Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Status
    Offline
    freddy's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question Block client from website and allow email

    Salam kenal,
    Saya baru gabung, mau tanya soal gimana caranya microtik biar bisa ngeblok sebagian client biar ngga bisa browsing, tapi bisa terima dan kirim email via pop3 dan smtp. Mohon pencerahannya ya, soalnya saya awam banget ama yang namanya microtik. Pengen belajar. Ma kasih atas bantuan semuanya. Click here to enlarge

  2. #2
    Status
    Offline
    freddy's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Sorry, kirain pertanyaan ini belum dimuat, mohon maaf sebesar-besarnya.
    Maklum cupu.
    Jadi dihapus aja ya thread ini, soalnya sama ama yang diatas.

    Click here to enlarge Jadi malu.

  3. #3
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Port 80 di tutup atau d drop aja, kemudian port email dan atau YM dibuka Click here to enlarge

  4. #4
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Akangage Click here to enlarge
    Port 80 di tutup atau d drop aja, kemudian port email dan atau YM dibuka Click here to enlarge
    wah...tumben ni akang agak lebih wise sama newbie yang model begini. Click here to enlarge

    mayan +1

    Diam itu Emas bicara baik dan benar Itu Berlian Click here to enlarge

  5. #5
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    he..he... lagi BeTe kmrn makanya Akang kasih petunjuk Click here to enlarge kalo masih g bisa juga males dah nanggepin, simple e poll, masa udah pake MikroTik ga mau baca manual Click here to enlarge

  6. #6
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Akangage Click here to enlarge
    he..he... lagi BeTe kmrn makanya Akang kasih petunjuk Click here to enlarge kalo masih g bisa juga males dah nanggepin, simple e poll, masa udah pake MikroTik ga mau baca manual Click here to enlarge
    tu buat newbie da ada clue dari akang kalau nanya kaya begini lagi, nunggu pas akang lagi bete aja, pasti d jawab de.Click here to enlarge


    Click here to enlarge

  7. #7
    Status
    Offline
    freddy's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Sorry para akang master,

    Saya sudah coba pake perintah

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=80 action=drop comment="" disabled=no

    Koq masih bisa buka website ya?.

    Trus kalo pake saringan buat pop3 dan smtp, yang lain di drop pake perintah

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=25 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=110 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=995 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=587 action=accept comment="" disabled=no

    Malah e-mailnya keblokir juga, ngga bisa kirim, ngga bisa masuk.
    Tolong masukkannya ya.

    Terima kasih. Click here to enlarge

  8. #8
    Status
    Offline
    adeldian's Avatar
    Member Senior
    Join Date
    Nov 2007
    Posts
    411
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    coba cahinnya diganti input
    terima kasih

  9. #9
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pada prinsipnya gw sama dengan di atas. chain nya di ganti input

    bedanya di atas cahin kalau gw chain Click here to enlarge

  10. #10
    Status
    Offline
    freddy's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adeldian Click here to enlarge
    coba cahinnya diganti input
    terima kasih
    Kang, udah diganti input sama aja masih bisa lolos

    Ini line perintah sebelum diganti ama input yang ada di microtik saya.

    [it_car@Caturindo] > ip firewall filter print
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Block Access dari luar
    chain=input in-interface=Internet action=drop
    1 chain=input src-address=202.154.42.224/27 action=accept
    2 ;;; Protect RouterOS
    chain=input connection-state=invalid action=drop
    3 chain=input connection-state=established action=accept
    4 chain=input protocol=udp action=accept
    5 chain=input protocol=icmp action=accept
    6 ;;; Allow Access to Router from Known Network
    chain=input src-address=192.168.0.0/24 action=accept
    7 chain=input action=drop
    8 ;;; Protecting Customer's Network
    chain=forward protocol=tcp connection-state=invalid action=drop
    9 chain=forward connection-state=established action=accept
    10 chain=forward connection-state=related action=accept
    11 ;;; Block IP Addresses called "bogons"
    chain=forward src-address=0.0.0.0/8 action=drop
    12 chain=forward dst-address=0.0.0.0/8 action=drop
    13 chain=forward src-address=127.0.0.0/8 action=drop
    14 chain=forward dst-address=127.0.0.0/8 action=drop
    15 chain=forward src-address=224.0.0.0/3 action=drop
    16 chain=forward dst-address=224.0.0.0/3 action=drop
    17 ;;; Jump to new chains
    chain=forward protocol=tcp action=jump jump-target=tcp
    18 chain=forward protocol=udp action=jump jump-target=udp
    19 chain=forward protocol=icmp action=jump jump-target=icmp
    20 ;;; Deny TFTP
    chain=tcp protocol=tcp dst-port=69 action=drop
    21 chain=udp protocol=udp dst-port=69 action=drop
    22 ;;; Deny RPC PortMapper
    chain=tcp protocol=tcp dst-port=111 action=drop
    23 chain=udp protocol=udp dst-port=111 action=drop
    24 ;;; Deny RPC PortMapper and NBT
    chain=tcp protocol=tcp dst-port=135-139 action=drop
    25 chain=udp protocol=udp dst-port=135-139 action=drop
    26 ;;; Deny Cifs
    chain=tcp protocol=tcp dst-port=445 action=drop
    27 chain=udp protocol=udp dst-port=445 action=drop
    28 ;;; Deny NFS
    chain=tcp protocol=tcp dst-port=2049 action=drop
    29 chain=udp protocol=udp dst-port=2049 action=drop
    30 ;;; Deny BackOriffice
    chain=tcp protocol=tcp dst-port=3133 action=drop
    31 chain=udp protocol=udp dst-port=3133 action=drop
    32 ;;; Deny NetBus
    chain=tcp protocol=tcp dst-port=12345-12346 action=drop
    33 chain=tcp protocol=tcp dst-port=20034 action=drop
    34 ;;; Deny DHCP
    chain=tcp protocol=tcp dst-port=67-68 action=drop
    35 ;;; Allow only needed icmp codes in icmp chain
    chain=icmp protocol=icmp icmp-options=0:0 action=accept
    36 chain=icmp protocol=icmp icmp-options=3:0 action=accept
    37 chain=forward src-address=192.168.0.0/24 protocol=80 action=drop
    38 chain=icmp protocol=icmp icmp-options=3:1 action=accept
    39 chain=icmp protocol=icmp icmp-options=4:0 action=accept
    40 chain=icmp protocol=icmp icmp-options=8:0 action=accept
    41 chain=icmp protocol=icmp icmp-options=11:0 action=accept
    42 chain=icmp protocol=icmp icmp-options=12:0 action=accept
    43 chain=icmp action=drop
    44 chain=forward src-address=192.168.0.1 action=accept (Ini router perlu ngga line ini ya)
    45 chain=forward src-address=192.168.0.50 action=accept
    46 chain=forward src-address=192.168.0.101 action=accept
    47 chain=forward src-address=192.168.0.102 action=accept
    48 chain=forward src-address=192.168.0.151 action=accept
    49 chain=tcp src-address=192.168.0.152 protocol=tcp dst-port=80 action=drop
    50 chain=tcp src-address=192.168.0.152 action=accept
    51 chain=forward src-address=192.168.0.0/24 action=drop

    Coba tolong periksa, kang. Takut ada yang salah.
    Mohon koreksinya ya.
    Info: IPnya saya pake IP static.

    Ma kasih banget atas pelajarannya ya. Click here to enlarge

  11. #11
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by freddy Click here to enlarge
    Sorry para akang master,

    Saya sudah coba pake perintah

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=80 action=drop comment="" disabled=no

    Koq masih bisa buka website ya?.

    Trus kalo pake saringan buat pop3 dan smtp, yang lain di drop pake perintah

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=25 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=110 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=995 action=accept comment="" disabled=no

    ip firewall filter> add chain=forward src-address=192.168.0.131 protocol=tcp Dst. port=587 action=accept comment="" disabled=no

    Malah e-mailnya keblokir juga, ngga bisa kirim, ngga bisa masuk.
    Tolong masukkannya ya.

    Terima kasih. Click here to enlarge
    itu nyobanya apa betul dari client 192.168.0.131 ??
    bisa ditambahin in-interface=local
    harusnya udah bisa ngeblok tuh untuk browsing.

    salah satu cara perintah di atas tidak bekerja adalah... Apakah anda memakai WEB-PROXY ??? kalo ya.. coba di matikan dulu web-proxynya. trus tes masih bisa jalan ndak.

    mengenai email terblok, coba urutan perintahnya di balik. untuk blok port 80 taruh paling di bawah perintah2 untuk email.

    moga berhasil.. Click here to enlarge
    Last edited by felix_sg; 13-08-2008 at 02:02. Reason: nambahin in-interface

  12. #12
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by freddy Click here to enlarge
    Kang, udah diganti input sama aja masih bisa lolos

    Ini line perintah sebelum diganti ama input yang ada di microtik saya.

    [it_car@Caturindo] > ip firewall filter print
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Block Access dari luar
    chain=input in-interface=Internet action=drop
    1 chain=input src-address=202.154.42.224/27 action=accept
    2 ;;; Protect RouterOS
    chain=input connection-state=invalid action=drop
    3 chain=input connection-state=established action=accept
    4 chain=input protocol=udp action=accept
    5 chain=input protocol=icmp action=accept
    6 ;;; Allow Access to Router from Known Network
    chain=input src-address=192.168.0.0/24 action=accept
    7 chain=input action=drop
    8 ;;; Protecting Customer's Network
    chain=forward protocol=tcp connection-state=invalid action=drop
    9 chain=forward connection-state=established action=accept
    10 chain=forward connection-state=related action=accept
    11 ;;; Block IP Addresses called "bogons"
    chain=forward src-address=0.0.0.0/8 action=drop
    12 chain=forward dst-address=0.0.0.0/8 action=drop
    13 chain=forward src-address=127.0.0.0/8 action=drop
    14 chain=forward dst-address=127.0.0.0/8 action=drop
    15 chain=forward src-address=224.0.0.0/3 action=drop
    16 chain=forward dst-address=224.0.0.0/3 action=drop
    17 ;;; Jump to new chains
    chain=forward protocol=tcp action=jump jump-target=tcp
    18 chain=forward protocol=udp action=jump jump-target=udp
    19 chain=forward protocol=icmp action=jump jump-target=icmp
    20 ;;; Deny TFTP
    chain=tcp protocol=tcp dst-port=69 action=drop
    21 chain=udp protocol=udp dst-port=69 action=drop
    22 ;;; Deny RPC PortMapper
    chain=tcp protocol=tcp dst-port=111 action=drop
    23 chain=udp protocol=udp dst-port=111 action=drop
    24 ;;; Deny RPC PortMapper and NBT
    chain=tcp protocol=tcp dst-port=135-139 action=drop
    25 chain=udp protocol=udp dst-port=135-139 action=drop
    26 ;;; Deny Cifs
    chain=tcp protocol=tcp dst-port=445 action=drop
    27 chain=udp protocol=udp dst-port=445 action=drop
    28 ;;; Deny NFS
    chain=tcp protocol=tcp dst-port=2049 action=drop
    29 chain=udp protocol=udp dst-port=2049 action=drop
    30 ;;; Deny BackOriffice
    chain=tcp protocol=tcp dst-port=3133 action=drop
    31 chain=udp protocol=udp dst-port=3133 action=drop
    32 ;;; Deny NetBus
    chain=tcp protocol=tcp dst-port=12345-12346 action=drop
    33 chain=tcp protocol=tcp dst-port=20034 action=drop
    34 ;;; Deny DHCP
    chain=tcp protocol=tcp dst-port=67-68 action=drop
    35 ;;; Allow only needed icmp codes in icmp chain
    chain=icmp protocol=icmp icmp-options=0:0 action=accept
    36 chain=icmp protocol=icmp icmp-options=3:0 action=accept
    37 chain=forward src-address=192.168.0.0/24 protocol=80 action=drop
    38 chain=icmp protocol=icmp icmp-options=3:1 action=accept
    39 chain=icmp protocol=icmp icmp-options=4:0 action=accept
    40 chain=icmp protocol=icmp icmp-options=8:0 action=accept
    41 chain=icmp protocol=icmp icmp-options=11:0 action=accept
    42 chain=icmp protocol=icmp icmp-options=12:0 action=accept
    43 chain=icmp action=drop
    44 chain=forward src-address=192.168.0.1 action=accept (Ini router perlu ngga line ini ya)
    45 chain=forward src-address=192.168.0.50 action=accept
    46 chain=forward src-address=192.168.0.101 action=accept
    47 chain=forward src-address=192.168.0.102 action=accept
    48 chain=forward src-address=192.168.0.151 action=accept
    49 chain=tcp src-address=192.168.0.152 protocol=tcp dst-port=80 action=drop
    50 chain=tcp src-address=192.168.0.152 action=accept
    51 chain=forward src-address=192.168.0.0/24 action=drop

    Coba tolong periksa, kang. Takut ada yang salah.
    Mohon koreksinya ya.
    Info: IPnya saya pake IP static.

    Ma kasih banget atas pelajarannya ya. Click here to enlarge
    itu perintah ke 51 nya ndak salah ya. malah bisa terblok semua tuh... Click here to enlarge

    coba rule 51 di tambahin ! di src-address.
    jadi seperti ini :

    chain=forward in-interface=local src-address=!192.168.0.0/24 action=drop

    terjawab udah kenapa email kok dan terblok, dan kemungkinan memang browsing masi bisa jalan karena web-proxy.

    Click here to enlarge

  13. The Following User Says Thank You to felix_sg For This Useful Post:

    hys

  14. #13
    Status
    Offline
    freddy's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by felix_sg Click here to enlarge
    itu nyobanya apa betul dari client 192.168.0.131 ??
    bisa ditambahin in-interface=local
    harusnya udah bisa ngeblok tuh untuk browsing.

    salah satu cara perintah di atas tidak bekerja adalah... Apakah anda memakai WEB-PROXY ??? kalo ya.. coba di matikan dulu web-proxynya. trus tes masih bisa jalan ndak.

    mengenai email terblok, coba urutan perintahnya di balik. untuk blok port 80 taruh paling di bawah perintah2 untuk email.

    moga berhasil.. Click here to enlarge
    Ma kasih ya mas.
    Jika webproxynya dan firewall natnya dimatikan memang bisa ngeblok.
    Tapi jadinya semuanya tidak lewat web proxy dong (new problem).
    Bisa ngga ya kalau web proxynya tetap aktif, tapi client yang satu ini keblok ngga bisa browsing.

    Ini line perintah web proxy dan nat saya.

    [it_car@Caturindo] > ip we access print
    Flags: X - disabled, I - invalid
    0 X src-address=192.168.0.0/24 action=allow

    1 src-address=202.154.42.224/27 action=allow

    2 ;;; block telnet & spam e-mail relaying
    dst-port=23-25 action=deny

    3 action=deny
    [it_car@Caturindo] > ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 X chain=dstnat in-interface=LAN src-address=192.168.0.0/24 protocol=tcp
    dst-port=80 action=redirect to-ports=8080

    1 chain=srcnat out-interface=Internet src-address=192.168.0.0/24
    action=masquerade

    2 X chain=srcnat src-address=192.168.0.0/24 action=src-nat
    to-addresses=202.154.40.196 to-ports=0-65535
    :

  15. #14
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gampang..

    tinggal masuk ke firewall filter

    add chain=output dst-address=192.168.0.131 protocol=tcp out-interface=local dst-port=80 action=drop

    rule taruh paling atas.
    jadi untuk ip 192.168.0.131, cuma browsingnya yang di blok, yang lainnya bebas. dan web-proxy tetap jalan Click here to enlarge

    jangan lupa perhatiin rule no 51 nya..
    Last edited by felix_sg; 16-08-2008 at 19:52. Reason: protocol

  16. #15
    Status
    Offline
    kuraikun's Avatar
    Newbie
    Join Date
    Oct 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by felix_sg Click here to enlarge
    gampang..

    tinggal masuk ke firewall filter

    add chain=output dst-address=192.168.0.131 protocol=tcp out-interface=local dst-port=80 action=drop

    rule taruh paling atas.
    jadi untuk ip 192.168.0.131, cuma browsingnya yang di blok, yang lainnya bebas. dan web-proxy tetap jalan Click here to enlarge

    jangan lupa perhatiin rule no 51 nya..
    masih ga bisa juga ni KK. kebetulan saya juga sama pake web proxy, saran kk felix tetep aja ga bisa.
    mohon pencerahannya....Click here to enlargeClick here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. script send email bila salah satu gateway down
    By bimo2700mf in forum Scripting @ Mikrotik
    Replies: 4
    Last Post: 13-03-2013, 16:22
  2. [ask] blok website porno
    By sone in forum Scripting @ Mikrotik
    Replies: 60
    Last Post: 19-08-2011, 11:32
  3. 2 koneksi untuk email dan internet
    By ej07 in forum Beginner Basics
    Replies: 3
    Last Post: 13-08-2008, 02:28
  4. <ask>direct website tertentu</ask>
    By zvtral in forum General Networking
    Replies: 3
    Last Post: 02-08-2008, 19:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •