Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0

    <ASK> IP Public bisa di akses dari luar jika di pake di RB 433, jika pc ruter ngga

    mohon pencerahannya kawan²...
    saya punya 3 jalur koneksi internet, 1 pake isp lokal trus 2 jalur speedy warnet...
    menurut CSnya TELKOM, kedua ip dari speedy warnet yang saya miliki bisa di ping dan di akses dari luar...
    setelah saya cek, memang betul seperti itu. Namun, saya heran dgn pc ruter mikrotik saya, kalo di pakaikan ip public (salahsatu dari speedy di gunakan di ruter), ip tersebut tdk bisa di ping dan di akses dari luar.. sedang kalau saya pakaikan ke rb433 saya, ip tersebut dua²nya bisa bisa di ping dan di akses dari luar...
    apa ada yang salah dengan mikrotikku (yang pc)???
    Click here to enlargeClick here to enlarge
    Last edited by all21; 27-03-2009 at 20:22. Reason: ganti judul...

  2. #2
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Yang di PC License juga nggak bro ?

  3. #3
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    license ori...
    coz aku beli DOM

  4. #4
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    untuk settingan pc ruter :
    - interface
    Code:
    /interface
    set ether1 name=lokal comment="onboard"
    set ether2 name=infotek comment="infotek"
    set ether3 name=spd1 comment="sapidol 1"
    set ether4 name=spd2 comment="sapidol 2"
    set ether5 name=cadangan comment="cadangan"
    pppoe-client add user=1723162xxxxx@telkom.net password=xxxxxxx interface=spd1
    - ip
    Code:
    /ip address
    add address=192.168.0.1/24 interface=lokal
    add address=192.168.1.2/24 interface=infotek
    add address=192.168.2.2/24 interface=spd1
    - Pemisahan blok 1 dan blok 2 (karena saya mengunakan ip policy)
    Code:
    :for x from=2 to=25 do={ /ip firewall address-list add list="blok1" address="192.168.0.$x" }
    :for x from=26 to=50 do={ /ip firewall address-list add list="blok2" address="192.168.0.$x" }
    /ip firewall address-list add list="blok2" address="192.168.0.254"
    -magel
    Code:
    /ip firewall mangle 
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=loadav.exe action=add-dst-to-address-list address-list=conficker-dst address-list-timeout=02:00:00
    add chain=prerouting in-interface=wireless dst-address-list=!ournetwork content=zgynj.dll action=add-dst-to-address-list address-list=conficker-dst address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=sex action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content="sex videos" action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=porn action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=hentai action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=blowjob action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=tube8.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=redtube.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=mrsnake.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=youtube.com action=add-dst-to-address-list address-list=youtube address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=facebook.com action=add-dst-to-address-list address-list=facebook address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=friendster.com action=add-dst-to-address-list address-list=friendster address-list-timeout=02:00:00
    -filter rule saya
    Code:
    /ip firewall filter 
    add chain=forward dst-address-list=conficker-list action=drop comment="Blok Convicker"
    add chain=forward dst-address-list=friendster action=drop comment="Blok FS"
    add chain=forward dst-address-list=porn action=drop comment="Blok Porn :)"
    add chain=forward dst-address-list=youtube action=drop comment="blok Youtube"
    add chain=forward dst-address-list=facebook action=drop comment="Blok facebook"
    -mark koneksi
    Code:
    /ip firewall mangle
    add chain=prerouting in-interface=lokal connection-state=new src-address-list=blok1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="blok1" disabled=no
    add chain=prerouting in-interface=lokal connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
    add chain=prerouting in-interface=lokal connection-state=new src-address-list=blok2 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="blok2" disabled=no
    add chain=prerouting in-interface=lokal connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
    -NAT
    Code:
    /ip firewall nat
    add chain=srcnat connection-mark=conn1 action=masquerade out-interface=infotek comment="default nat blok1" disabled=no
    add chain=srcnat connection-mark=conn2 action=masquerade out-interface=pppoe-out1 comment="default nat blok2" disabled=no
    add chain=srcnat connection-mark=conn1 action=masquerade out-interface=pppoe-out1 comment="backup nat blok1" disabled=yes
    add chain=srcnat connection-mark=conn2 action=masquerade out-interface=infotek comment="backup nat blok2" disabled=yes
    -route
    Code:
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn1 comment="default route blok1" check-gateway=ping distance=1 disabled=no
    add dst-address=0.0.0.0/0 gateway=125.167.124.1 scope=255 target-scope=10 routing-mark=conn2 comment="default route blok2" check-gateway=ping distance=1 disabled=no
    add dst-address=0.0.0.0/0 gateway=125.167.124.1 scope=255 target-scope=10 routing-mark=conn1 comment="backup route blok1" check-gateway=ping distance=2 disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn2 comment="backup route blok2" check-gateway=ping distance=2 disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment="main gateway" check-gateway=ping distance=1 disabled=no
    add dst-address=0.0.0.0/0 gateway=125.167.124.1 scope=255 target-scope=10 comment="backup gateway" check-gateway=ping distance=2 disabled=no

    -proteksi dari port scanner & limit ping
    Code:
    /ip firewall filter
    add chain=forward protocol=icmp icmp-options=11:0 action=drop comment="Drop Traceroute"
    add chain=forward protocol=icmp icmp-options=3:3 action=drop comment="Drop Traceroute"
    add chain=input action=accept protocol=icmp limit=50/5s,2 comment="limit ping dari client"
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no 
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
    -set dns & identitiy
    Code:
    /ip dns set primary-dns=xxx.xxx.xxx.xxx secondary-dns=203.130.209.242 allow-remote-requests=yes 
    /system identity set name=gateway
    -limit download
    Code:
    :for x from=2 to=60 do={ /ip firewall mangle add chain=postrouting dst-address="192.168.0.$x" action=mark-packet new-packet-mark="Download-0_$x" passthrough=no }
    /ip firewall mangle add chain=postrouting dst-address="192.168.0.254" action=mark-packet new-packet-mark="Download-254" passthrough=no
    /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2048000 name=DL packet-mark="" parent=lokal priority=8 queue=default;
    :for x from=2 to=60 do={/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128000 max-limit=1024000 name="D0_$x" packet-mark="Download-0_$x" parent=DL priority=8 queue=default }
    /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128000 max-limit=1024000 name="D254" packet-mark="Download-254" parent=DL priority=8 queue=default
    (karena kepanjangan, jadi untuk yang rb 433 di posting berikut)

  5. #5
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    2. untuk RB433 :
    - konfigurasi interface :
    Code:
    /interface ethernet
    set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:32:47:98 mtu=1500 name=ether1 speed=100Mbps
    set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=yes full-duplex=yes mac-address=00:0C:42:32:47:99 master-port=none mtu=1500 name=ether2 speed=100Mbps
    set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" disabled=yes full-duplex=yes mac-address=00:0C:42:32:47:9A master-port=none mtu=1500 name=ether3 speed=100Mbps
    /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment="" dial-on-demand=no disabled=no interface=ether1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-out1 password=xxxxxxxxx profile=default service-name=pppoe_8_81_1 use-peer-dns=yes user=1723162xxxxx@telkom.net
    /interface wireless security-profiles set default authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m interim-update=0s mode=none name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
    /interface wireless set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 antenna-mode=ant-b area="" arp=enabled band=2.4ghz-b/g basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment="" compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no disconnect-timeout=3s frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower hide-ssid=no hw-retries=4 mac-address=00:0B:6B:2D:E6:3B max-station-count=2007 mode=ap-bridge mtu=1500 name=wlan1 noise-floor-threshold=default on-fail-retry-time=100ms periodic-calibration=default periodic-calibration-interval=60 preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=000B6B2DE63B rate-set=default scan-list=default security-profile=default ssid="Outdoor PU" station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power=30 tx-power-mode=all-rates-fixed update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
    /interface wireless manual-tx-power-table set wlan1 comment="" manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:0,HT20-8:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0,HT40-8:0"
    /interface wireless nstreme set wlan1 comment="" disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=3200 framer-policy=none
    /interface bridge settings set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
    /interface ethernet mirror set mirror-port=none source-port=none
    /interface l2tp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
    /interface ovpn-server server set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:16:DA:BE:AC:53 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
    /interface pptp-server server set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
    /interface wireless align set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
    /interface wireless sniffer set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
    /interface wireless snooper set channel-time=200ms multiple-channels=yes receive-errors=no
    /interface set wlan1 name=wireless
    -ip intuk interface lokal
    Code:
    /ip address add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=ether1 network=192.168.3.0
    -setup hotspot
    Code:
    /ip hotspot profile 
    set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
    add dns-name=login.pu.net hotspot-address=192.168.100.1 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 nas-port-type=wireless-802.11 radius-accounting=yes radius-default-domain="" radius-interim-update=received radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=yes
    /ip hotspot add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m interface=wlan1 keepalive-timeout=none name=hotspot1 profile=hsprof1
    /ip hotspot user profile set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no
    /ip hotspot service-port set ftp disabled=no ports=21
    /ip hotspot user add comment="" disabled=no name=all21 password=821653 profile=default
    /radius add accounting-backup=no accounting-port=1813 address=127.0.0.1 authentication-port=1812 called-id="" comment="" disabled=no domain="" realm="" secret=123456 service=hotspot timeout=300ms
    /radius incoming set accept=no port=3799
    /tool user-manager credit add comment="" extend-price=0 full-price=0 name=dadas subscriber=all21 time=1w3d
    /tool user-manager customer add comment="" currency=Rp. date-format=%b/%d/%Y disabled=no login=all21 parent=all21 password=821653 paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no permissions=owner signup-allowed=no signup-email-body="Your authorization data:\
        \nlogin: %login%\
        \npassword: %password%\
        \n\
        \nTo check your status and buy extended time go to address  %link%\
        \n" signup-email-subject="Account info" subscriber=all21 time-zone=+08:00
    /tool user-manager router 
    add comment="" disabled=no ip-address=127.0.0.1 log=auth-ok,auth-fail,acct-fail name=router1 shared-secret=123456 subscriber=all21
    add comment="" disabled=no ip-address=172.16.0.1 log=auth-ok,auth-fail,acct-fail name=router2 shared-secret=123456 subscriber=all21
    add comment="" disabled=no ip-address=192.168.100.1 log=auth-ok,auth-fail,acct-fail name=router3 shared-secret=123456 subscriber=all21
    /tool user-manager user
    add comment="" disabled=no name=ISCHR password=NOKIA rate-limit=" 0/0 0/0 0/0 0/0 8" subscriber=all21
    -bikin address list
    Code:
    :for x from=1 to=50 do={ /ip firewall address-list add list="ournetwork" address="192.168.100.$x" }
    -magel
    Code:
    /ip firewall mangle 
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=loadav.exe action=add-dst-to-address-list address-list=conficker-dst address-list-timeout=02:00:00
    add chain=prerouting in-interface=wireless dst-address-list=!ournetwork content=zgynj.dll action=add-dst-to-address-list address-list=conficker-dst address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=sex action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content="sex videos" action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=porn action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=hentai action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=blowjob action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=tube8.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=redtube.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=mrsnake.com action=add-dst-to-address-list address-list=porn address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=youtube.com action=add-dst-to-address-list address-list=youtube address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=facebook.com action=add-dst-to-address-list address-list=facebook address-list-timeout=02:00:00
    add chain=prerouting in-interface=lokal dst-address-list=!ournetwork content=friendster.com action=add-dst-to-address-list address-list=friendster address-list-timeout=02:00:00
    -filter rule saya
    Code:
    /ip firewall filter 
    add chain=forward dst-address-list=conficker-list action=drop comment="Blok Convicker"
    add chain=forward dst-address-list=friendster action=drop comment="Blok FS"
    add chain=forward dst-address-list=porn action=drop comment="Blok Porn :)"
    add chain=forward dst-address-list=youtube action=drop comment="blok Youtube"
    add chain=forward dst-address-list=facebook action=drop comment="Blok facebook"
    -proteksi dari port scanner & limit ping
    Code:
    /ip firewall filter
    add chain=forward protocol=icmp icmp-options=11:0 action=drop comment="Drop Traceroute"
    add chain=forward protocol=icmp icmp-options=3:3 action=drop comment="Drop Traceroute"
    add chain=input action=accept protocol=icmp limit=50/5s,2 comment="limit ping dari client"
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no 
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
    kok kalo speedy di pakek ke pc ruter ngga bisa di ping???
    trus kalo di pake ke rb 433 bisa di ping??
    bahkan bisa di remote dari luar
    help me plz...
    udah buntu otak saya bolak balik periksa settingan, tapi sampe sekarang (uda 2 bulan) ngga bisa²Click here to enlargeClick here to enlarge
    mohon bantuannya....

  6. #6
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Coba di trace dulu aja masalahnya, firewall, mangle, dll dimatiin dulu, trus dicobain bisa diping dari luar nggak ? Kalau tanpa gitu gituan nggak bisa, baru deh pusing.

  7. The Following User Says Thank You to xeon For This Useful Post:


  8. #7
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    Coba di trace dulu aja masalahnya, firewall, mangle, dll dimatiin dulu, trus dicobain bisa diping dari luar nggak ? Kalau tanpa gitu gituan nggak bisa, baru deh pusing.
    udah...
    udah 2 bulan ini kerjaan tiap hari trace masalahnya dimana...
    firewall & mangle sama kok keduanya....

    tapi yang di rb433 bisa di ping dari luar (bahkan di remote). kalo di coba di pc ruter ngga bisa...Click here to enlarge
    pusing nih... udah 2 bulan Click here to enlargeClick here to enlarge
    mau bikin webserver rencananya pake firewall dari pc ruter..
    & yang 1 line khusus wireless di kantor...
    help me plzzClick here to enlargeClick here to enlarge

  9. #8
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    di pc ada nat dan /ip route, di rb kok ndak ada.

  10. #9
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    kalo rb, kan pake /hotspot setup. jadi natnya otomatis dibikin..
    trus untuk /ip route, kan aku pake pppoe jadi kalo udah onek, otomatis dns dan ip route di setting juga...

  11. #10
    Status
    Offline
    aagyung's Avatar
    Calon Member
    Join Date
    Feb 2008
    Location
    Kudus
    Posts
    77
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Saran saya gini aja kang...
    coba yang di pc-router, di-disable semua rule di firewall filter. terus coba lakukan ping menuju ke ip publik, bisa nggak? kalau bisa, coba satu persatu dihidupkan.
    terus coba buat satu rule diatas action=drop di masing2 chain di filter, yaitu rule untuk action=log. Sehingga akan ketahuan, paket apa yang terdrop.

    semoga membantu

  12. #11
    Status
    Offline
    mattnux's Avatar
    Forum Guru
    Join Date
    Jun 2008
    Location
    jakarta
    Posts
    1,255
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    setubuh ma moderator.....
    Click here to enlargeClick here to enlarge

  13. #12
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by aagyung Click here to enlarge
    Saran saya gini aja kang...
    coba yang di pc-router, di-disable semua rule di firewall filter. terus coba lakukan ping menuju ke ip publik, bisa nggak? kalau bisa, coba satu persatu dihidupkan.
    terus coba buat satu rule diatas action=drop di masing2 chain di filter, yaitu rule untuk action=log. Sehingga akan ketahuan, paket apa yang terdrop.

    semoga membantu
    udah saya bikin, dan ini hasil log yang saya dapat
    Code:
    [all21@gateway] > log pr
    11:00:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:00:43 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:00:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:00:53 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:00:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:03 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:13 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:23 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:33 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:01:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:01:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:24 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:34 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:02:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:02:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:01 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 209.85.171.100-
    >192.168.1.2, len 36 
    11:03:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:24 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:34 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:03:46 firewall,info input: in:lokal out:(none), src-mac 00:19:21:43:44:d3, proto ICMP (type 3, code 3), 192.168.0.6->192.
    168.0.1, len 156 
    11:03:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:03:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:24 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:28 system,info,account user all21 logged in via winbox 
    11:04:28 system,info,account user all21 logged in via local 
    11:04:33 system,info,account user all21 logged out via local 
    11:04:34 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:04:49 firewall,info forward: in:lokal out:infotek, src-mac 00:19:21:43:44:d3, proto ICMP (type 3, code 3), 192.168.0.6->1
    92.168.23.102, len 156 
    11:04:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:04:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:17 system,info filter rule changed by all21 
    11:05:24 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:34 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:05:47 system,info,account user all21 logged out via winbox 
    11:05:54 system,info,account user all21 logged in via winbox 
    11:05:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:05:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:02 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 209.85.171.100-
    >192.168.1.2, len 36 
    11:06:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:24 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:25 system,info,account user all21 logged out via winbox 
    11:06:25 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:28 system,info,account user all21 logged in from 192.168.0.49 via winbox 
    11:06:34 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:34 system,info filter rule changed by all21 
    11:06:35 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:36 system,info filter rule changed by all21 
    11:06:44 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:45 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:06:51 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 8, code 0), 85.25.86.50->125.167.126.156, len 64 
    11:06:52 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 8, code 0), 85.25.86.50->125.167.126.156, len 64 
    11:06:53 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 8, code 0), 85.25.86.50->125.167.126.156, len 64 
    11:06:54 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 8, code 0), 85.25.86.50->125.167.126.156, len 64 
    11:06:54 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:06:55 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:07:04 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:07:05 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:07:14 firewall,info input: in:infotek out:(none), src-mac 0a:00:3e:24:53:33, proto ICMP (type 0, code 0), 192.168.1.1->19
    2.168.1.2, len 36 
    11:07:15 firewall,info input: in:pppoe-out1 out:(none), proto ICMP (type 0, code 0), 125.167.124.1->125.167.126.156, len 36 
    11:07:17 system,info,account user all21 logged in from 192.168.0.49 via telnet 
    
    [all21@gateway] >
    Last edited by all21; 30-03-2009 at 11:09. Reason: lognya kepanjangan... jadi diedit :)

  14. #13
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    di respon doong...............
    kok ngga ada yang respon ????

  15. #14
    Status
    Offline
    _aRye's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pengalaman saya sih di firewall filter,, coba disable terus reboot

  16. #15
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by _aRye Click here to enlarge
    pengalaman saya sih di firewall filter,, coba disable terus reboot
    udah mas...
    malah udah saya hapus firewallnya...
    trus saya reboot...
    tetep ngga bisa...
    saya coba reset ruter...
    trus sy config lagi tanpa firewall...
    masih ngga bisa???
    ada apa dgn mt saya ya???
    padahal punya saya licensi ori......

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Help......Tanya Setting Mikrotik Untuk ip public to ip public .....?
    By motokare2006 in forum General Networking
    Replies: 10
    Last Post: 19-03-2013, 14:02
  2. Help : 1 Eth-Public untuk 2 ISP
    By agustyono in forum General Networking
    Replies: 9
    Last Post: 21-01-2009, 09:46
  3. ip public porward
    By officeboy in forum Beginner Basics
    Replies: 1
    Last Post: 17-03-2008, 03:10
  4. IP Public
    By hantulaut in forum Beginner Basics
    Replies: 6
    Last Post: 20-01-2008, 21:25
  5. nge NAT local ke public
    By alfin in forum General Networking
    Replies: 5
    Last Post: 02-12-2007, 21:13

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •