Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 14 of 14
  1. #1
    Status
    Offline
    singgahpai's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    82
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    MT sering hang untuk browsingnya

    Dear all,
    Baru beberapa hari ini ada keanehan di MT saya.. MT sering hang untuk browsingnya dalam arti kata, client bisa akses ke MT, login hotpsot, konek ke winbox, ping bisa ke inet, kalau ada yang lagi download masih normal trafiiknya, tapi buat browsing ke WAN dari mikrotiknya gak bisa, cuma bisa di dalam LAN aja...
    Cek resource nromal pemakaian memory sktr 48MB dari 256MB, cpu proses cuma maks 28%, bandwidth Inet gak full..
    Stuck di browsing doang nih...pada gak bisa ke inet.. dan kejadiannya gak tentu bisa 10 menit sekali, 2 jam, dll..

    Di cek pakai torch juga gak ada pemakaian berlebihan oleh client di port 80 ..

    Kenapa ya..? repot dah kalau sudah seperti itu solusinya cuma reboot MT, langsung normal lg...
    Ada yang pernah mengalaminya..? gimana solusinya.?
    Thanks..
    Click here to enlarge

  2. #2
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    proxy mt nya jalan gak?
    aku pernah kyk gitu..
    instal ulang beberapa kali kadang bisa kadang engga
    terakhir pake rb....sembuh
    Click here to enlargeClick here to enlargeClick here to enlarge

  3. #3
    Status
    Offline
    singgahpai's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    82
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Proxy MTnya gak aktif om...redirect ke mesin lain..
    MT ini dipasang di PC P3 766MHz, HD 10GB, Ram 256MB..
    mm..masih ada kejadian spt itu pagi ini...knp ya.. Click here to enlarge

  4. #4
    Status
    Offline
    r52h's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    46
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by singgahpai Click here to enlarge
    Proxy MTnya gak aktif om...redirect ke mesin lain..
    MT ini dipasang di PC P3 766MHz, HD 10GB, Ram 256MB..
    mm..masih ada kejadian spt itu pagi ini...knp ya.. Click here to enlarge
    Pakai MK versi berapa ya ?

  5. #5
    Status
    Offline
    singgahpai's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    82
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Pakai versi 2.9.50 Level 5
    Anehnya pada saat gak bisa browsing, YMnya gak putus, email masih bisa smtp dan pop3, yang lagi download jg gak putus...cuma pada gak bisa browsing..
    Click here to enlarge

  6. #6
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba listing script semua yg ada di mikrotik diposting disini.... biar di cek Click here to enlarge

  7. #7
    Status
    Offline
    singgahpai's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    82
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalau script gak ada bro yang dipasang, tapi kalau konfigurasinya spt ini:

    Hotspot
    |
    MT-------> Internet
    |
    Proxy/Squid

    Setup Interface:
    Code:
    / interface ethernet 
    set WAN name="WAN" mtu=1500 mac-address=00:08:C7:1B:27:8A arp=enabled \
        disable-running-check=yes auto-negotiation=yes full-duplex=yes \
        cable-settings=default speed=100Mbps comment="" disabled=no 
    set LAN-0 name="LAN-0" mtu=1500 mac-address=00:08:C7:CA:1F:67 arp=reply-only \
        disable-running-check=yes auto-negotiation=yes full-duplex=yes \
        cable-settings=default speed=100Mbps comment="" disabled=no 
    set LAN-1 name="LAN-1" mtu=1500 mac-address=00:02:A5:18:B2:06 arp=reply-only \
        disable-running-check=yes auto-negotiation=yes full-duplex=yes \
        cable-settings=default speed=100Mbps comment="" disabled=no 
    set DMZ name="DMZ" mtu=1500 mac-address=00:08:C7:9A:20:56 arp=enabled \
        disable-running-check=yes auto-negotiation=yes full-duplex=yes \
        cable-settings=default speed=100Mbps comment="" disabled=no
    LAN-0 : ke Hotspot
    LAN-1: IDLE (buat backup)
    DMZ: ke Proxy/Squid
    WAN: ke Internet

    IP Address:
    Code:
    / ip address 
    add address=10.10.10.254/24 network=10.10.10.0 broadcast=10.10.10.255 \
        interface=LAN-0 comment="Device RTRW-Net" disabled=no 
    add address=172.10.10.254/29 network=172.10.10.248 broadcast=172.10.10.255 \
        interface=DMZ comment="Koneksi ke DMZ" disabled=no 
    add address=10.10.11.254/24 network=10.10.11.0 broadcast=10.10.11.255 \
        interface=LAN-0 comment="DHCP-POOL" disabled=no 
    add address=192.168.100.2/29 network=192.168.100.0 broadcast=192.168.100.7 \
        interface=WAN comment="WAN" disabled=no 
    add address=172.10.11.254/29 network=172.10.11.248 broadcast=172.10.11.255 \
        interface=LAN-1 comment="" disabled=no
    Seting Firewall seperti ini:
    Code:
    / ip firewall nat 
    add chain=srcnat action=masquerade src-address=10.10.10.0/24 comment="" \
        disabled=no 
    add chain=srcnat action=masquerade src-address=10.10.11.0/24 comment="" \
        disabled=no 
    add chain=srcnat action=masquerade src-address=172.10.10.248/29 comment="" \
        disabled=no 
    add chain=srcnat action=masquerade src-address=172.10.11.248/29 comment="" \
        disabled=no 
    
    / ip firewall mangle 
    add chain=prerouting action=mark-packet new-packet-mark=nat-traversal \
        passthrough=no in-interface=WAN dst-address-list=nat-addr comment="" \
        disabled=no 
    add chain=prerouting action=jump jump-target=tcp-services connection-state=new \
        protocol=tcp comment="" disabled=no 
    add chain=prerouting action=jump jump-target=udp-services connection-state=new \
        protocol=udp comment="" disabled=no 
    add chain=prerouting action=jump jump-target=other-services \
        connection-state=new comment="" disabled=no 
    add chain=tcp-services action=mark-connection new-connection-mark=ftp \
        passthrough=no src-port=1024-65535 dst-port=20-21 protocol=tcp comment="" \
        disabled=no 
    -----di Cut karena gak boleh posting banyak2 karakter ------
    
    / ip firewall filter 
    add chain=forward action=accept in-interface=LAN-0 out-interface=LAN-0 \
        comment="Allow traffic between wired and wireless networks" disabled=no 
    add chain=forward action=accept in-interface=LAN-1 out-interface=LAN-1 \
        comment="Allow traffic between wired and wireless networks" disabled=no 
    add chain=forward action=accept in-interface=DMZ out-interface=DMZ \
        comment="Allow traffic between wired and wireless networks" disabled=no 
    add chain=sanity-check action=jump jump-target=drop packet-mark=nat-traversal \
        comment="Deny illegal NAT traversal" disabled=no 
    add chain=sanity-check action=add-src-to-address-list protocol=tcp \
        psd=20,3s,3,1 address-list=blocked-addr address-list-timeout=1d \
        comment="Block port scans" disabled=no 
    add chain=sanity-check action=add-src-to-address-list \
        tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp \
        address-list=blocked-addr address-list-timeout=1d comment="Block TCP Null \
        scan" disabled=no 
    add chain=sanity-check action=add-src-to-address-list \
        tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp \
        address-list=blocked-addr address-list-timeout=1d comment="Block TCP Xmas \
        scan" disabled=no 
    add chain=sanity-check action=jump jump-target=drop protocol=tcp \
        src-address-list=blocked-addr comment="" disabled=no 
    add chain=sanity-check action=jump jump-target=drop tcp-flags=rst protocol=tcp \
        comment="Drop TCP RST" disabled=no 
    add chain=sanity-check action=jump jump-target=drop tcp-flags=fin,syn \
        protocol=tcp comment="Drop TCP SYN+FIN" disabled=no 
    add chain=sanity-check action=jump jump-target=drop connection-state=invalid \
        comment="Dropping invalid connections at once" disabled=no 
    add chain=sanity-check action=accept connection-state=established \
        comment="Accepting already established connections" disabled=no 
    add chain=sanity-check action=accept connection-state=related comment="Also \
        accepting related connections" disabled=no 
    add chain=sanity-check action=jump jump-target=drop \
        dst-address-type=broadcast,multicast comment="Drop all traffic that goes \
        to multicast or broadcast addresses" disabled=no 
    add chain=sanity-check action=jump jump-target=drop \
        src-address-type=broadcast,multicast comment="Drop all traffic that goes \
        from multicast or broadcast addresses" disabled=no 
    add chain=forward action=jump jump-target=sanity-check comment="Sanity Check" \
        disabled=no 
    add chain=forward action=jump jump-target=restrict-tcp protocol=tcp comment="" \
        disabled=no 
    add chain=forward action=jump jump-target=restrict-udp protocol=udp comment="" \
        disabled=no 
    add chain=forward action=jump jump-target=restrict-ip comment="" disabled=no 
    add chain=restrict-tcp action=reject reject-with=icmp-network-unreachable \
        connection-mark=auth comment="" disabled=no 
    add chain=restrict-tcp action=jump jump-target=smtp-first-drop \
        connection-mark=smtp comment="anti-spam policy" disabled=no 
    add chain=smtp-first-drop action=add-src-to-address-list \
        src-address-list=first-smtp address-list=approved-smtp \
        address-list-timeout=0s comment="" disabled=no 
    add chain=smtp-first-drop action=return src-address-list=approved-smtp \
        comment="" disabled=no 
    add chain=smtp-first-drop action=add-src-to-address-list \
        address-list=first-smtp address-list-timeout=0s comment="" disabled=no 
    add chain=smtp-first-drop action=reject reject-with=icmp-network-unreachable \
        comment="" disabled=no 
    add chain=restrict-tcp action=jump jump-target=drop connection-mark=other-tcp \
        comment="" disabled=no 
    add chain=restrict-udp action=jump jump-target=drop connection-mark=other-udp \
        comment="" disabled=no 
    add chain=restrict-ip action=jump jump-target=drop connection-mark=other \
        comment="" disabled=no 
    add chain=input action=accept src-address-type=local dst-address-type=local \
        comment="Allow local traffic \(between router applications\)" disabled=no 
    add chain=input action=jump jump-target=sanity-check comment="Sanity Check" \
        disabled=no 
    add chain=input action=jump jump-target=drop dst-address-type=!local \
        comment="Dropping packets not destined to the router itself, including all \
        broadcast traffic" disabled=no 
    add chain=input action=accept connection-mark=ping limit=5,5 comment="Allow \
        pings, but at a very limited rate \(5 per sec\)" disabled=no 
    add chain=input action=jump jump-target=drop comment="" disabled=no 
    add chain=dhcp action=accept src-address=0.0.0.0 dst-address=255.255.255.255 \
        comment="" disabled=no 
    add chain=dhcp action=accept src-address=0.0.0.0 dst-address-type=local \
        comment="" disabled=no 
    add chain=dhcp action=accept dst-address-type=local \
        src-address-list=local-addr comment="" disabled=no 
    add chain=local-services action=accept connection-mark=ssh-modif comment="SSH \
        \(22/TCP\)" disabled=no 
    add chain=local-services action=accept connection-mark=dns comment="DNS" \
        disabled=no 
    add chain=local-services action=accept connection-mark=http-proxy \
        comment="HTTP Proxy \(3128/TCP\)" disabled=no 
    add chain=local-services action=accept connection-mark=winbox comment="Winbox \
        \(8291/TCP\)" disabled=no 
    add chain=local-services action=drop comment="Drop Other Local Services" \
        disabled=no 
    add chain=public-services action=accept connection-mark=ssh-modif comment="SSH \
        \(22/TCP\)" disabled=no 
    add chain=public-services action=accept connection-mark=pptp comment="PPTP \
        \(1723/TCP\)" disabled=no 
    add chain=public-services action=accept connection-mark=gre comment="GRE for \
        PPTP" disabled=no 
    add chain=public-services action=drop comment="Drop Other Public Services" \
        disabled=no 
    
    / ip firewall address-list 
    add list=illegal-addr address=0.0.0.0/8 comment="" disabled=no 
    add list=illegal-addr address=127.0.0.0/8 comment="" disabled=no 
    add list=illegal-addr address=224.0.0.0/3 comment="" disabled=no 
    add list=illegal-addr address=192.168.0.0/16 comment="" disabled=no 
    add list=illegal-addr address=10.0.0.0/8 comment="" disabled=no 
    add list=illegal-addr address=172.16.0.0/12 comment="" disabled=no 
    add list=nice address=167.205.0.0/16 comment="" disabled=no 
    
    ---- di cut karena limit posting gak boleh banyak2 karakter ----
    
    add list=local-addr address=172.10.10.0/24 comment="my local network" \
        disabled=no 
    add list=nat-addr address=10.10.10.0/24 comment="my local network" disabled=no 
    add list=nat-addr address=10.10.11.0/24 comment="my local network" disabled=no 
    add list=nat-addr address=10.10.12.0/24 comment="my local network" disabled=no 
    add list=nat-addr address=172.10.10.0/24 comment="my local network" \
        disabled=no 
    add list=local-addr address=10.10.11.0/24 comment="my local network" \
        disabled=no 
    
    / ip firewall connection tracking 
    set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
        tcp-established-timeout=3m tcp-fin-wait-timeout=10s \
        tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
        tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
        udp-stream-timeout=10s icmp-timeout=10s generic-timeout=3m \
        tcp-syncookie=yes
    Selain itu yang aktif DHCP-Server, Pool, DNS-Server, Hotspot Server (tanpa usermanager), Web Proxy gak aktif, Interface ke Hotspot (LAN-0) di set arp=reply-only, Queue client di set dynamic dari hotspot profile

    Gimana kira-kira analisanya bro..?
    Thanks

  8. #8
    Status
    Offline
    t3rm's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    665
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalau client semua tiba - tiba dimatikan apakah tetep gak bisa browsing ?
    Koq gue curiga gejala gejalanya seperti kehabisan upstream bandwidth ya ?

    Click here to enlarge

  9. #9
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    btw lan yg idle tetep nancep di switch ??

    iya bisa jadi upstream habis... soalnya saya jg pernah ngalamin... Click here to enlarge

  10. #10
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    coba matiin proxy nya dulu.... buat memperjelas masalahnya dari mikrotik atau bukan..Click here to enlargeClick here to enlarge

  11. #11
    Status
    Offline
    akbar_lana's Avatar
    VIP Member
    Join Date
    Aug 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    735
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by singgahpai Click here to enlarge
    Dear all,
    Baru beberapa hari ini ada keanehan di MT saya.. MT sering hang untuk browsingnya dalam arti kata, client bisa akses ke MT, login hotpsot, konek ke winbox, ping bisa ke inet, kalau ada yang lagi download masih normal trafiiknya, tapi buat browsing ke WAN dari mikrotiknya gak bisa, cuma bisa di dalam LAN aja...
    Cek resource nromal pemakaian memory sktr 48MB dari 256MB, cpu proses cuma maks 28%, bandwidth Inet gak full..
    Stuck di browsing doang nih...pada gak bisa ke inet.. dan kejadiannya gak tentu bisa 10 menit sekali, 2 jam, dll..

    Di cek pakai torch juga gak ada pemakaian berlebihan oleh client di port 80 ..

    Kenapa ya..? repot dah kalau sudah seperti itu solusinya cuma reboot MT, langsung normal lg...
    Ada yang pernah mengalaminya..? gimana solusinya.?
    Thanks..
    Click here to enlarge
    Gw pernah alami hal ini, coba lo cek di IP ARP mac-addressnya pada sama ga?
    Coz di warnet gw kejadian sama persis kaya yg lo alami jadi di IP ARP List mac-address untuk lan sama semua sehingga browsing tidak jalan tapi yg maen game online tetap jalan. Setelah gw cabut client yg broadcast mac-address langsung lancar..Click here to enlarge

    Kayanya sech itu virus tapi gw sendiri belom tau jenis virus apa yg broadcast mac-address?Click here to enlarge

  12. #12
    Status
    Offline
    singgahpai's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    82
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @t3rm
    Sepertinya bukan kehabisan BW upstream karena ketika dilihat pemakaian BW di interface yang ke Inet (WAN) cuma sekitar 60% dari kapasitas total.
    Indikator lainnya browsing ke interface DMZ yang artinya masih di seputar LAN, belum lewat ke ISP, juga gak bisa

    @scorpion14
    NIC yang IDLE itu gak ada kabelnya, jadi bener2 kkondisi gak konek kemana2
    Upstream juga gak habis, seperti penjelasan di atas tadi

    @lonthong2002
    Web proxy memang pakai Server lain, di redirect ke situ. tapi setelah di nonaktifkan redirectnya juga gak pengaruh...client tetap gak bisa browsing tapi yang download jalan terus..lancar...

    @akbar_lana
    MAC Address client hotspot tidak di add ke ARP List, jadi gak masuk ke IP->ARP
    Trus settingan interface ke Hotspot untuk ARPnya cuma set reply-only, bukan enable, jadi kalau dibaca di IP-->ARP yang ada cuma 2 isian, yaitu ARP ke interface DMZ dan WAN, yang client gak ada list ARPnya..
    Tapi setelah di aktifkan add-arp juga masih seperti itu

    Btw, setelah pusing-pusing akhirnya coba install ulang lagi service Hotspotnya, bukan OS MTnya yang diinstall ulang.
    Hapus aja isian server hotspot, kemudian create lagi dari awal, tapi userlist hotspot tidak kehapus, jadi nanti gak perlu entry username satu-satu..

    Nah..langsung deh koneksi normal lagi... konek ke server DMZ (ada speedtest) dari client hotspot ...normal.. dapat BW diatas 1Mbps terus, sebelumnya naik turun.. bisa ratusan kbps atau malah dibawah 10kbps
    Begitu juga test speed ke cbn, indosatm2, sijiwae, dapat sesuai speed yang diberi oleh ISP..

    Jadi problem sementara solved... walaupun masih mikir2 kenapa ya? apa karena pernah iseng set option limit connection hotspot jadi cuma 10 conn, api sudah dibalikin lagi kok... pengruhnya nempel terus selama belum di install ulang hotspotnya..

    Thanks buat semua yang sudah coba bantuin masalah ini..
    Click here to enlarge

  13. #13
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kemungkinan :

    1. salah setting di proxy
    2. salah setting di dns. ---> ini gw curiga nye
    3. bisa macam2 yang ndak jelas... hahahaha... Click here to enlarge

    emang solusi yang paling ampuh yah di install ulang mie kritingmya.

    gw pernah juga ngalamin seperti itu, tinggal gw load lagi konf yang sebelumnya (konf 6 bulan lalu), terpaksa deh lembur buat setting queue simple pelanggan. Click here to enlarge

  14. #14
    Status
    Offline
    ordinary_boy's Avatar
    Newbie
    Join Date
    Feb 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    maaf guru2 sekalian..mau membuka luka lama nih...:d
    saya ada masalah seperti ini tapi di router tidak dipasang proxy, cuman nat, firewall, dhcp doank.
    akhir2 ini rb yg saya pake buat router dirasa ada yang ga beres karena ga bisa browsing sama sekali, YM ga mau, Donlot ga bisa. ping masih lancar. CPU cuman max 20% memori masih setengah.
    saya pakai rb 433. udah 1,5 thnan
    abis direboot normal lagi.
    apa rb dah ga fit lagi ato gimana ni?
    mohon pencerahannya..
    tq

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Tanya]Min.Hardware & Mikrotik Sering Putus
    By Spirit_Moon in forum Beginner Basics
    Replies: 9
    Last Post: 21-04-2011, 00:04
  2. <ask> sering cannot resolve
    By mailo in forum Scripting @ Mikrotik
    Replies: 9
    Last Post: 30-06-2009, 10:01
  3. [help] YM kok sering putus
    By dot in forum General Networking
    Replies: 5
    Last Post: 01-11-2007, 09:47
  4. (ask)settingan web-proxy sering begini ya?
    By nggatau in forum Scripting @ Mikrotik
    Replies: 5
    Last Post: 27-09-2007, 11:14
  5. Replies: 4
    Last Post: 24-08-2007, 08:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •