Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 13 of 13
  1. #1
    Status
    Offline
    mc lod's Avatar
    Baru Gabung
    Join Date
    Sep 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question Aneh..Mikrotik Firewall trouble(bocor).Tolong

    Ada yang aneh nich dgn mikrotikku Click here to enlarge begini, ip lokal kok masih bisa browsing ya,padahal di firewall filter rules mikrotiknya udah ak blok ip nya.
    Code:
    [admin@IIX Router] ip firewall address-list> print
    Flags: X - disabled, D - dynamic 
     #   LIST       ADDRESS                        
     0   UnusedIP   192.168.100.3                  
     1   UnusedIP   192.168.100.4      
    
    [admin@IIX Router] ip firewall filter> print
    Flags: X - disabled, I - invalid, D - dynamic 
    ;;; UnusedIP
     0   chain=forward src-address-list=UnusedIP action=drop 
     1   chain=forward dst-address-list=UnusedIP action=drop
    trus ak coba blok langsung no ipnya juga sama,jadi ini kyk bocor gitu. Mohon pencerahannya dan terima kasih

  2. #2
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Konfigurasinya gimana ? apakah pakai proxy ? apa aja yang dipake ? nggak jelas banget deh soalnya.

  3. #3
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Entu kok, udah src ada dst segala? maksudnya di bloknya mau begimana?

  4. #4
    Status
    Offline
    mc lod's Avatar
    Baru Gabung
    Join Date
    Sep 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    begini. ini tidak pake Proxy, UnusedIP diatas itu adalah label yang aku berikan dari IP lokal untuk tidak bisa browsing(ter blok).eh.. ternyata masih ada yg bisa browsing,tp tidak semua.sejauh ini baru 4 ip lokal yg terdeteksi dari +- 100 user. jadi memang ada ip yg ak kasi UnusedIP memang tidak bisa browsing.maka dari itu ak bilang ini kyk bocor gitu. bagaimana?
    Last edited by mc lod; 14-09-2008 at 12:11.

  5. #5
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    1x lg entu ada dst-address buat apa? mau di bikin bolak balik sesama Unused IP ga bisa komunikasi luar dalem?

  6. #6
    Status
    Offline
    mc lod's Avatar
    Baru Gabung
    Join Date
    Sep 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kemaren itu ak coba2 aja,harapannya sih sukses tapi gak ngaruh tuh.. ada ide?

  7. #7
    Status
    Offline
    septiadi's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    69
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    di taruh di src address list nya NAT aja

  8. #8
    Status
    Offline
    mc lod's Avatar
    Baru Gabung
    Join Date
    Sep 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by septiadi Click here to enlarge
    di taruh di src address list nya NAT aja
    konfigurasi nya gimana? plisss....Click here to enlarge

  9. #9
    Status
    Offline
    ponywaterhouse's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,507
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bikin aja address list yg baru..
    ip yg boleh internet, itu yg di masqurade..

    banyak yg pake metode ini, daripada blok ip satu persatu..

  10. #10
    Status
    Offline
    mc lod's Avatar
    Baru Gabung
    Join Date
    Sep 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ponywaterhouse Click here to enlarge
    bikin aja address list yg baru..
    ip yg boleh internet, itu yg di masqurade..
    Apakah seperti ini konfig nya, mohon di koreksi klo salah

    Code:
    [admin@Router] ip firewall nat> print 
    Flags: X - disabled, I - invalid, D - dynamic 
     
      0   chain=srcnat src-address-list=UnusedIP action=masquerade
    teng kyu

  11. #11
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ganti pake subnet /30 aja. beres. Click here to enlarge

  12. #12
    Status
    Offline
    ponywaterhouse's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,507
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mc lod Click here to enlarge
    Apakah seperti ini konfig nya, mohon di koreksi klo salah

    Code:
    [admin@Router] ip firewall nat> print 
    Flags: X - disabled, I - invalid, D - dynamic 
     
      0   chain=srcnat src-address-list=UnusedIP action=masquerade
    teng kyu
    jangan unused ip.. tapi ip yg boleh internet yg di masquarade..

    ato
    Code:
    [admin@Router] ip firewall nat> print 
    Flags: X - disabled, I - invalid, D - dynamic 
     
      0   chain=srcnat src-address-list=!UnusedIP action=masquerade

  13. #13
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    kalo saya selama ini menggunakan ini untuk memblok ip yang tidak terpakai :

    1 ;;; ---------- Drop IP yang tidak Terpakai ----------
    chain=forward action=drop src-address=192.168.0.38-192.168.0.98

    2 chain=forward action=drop dst-address=192.168.0.38-192.168.0.98

    3 chain=forward action=drop src-address=192.168.0.100-192.168.0.254

    4 chain=forward action=drop dst-address=192.168.0.100-192.168.0.254

 

 

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Replies: 35
    Last Post: 24-06-2014, 16:05
  2. Mikrotik Trouble pake WinArpAttacker 3.50
    By kodokhack in forum Beginner Basics
    Replies: 6
    Last Post: 15-06-2010, 23:07
  3. Menu Mikrotik di Winbox aneh
    By rgiapratama in forum Beginner Basics
    Replies: 7
    Last Post: 11-09-2008, 22:39
  4. Default policy firewall di mikrotik
    By awarmanf in forum General Networking
    Replies: 4
    Last Post: 21-06-2008, 09:05
  5. Tanya Firewall di Mikrotik
    By indrasakti in forum Beginner Basics
    Replies: 1
    Last Post: 19-12-2007, 19:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •