an para suhu ada masukan buat saya
saran,
- coba konek ke internet tanpa mikrotik (bisa colok langsung ke PC atau cari router lain NON mikrotik), lancar gak? kalau lancar berarti ada masalah di mikrotik atau settingan mikrotiknya
- coba backup mikrotik yang sekarang, reset mikrotik, setting dari awal, tanpa rule apapun, selain setting mikrotik sebagai gateway, ga perlu layer7 dulu. yang penting klient bisa ping ke url
itu aja dulu.
There are currently 1 users browsing this thread. (0 members and 1 guests)