Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    ask: ping dan traceroute mt ok, ipcop gagal

    Para guru, nanya nih, dah bingung wa...

    Insfrastrukturnya kayak begini :

    inet ----- MT --- client
    ~~~~~~ +
    ~~~~~~ +--- IPCOP

    ngikutin tutor bro adeldian ...

    kalo ping dari client, MT, IPCop bolak balik maupun keluar network misal yahoo dan google dah OK semua.

    hasil traceroute kalo dari MT ama client OK, tapi kalo dari IPCop gak mau
    cuman sampe IP LAN nya MT ajah ....

    Apalagi mau browsing ... gak bisa sama sekali....

    dah pusyiinkkk ... gimana ya ...

    IPCop:
    G: 192.168.3.2
    R: 192.168.3.3
    GW+DNS 1 n 2: 192.168.3.1

    MT:
    LAN: 192.168.5.1
    WAN: 192.168.1.110
    Proxy: 192.168.3.1
    DNS: 192.168.1.200

    Client:
    IP: 192.168.5.x
    GW+DNS: 192.168.5.1

    confignya:
    ip address add address=192.168.5.1 netmask=255.255.0.0 interface=Local comment="IP LAN"
    ip address add address=192.168.3.1 netmask=255.255.0.0 interface=Proxy comment="IPCop Proxy"
    ip address add address=192.168.1.110 netmask=255.255.0.0 interface=Public comment="IP Internet"

    ip route add dst-address=0.0.0.0/0 gateway=192.168.1.200 scope=255 target-scope=10 comment="MT Gateway Netscreen" disabled=no
    ip dns set primary-dns=192.168.1.200 secondary-dns=192.168.1.2 allow-remote-requests=yes cache-size=2048Kib cache-max-ttl=1w

    ip firewall nat add chain=dstnat protocol=tcp dst-port=81 action=dst-nat to-addresses=192.168.3.2 to-ports=81 comment="IPCop"
    ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.2 to-ports=445 comment="Https IPCop"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=80 action=dst-nat to-addresses=192.168.3.2 to-ports=878 comment="Proxy subnet"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=443 action=dst-nat to-addresses=192.168.3.2 to-ports=878
    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade
    ip firewall nat add chain=srcnat out-interface=Public action=masquerade

    ip firewall mangle add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes
    ip firewall mangle add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no
    ip firewall mangle add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes
    ip firewall mangle add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no
    ip firewall mangle add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no
    ip firewall mangle add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no

    queue simple add name="IPCop" packet-mark=ipcop-pkt
    queue simple add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
    queue simple add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=512000/2048000 total-queue=default-small
    queue simple add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total=queue=default-small
    queue simple add name="The_other_port_queue" target-adresses=192.168.3.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-smal/default-small limit-at=5000/5000 max-limit=50000/50000 total-queue=default-small
    queue simple add name="Another_Port" target-addresses=192.168.5.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/2048000 total-queue=default-small
    -----------

    Apa nya lagi yang kuraanng atau salah .... Click here to enlargeClick here to enlarge

    Tengkiu Guru sebelumnya dah abok

  2. #2
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    coba bantu dikit..... :D

    coba periksa yg ini :
    Code:
    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade
    tambahin: out-interface=public
    (sesuaikan syntaknya ya....saya gak begitu hapal ...Click here to enlarge)

    semoga membantu

  3. #3
    Status
    Offline
    geonet_comp's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    527
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ManzTiara Click here to enlarge
    Para guru, nanya nih, dah bingung wa...

    Insfrastrukturnya kayak begini :

    inet ----- MT --- client
    ~~~~~~ +
    ~~~~~~ +--- IPCOP

    ngikutin tutor bro adeldian ...

    kalo ping dari client, MT, IPCop bolak balik maupun keluar network misal yahoo dan google dah OK semua.

    hasil traceroute kalo dari MT ama client OK, tapi kalo dari IPCop gak mau
    cuman sampe IP LAN nya MT ajah ....

    Apalagi mau browsing ... gak bisa sama sekali....

    dah pusyiinkkk ... gimana ya ...

    IPCop:
    G: 192.168.3.2
    R: 192.168.3.3
    GW+DNS 1 n 2: 192.168.3.1

    MT:
    LAN: 192.168.5.1
    WAN: 192.168.1.110
    Proxy: 192.168.3.1
    DNS: 192.168.1.200

    Client:
    IP: 192.168.5.x
    GW+DNS: 192.168.5.1

    confignya:
    ip address add address=192.168.5.1 netmask=255.255.0.0 interface=Local comment="IP LAN"
    ip address add address=192.168.3.1 netmask=255.255.0.0 interface=Proxy comment="IPCop Proxy"
    ip address add address=192.168.1.110 netmask=255.255.0.0 interface=Public comment="IP Internet"

    ip route add dst-address=0.0.0.0/0 gateway=192.168.1.200 scope=255 target-scope=10 comment="MT Gateway Netscreen" disabled=no
    ip dns set primary-dns=192.168.1.200 secondary-dns=192.168.1.2 allow-remote-requests=yes cache-size=2048Kib cache-max-ttl=1w

    ip firewall nat add chain=dstnat protocol=tcp dst-port=81 action=dst-nat to-addresses=192.168.3.2 to-ports=81 comment="IPCop"
    ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.2 to-ports=445 comment="Https IPCop"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=80 action=dst-nat to-addresses=192.168.3.2 to-ports=878 comment="Proxy subnet"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=443 action=dst-nat to-addresses=192.168.3.2 to-ports=878
    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade
    ip firewall nat add chain=srcnat out-interface=Public action=masquerade

    ip firewall mangle add chain=forward content="X-Cache: HIT" action=mark-connection new-connection-mark=squid_con passthrough=yes
    ip firewall mangle add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no
    ip firewall mangle add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes
    ip firewall mangle add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no
    ip firewall mangle add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no
    ip firewall mangle add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no

    queue simple add name="IPCop" packet-mark=ipcop-pkt
    queue simple add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
    queue simple add name="Main_Link" dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=512000/2048000 total-queue=default-small
    queue simple add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total=queue=default-small
    queue simple add name="The_other_port_queue" target-adresses=192.168.3.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-smal/default-small limit-at=5000/5000 max-limit=50000/50000 total-queue=default-small
    queue simple add name="Another_Port" target-addresses=192.168.5.0/24 dst-address=0.0.0.0/0 interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/2048000 total-queue=default-small
    -----------

    Apa nya lagi yang kuraanng atau salah .... Click here to enlargeClick here to enlarge

    Tengkiu Guru sebelumnya dah abok
    subnetmasknya kok ada yang /16 ada yang /24 ye? apa gak mubazir tuh? dan yang pasti kalo seperti diatas itu pasti ngaco tha, kalo emang kelas /16 kan kita gak bisa pake pake 192.168.3.1 sama 192.168.5.1 karena itu kan masih subnet logikanya? routernya bisa uring2an tuh bro Click here to enlarge ini nih yang ta maksud :
    confignya:
    ip address add address=192.168.5.1 netmask=255.255.0.0 interface=Local comment="IP LAN"
    ip address add address=192.168.3.1 netmask=255.255.0.0 interface=Proxy comment="IPCop Proxy"
    ip address add address=192.168.1.110 netmask=255.255.0.0 interface=Public comment="IP Internet"

    kalo config seperti diatasnya artinya semua sekelas dong, yah monggo dicoba dulu netmasknya ganti ke 255.255.255.0 atawa /24 toh jadi misah kelas dianya...

    btw untuk masquerade ato src-nat jangan lupa out-interfacenyah seperti om yang diatas bilang Click here to enlarge
    trus yang ini :
    ip firewall nat add chain=srcnat out-interface=Public action=masquerade

    buat apaan? mending specifik source addressnyah ato src-addr-list biar enaken

    yang laen blom liat ruwet banget yah keliatannya Click here to enlarge

    mungkin enaken kalo TS nyampein kemauan apa biar enaken temen2 disini ngasih idenya gak semrawut baca duluan gituh.

    Kalo emang cuman mau pake 3 interface kaya yang ditanya diatas yah nat ajah yang di paste jangan mangle segala apalagi sampe queue nya kan jadi puyenk liatnya...
    Last edited by geonet_comp; 18-12-2008 at 16:37.

  4. #4
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mungkin enaken kalo TS nyampein kemauan apa biar enaken temen2 disini ngasih idenya gak semrawut baca duluan gituh.

    Kalo emang cuman mau pake 3 interface kaya yang ditanya diatas yah nat ajah yang di paste jangan mangle segala apalagi sampe queue nya kan jadi puyenk liatnya...
    Duh, bro geonet_comp gualak amattt .... maklum dwonk masih newbie alias cupu pisan ...

    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade out-interface=public
    dari bro sum1ardi dah dicobain, tapi tetep gak mau...

    tracing dari ipcop cuman sampe ke 192.168.3.1 dan selanjutnya cuman * * * *

    @bro geonet_comp ... pengennya sih seperti ini :
    infrastrukturnya :
    inet ----- MT --- client
    ~~~~~~ +
    ~~~~~~ +--- IPCOP

    web proxy saya pengen pake ipcop supaya bisa authenticate user. trus untuk blocking yang lainnya ada di MT.

    untuk IP nya :
    IPCop:
    G: 192.168.3.2
    R: 192.168.3.3
    GW+DNS 1 n 2: 192.168.3.1

    MT:
    LAN: 192.168.5.1
    WAN: 192.168.1.110
    Proxy: 192.168.3.1
    DNS: 192.168.1.200

    Client:
    IP: 192.168.5.x
    GW+DNS: 192.168.5.1

    Nah, nat-nya kan dah tuh diatas ... biar saya post lagi dibawah ini (dah ta' betulin /24):
    ip address add address=192.168.5.1/24 interface=Local comment="IP LAN"
    ip address add address=192.168.3.1/24 interface=Proxy comment="IPCop Proxy"
    ip address add address=192.168.1.110/24 interface=Public comment="IP Internet"

    ip route add dst-address=0.0.0.0/0 gateway=192.168.1.200 scope=255 target-scope=10 comment="MT Gateway Netscreen" disabled=no
    ip dns set primary-dns=192.168.1.200 secondary-dns=192.168.1.2 allow-remote-requests=yes cache-size=2048Kib cache-max-ttl=1w

    ip firewall nat add chain=dstnat protocol=tcp dst-port=81 action=dst-nat to-addresses=192.168.3.2 to-ports=81 comment="IPCop"
    ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.2 to-ports=445 comment="Https IPCop"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=80 action=dst-nat to-addresses=192.168.3.2 to-ports=878 comment="Proxy subnet"
    ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-ports=443 action=dst-nat to-addresses=192.168.3.2 to-ports=878
    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 out-interface=Public action=masquerade

    Nah, sekarang permasalahannya, si IPCop ini seakan akan gak bisa melakukan routing nya, karena kalo pake traceroute yahoo.com dari IPCop cuman sampe IP 192.168.3.1 doank , dan gak mau lanjutt ... begitu ... jadi gak bisa surfing para client ini.

    Begitu masalahnya ... bisa bantu lagi ?

  5. #5
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    netmask di ipcopnya dah bener blum pake :255.255.255.0
    baik untuk green maupun red-nya

    ada baiknya coba semuanya direstart dulu, baik ipcop maupun mikrotiknya...sapa tahu.....
    Last edited by sum14rdi; 18-12-2008 at 17:27. Reason: salah tulis

  6. #6
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Wah, bro sum14rdi ... tetep gak mau traceroute dari ipcopnya ... mentok di 192.168.3.1 .... napa ya Click here to enlarge

    dah di restart juga 2 2 nya ... tetep euy ...

    tapi napa ya kalo ping mau semuanya ???

  7. #7
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    coba tracerote dari ipcop nya jangan www. tapi langsung ip nya misal 202.152.0.2
    jangan jangan dns statik di mikrotiknya belum di set
    sedang di ip cop dns nya mengarah ke mikrotik..
    atau kalau engga set aja dns di ipcop nya pakai dns lain..misalnya 202.134.1.10 ...

    Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  8. #8
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Wah bro lonthong202 ... tetep gak mau, malah jadi gak mau ping sama sekali.
    set dns statik di MT trus reboot ... gak bisa juga ...

    IP Client: 192.168.5.x / 24 apa /16 ? tapi dah di coba /24 dan /16 juga gak bisa. hiks Click here to enlarge

  9. #9
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ip firewall nat add chain=dstnat protocol=tcp dst-port=81 action=dst-nat to-addresses=192.168.3.2 to-ports=81 comment="IPCop"
    ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.168.3.2 to-ports=445 comment="Https IPCop"


    coba kalo perintah di atas di disable dulu. baru test lagi.

    sama mau tanya. itu topologinya. yang ke ipcop melalui satu ethernet, ke klien satu ethernet juga. atau di situ ada switch, sehingga dari mt cuma satu ethernet.

    ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade

    yang ini juga di disable aja. kan udah ada perintah dibawahnya yang srcnat secara global.

  10. #10
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hmm... bro felix_sg .. aku dah cobain seperti itu, tetep gak bisa, seakan akan si IPCop gak bisa baca DNS nya, tapi kalo gak bisa baca aneh juga, soalnya kalo
    ping yahoo.com
    ping codegear.com
    ping google.com
    semuanya okeh, tapi kalo traceroute yahoo.com cuman sampe ip 192.168.3.1 doank kesananya * * * *

    hm.... apa emang dari IPCop gak bisa tracing ?

    trus, sebetulnya yang keluar dari inet itu IP berapa sih ? kalo infrastruktur diatas ?

    IP GREEN IPCop / IP RED ato IP WAN MT / IP LAN MT ?

    trus kalo konfig diatas kan client itu 192.168.5.x/24 nah dimana saya bisa tau si NAT itu bicara ke 192.168.3.x dan si 192.168.3x bicara ke 192.168.1.x ?

    abook aboookkk ... glek Click here to enlarge

  11. #11
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kayaknya ipcop nya yang masalah.

    coba kalo ip copnya di lepas. cukup rule di natnya di disable aja semua, kecuali yang masquerade. liat masi tembus ndak.

    coba dari klien dulu, terus dari ip cop dan dari mikrotik. masing2 test traceroute. hasilnya masing2 gimana?

    kalo emang ipcopnya yang masalah, mesti tanya yang master2 ipcop nih, secara saya belum pernah pake ipcop.

  12. #12
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sudah bisa nih sekarang bro felix_sg ... Click here to enlarge tengkiu

    ternyata daku ada subnet yang salah tulis di ipcop nya, harusnya netmask nya : 255.255.255.0 ini malah 255.255.225.0 ... walaaahhh .. bikin repod nih ...

    Tengkiu tengkiu ku ucapkan tuk semua pihak yang telah buanyak membantu ... Click here to enlarge Click here to enlarge Click here to enlarge

  13. #13
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Bravo......Click here to enlarge
    lain kali hati2 boss....jangan sampe kepala botak karena hal sepele...Click here to enlarge

  14. #14
    Status
    Offline
    ManzTiara's Avatar
    Baru Gabung
    Join Date
    Nov 2008
    Location
    Chille gone
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    butul .... gara gara nih jari salah ketik 255 jadi 225 dikorupsi 30
    wakakakaakakak Click here to enlarge

  15. #15
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    selamat dah... experience is the best teacher. Click here to enlargeClick here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. mikrotik digandeng dengan ipcop
    By lc4523 in forum General Networking
    Replies: 22
    Last Post: 15-10-2013, 22:26
  2. (ask) ipcop
    By farelio in forum Beginner Basics
    Replies: 4
    Last Post: 29-03-2010, 21:36
  3. Elep seting tuk Proxy(IPCOP)
    By smile2ardi in forum Beginner Basics
    Replies: 2
    Last Post: 05-12-2008, 14:50
  4. Mikrotik or IPCop
    By emmerdale in forum Beginner Basics
    Replies: 9
    Last Post: 02-12-2008, 10:48
  5. [Ask] Redirect Ping & Traceroute
    By diyu in forum General Networking
    Replies: 6
    Last Post: 25-04-2008, 15:38

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •