Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    echozz's Avatar
    Member
    Join Date
    Jul 2008
    Posts
    120
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    [ASK] PPTP gak konek

    Permisi teman2 mikrotikers...mau nanya seputar PPTP. Saya baru make firewall baru dari tutorial yang ane belum 100% paham baris per baris. Yang jadi masalah adalah PPTP jadi gak jalan, padahal port TCP 1723 dah di accept, service pptp juga enable. Masalahanya dmn ya mohon pencerahan...

    ini firewall filternya..
    Code:
    /ip firewall filter
    add action=drop chain=input comment="Drop Invalid connections" \
        connection-state=invalid disabled=no
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="Port scanners to list " \
        disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
        disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
        protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
        protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
        no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
        protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
        protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="Dropping port scanners" disabled=no \
        src-address-list="port scanners"
    add action=accept chain=input comment="Allow Input from LOCAL Network" \
        disabled=no in-interface=bridge1 src-address=192.168.88.0/24
    add action=accept chain=input comment="Allow Input from LOCAL Network" \
        disabled=no in-interface=vlan-PD src-address=192.168.13.0/29
    add action=accept chain=input comment="Allow Established connections" \
        connection-state=established disabled=no in-interface=WAN
    add action=accept chain=input comment="Allow Related connections" \
        connection-state=related disabled=no in-interface=WAN
    add action=accept chain=input comment="Allow PPTP Access" disabled=no \
        dst-port=1723 in-interface=WAN protocol=tcp
    add action=accept chain=input comment="Allow Winbox Access" disabled=no \
        dst-port=8291 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Drop everything else" disabled=no
    add action=drop chain=forward comment="Drop Invalid connections" \
        connection-state=invalid disabled=no
    add action=jump chain=forward comment="Bad packets filtering" disabled=no \
        jump-target=tcp protocol=tcp
    add action=jump chain=forward comment="" disabled=no jump-target=udp \
        protocol=udp
    add action=jump chain=forward comment="" disabled=no jump-target=icmp \
        protocol=icmp
    add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
        protocol=tcp
    add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
        protocol=tcp
    add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
        111 protocol=tcp
    add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
        135 protocol=tcp
    add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
        protocol=tcp
    add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
        protocol=tcp
    add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
        protocol=tcp
    add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
        12345-12346 protocol=tcp
    add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
        protocol=tcp
    add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
        31337 protocol=tcp
    add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
        protocol=tcp
    add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
    add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
        protocol=udp
    add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
        111 protocol=udp
    add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
        135 protocol=udp
    add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
        protocol=udp
    add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
        protocol=udp
    add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
        31337 protocol=udp
    add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=0:0-255 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:0 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:3 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:4 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=8:0-255 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=11:0-255 limit=5,5 protocol=icmp
    add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
    add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
        disabled=no in-interface=bridge1 src-address=192.168.88.0/24
    add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
        disabled=no in-interface=vlan-PD src-address=192.168.13.0/29
    add action=accept chain=forward comment="Allow Established connections" \
        connection-state=established disabled=no in-interface=WAN
    add action=accept chain=forward comment="Allow Related connections" \
        connection-state=related disabled=no in-interface=WAN
    add action=drop chain=forward comment="Drop everything else" disabled=no
    dimana :
    ip lokal : 192.168.88.0/24
    ip vlan : 192.168.13.0/29
    bridge1 : interface lokal
    WAN : ppope speedy

    sebelum pake firewal ini/firewall filter di disable semua, PPTP mau jalan....mohon koreksi rekan2..Click here to enlarge
    terima kasih
    Last edited by echozz; 20-05-2010 at 06:20.

  2. #2
    Status
    Offline
    kapinismeuting's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid disabled=no
    coba matikan yang ini.

  3. #3
    Status
    Offline
    lucubrb's Avatar
    KocokJaya Team
    Join Date
    Nov 2007
    Location
    localhost - 127.0.0.1
    Posts
    542
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    setubuh ama bro kapinismeuting Click here to enlarge

    yg paling bawah script TS disabled=yes harusnya.

  4. #4
    Status
    Offline
    echozz's Avatar
    Member
    Join Date
    Jul 2008
    Posts
    120
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    udah ngikutin saran bro kapinismeuting n lucubrb, tetep gak jalan PPTPnya Click here to enlarge

  5. #5
    Status
    Offline
    injuredx's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Location
    Surakarta, Indonesia
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dilihat dari rules diatas dial pptp cuma diaccept dari interface luar aja, kalau mau dial dari sembarang, coba ganti
    add action=accept chain=input comment="Allow PPTP Access" disabled=no \
    dst-port=1723 in-interface=WAN protocol=tcp

    dengan
    add action=accept chain=input comment="Allow PPTP Access" disabled=no \
    dst-port=1723 protocol=tcp

    kalau masi gak bisa, tambah rule lagi... untuk accept protocol GRE...
    maaf kalo sok tau... maklum newbie.. hehehhee

  6. #6
    Status
    Offline
    maestro_smd's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    235
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by echozz Click here to enlarge
    Permisi teman2 mikrotikers...mau nanya seputar PPTP. Saya baru make firewall baru dari tutorial yang ane belum 100% paham baris per baris. Yang jadi masalah adalah PPTP jadi gak jalan, padahal port TCP 1723 dah di accept, service pptp juga enable. Masalahanya dmn ya mohon pencerahan...

    ini firewall filternya..
    [code]

    sebelum pake firewal ini/firewall filter di disable semua, PPTP mau jalan....mohon koreksi rekan2..Click here to enlarge
    terima kasih

    Coba di test dulu apa port 1723 sudah listen & open dari tempat agan..

    Telnet IP-Address 1723, kalau ok, barangkali dimasalah encryptionnya...

  7. #7
    dodol_garut447
    dodol_garut447's Avatar
    Click here to enlarge Originally Posted by echozz Click here to enlarge
    Permisi teman2 mikrotikers...mau nanya seputar PPTP. Saya baru make firewall baru dari tutorial yang ane belum 100% paham baris per baris. Yang jadi masalah adalah PPTP jadi gak jalan, padahal port TCP 1723 dah di accept, service pptp juga enable. Masalahanya dmn ya mohon pencerahan...

    ini firewall filternya..
    Code:
    /ip firewall filter
    add action=drop chain=input comment="Drop Invalid connections" \
        connection-state=invalid disabled=no
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="Port scanners to list " \
        disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
        disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
        protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
        protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
        no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
        protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
        protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="Dropping port scanners" disabled=no \
        src-address-list="port scanners"
    add action=accept chain=input comment="Allow Input from LOCAL Network" \
        disabled=no in-interface=bridge1 src-address=192.168.88.0/24
    add action=accept chain=input comment="Allow Input from LOCAL Network" \
        disabled=no in-interface=vlan-PD src-address=192.168.13.0/29
    add action=accept chain=input comment="Allow Established connections" \
        connection-state=established disabled=no in-interface=WAN
    add action=accept chain=input comment="Allow Related connections" \
        connection-state=related disabled=no in-interface=WAN
    add action=accept chain=input comment="Allow PPTP Access" disabled=no \
        dst-port=1723 in-interface=WAN protocol=tcp
    add action=accept chain=input comment="Allow Winbox Access" disabled=no \
        dst-port=8291 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Drop everything else" disabled=no
    add action=drop chain=forward comment="Drop Invalid connections" \
        connection-state=invalid disabled=no
    add action=jump chain=forward comment="Bad packets filtering" disabled=no \
        jump-target=tcp protocol=tcp
    add action=jump chain=forward comment="" disabled=no jump-target=udp \
        protocol=udp
    add action=jump chain=forward comment="" disabled=no jump-target=icmp \
        protocol=icmp
    add action=drop chain=tcp comment="deny SMTP" disabled=no dst-port=25 \
        protocol=tcp
    add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
        protocol=tcp
    add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
        111 protocol=tcp
    add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
        135 protocol=tcp
    add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
        protocol=tcp
    add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
        protocol=tcp
    add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
        protocol=tcp
    add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
        12345-12346 protocol=tcp
    add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
        protocol=tcp
    add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
        31337 protocol=tcp
    add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
        protocol=tcp
    add action=drop chain=tcp comment="deny P2P" disabled=no p2p=all-p2p
    add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
        protocol=udp
    add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
        111 protocol=udp
    add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
        135 protocol=udp
    add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
        protocol=udp
    add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
        protocol=udp
    add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
        31337 protocol=udp
    add action=drop chain=udp comment="deny P2P" disabled=no p2p=all-p2p
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=0:0-255 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:0 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:3 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=3:4 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=8:0-255 limit=5,5 protocol=icmp
    add action=accept chain=icmp comment="limit packets 5/secs" disabled=no \
        icmp-options=11:0-255 limit=5,5 protocol=icmp
    add action=drop chain=icmp comment="Drop other icmp packets" disabled=no
    add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
        disabled=no in-interface=bridge1 src-address=192.168.88.0/24
    add action=accept chain=forward comment="Allow Forward from LOCAL Network" \
        disabled=no in-interface=vlan-PD src-address=192.168.13.0/29
    add action=accept chain=forward comment="Allow Established connections" \
        connection-state=established disabled=no in-interface=WAN
    add action=accept chain=forward comment="Allow Related connections" \
        connection-state=related disabled=no in-interface=WAN
    add action=drop chain=forward comment="Drop everything else" disabled=no
    dimana :
    ip lokal : 192.168.88.0/24
    ip vlan : 192.168.13.0/29
    bridge1 : interface lokal
    WAN : ppope speedy

    sebelum pake firewal ini/firewall filter di disable semua, PPTP mau jalan....mohon koreksi rekan2..Click here to enlarge
    terima kasih
    coba tambahin rule ini di filter rule
    Code:
    add action=accept chain=input comment="PPTP GRE 47 accept" disabled=no protocol=gre
    Last edited by dodol_garut447; 13-04-2011 at 12:15.

  8. #8
    Status
    Offline
    muhamadsh's Avatar
    Baru Gabung
    Join Date
    Oct 2011
    Location
    Ungaran, Jawa Tengah, Indonesia, Indonesia
    Posts
    11
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    reset setting ulang,pasti jalan lagi....Click here to enlarge
    kalu untuk koneksi vpn jangan banyak2 firewall filternya kasih sederhanan tapi sudah oke


    ini dapat dari suhu2 FMI
    ip firewall filter

    add chain=forward in-interface=speedy out-interface=lan dst-address=192.168.1.1/24 action=accept comment="Allow semua akses internet to client" disabled=no
    add chain=input in-interface=speedy protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
    add chain=input in-interface=speedy protocol=udp src-port=123 action=accept comment="Allow NTP Traffic" disabled=no
    add chain=input in-interface=speedy protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
    add chain=input in-interface=speedy protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
    add chain=input in-interface=speedy connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
    add chain=input in-interface=speedy action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no

    kurangnya mohon maaf...nuwbbbClick here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ask : Nyetting dibawah konek, pasang di tower tdk konek
    By wenkdhira in forum Wireless Networking
    Replies: 10
    Last Post: 13-02-2014, 05:04
  2. Req : PPTP gak bisa konek (pptp need gre)
    By w1z4rd in forum General Networking
    Replies: 26
    Last Post: 10-11-2011, 19:20
  3. PPTP Client Dan PPTP Server Di Mikrotik
    By buluxs in forum Beginner Basics
    Replies: 12
    Last Post: 19-08-2009, 13:15
  4. Problem DI PPTP
    By zismabes in forum Beginner Basics
    Replies: 5
    Last Post: 30-04-2008, 19:21
  5. Help PPTP
    By jay039 in forum General Networking
    Replies: 1
    Last Post: 08-04-2008, 22:01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •