Ini gan konfigurasi ane...
/ip addr pr
[admin@MikroTik] > ip addr
pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.10.1/26 192.168.10.0 ether3-Switch Lt.1
1 192.168.20.1/26 192.168.20.0 ether4-Switch Lt.2
2 192.168.1.10/30 192.168.1.8 ether1-Billion
3 192.168.30.1/27 192.168.30.0 ether5-Lan
4 192.168.2.10/30 192.168.2.8 ether2-ZTE
5 D 36.70.69.191/32 36.70.64.1 pppoe-out1
6 D 125.161.208.243/32 125.161.208.1 pppoe-out2
ip fi nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; NAT Speedy ( Masquerade)
chain=srcnat action=masquerade src-address=192.168.10.0/26
out-interface=pppoe-out1
1 X ;;; Rule Redirect / Block keyword
chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
2 ;;; NAT Speedy ZTE Modem
chain=srcnat action=masquerade src-address=192.168.20.0/26
out-interface=pppoe-out2
3 X ;;; masquerade Switch1
chain=srcnat action=masquerade to-addresses=192.168.20.0/26
src-address-type="" out-interface=ether3-Switch Lt.1
4 X ;;; Masquerade Switch2
chain=srcnat action=masquerade out-interface=ether4-Switch Lt.2
ip fi fi pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; Block keyword web
chain=forward action=reject reject-with=icmp-admin-prohibited
out-interface=ether1-Billion content=www.kaskus.co.id.*
1 X ;;; drop ftp brute forcers
chain=input action=drop protocol=tcp src-address-list=ftp_blacklist
dst-port=21
2 X chain=output action=accept protocol=tcp content=530 Login incorrect
limit=1/1m,5 dst-limit=1/1m,5,dst-address/1m40s
3 X chain=output action=add-dst-to-address-list protocol=tcp
address-list=ftp_blacklist address-list-timeout=3h
content=530 Login incorrect
4 X ;;; drop ssh brute forcers
chain=input action=drop protocol=tcp src-address-list=ssh_blacklist
dst-port=22
5 X chain=input action=add-src-to-address-list connection-state=new protocol=tc>
src-address-list=ssh_stage3 address-list=ssh_blacklist
address-list-timeout=1w3d dst-port=22
6 X chain=input action=add-src-to-address-list connection-state=new protocol=tc>
src-address-list=ssh_stage2 address-list=ssh_stage3
address-list-timeout=1m dst-port=22
7 X chain=input action=add-src-to-address-list connection-state=new protocol=tc>
src-address-list=ssh_stage1 address-list=ssh_stage2
address-list-timeout=1m dst-port=22
8 X chain=input action=add-src-to-address-list connection-state=new protocol=tc>
address-list=ssh_stage1 address-list-timeout=1m dst-port=22
9 X ;;; drop ssh brute downstream
chain=forward action=drop protocol=tcp src-address-list=ssh_blacklist
dst-port=22
10 X ;;; Block IP ssh yg masuk
chain=input action=drop src-address=221.120.224.179
11 X chain=input action=drop src-address=221.238.40.138
12 X ;;; torrentsites
chain=forward action=drop src-address=192.168.10.0/26
layer7-protocol=torrentsites in-interface=ether3-Switch Lt.1
13 X ;;; dropDNS
chain=forward action=drop protocol=udp src-address=192.168.10.0/26
layer7-protocol=torrentsites in-interface=ether3-Switch Lt.1 dst-port=53
/ip fi ma
/ip firewall mangle>
pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=GroupA passthrough=no
src-address=192.168.10.0/26
1 chain=prerouting action=mark-routing new-routing-mark=GroupB passthrough=no
src-address=192.168.20.0/26
2 X ;;; Switch Lt.1
chain=forward action=accept src-address=192.168.10.0/26
dst-address=192.168.20.0/26
3 X ;;; Switch Lt.2
chain=forward action=accept src-address=192.168.20.0/26
dst-address=192.168.10.0/26
4 X chain=forward action=accept in-interface=ether3-Switch Lt.1
5 X chain=forward action=accept out-interface=ether4-Switch Lt.2
6 X chain=forward action=accept in-interface=ether4-Switch Lt.2
7 X chain=forward action=accept out-interface=ether3-Switch Lt.1
/ip route
/ip route>
pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 pppoe-out1 1
1 A S 0.0.0.0/0 pppoe-out2 1
2 ADS 0.0.0.0/0 36.70.64.1 1
3 DS 0.0.0.0/0 125.161.208.1 1
4 X S 0.0.0.0/0 ether2-ZTE 1
5 X S 0.0.0.0/0 ether1-Billion 1
6 ADC 36.70.64.1/32 36.70.69.191 pppoe-out1 0
7 ADC 125.161.208.1/32 125.161.208.243 pppoe-out2 0
8 ADC 192.168.1.8/30 192.168.1.10 ether1-Billion 0
9 ADC 192.168.2.8/30 192.168.2.10 ether2-ZTE 0
10 ADC 192.168.10.0/26 192.168.10.1 ether3-Switch Lt.1 0
11 ADC 192.168.20.0/26 192.168.20.1 ether4-Switch Lt.2 0
12 ADC 192.168.30.0/27 192.168.30.1 ether5-Lan 0
Fitur Hotspot ga aktif gan..