Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
  1. #16
    Status
    Offline
    kacauBrantakan's Avatar
    Baru Gabung
    Join Date
    May 2010
    Location
    depok
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    newbie numpang nanya.......Click here to enlarge

    di tempat ane kan bikin rt/rw net, jmlh client'y 8 user ane setting subnet'y 199.x.x.x/28 yg berarti kan ad 14 host.....
    sementara nunggu yg nyusul, sisa 6 IP ini mo ane blok.....

    klo setingan'y kaya gini bener ga.......(mohon di koreksi)....Click here to enlarge

    chain=input action=drop src-address=199.x.x.11-192.x.x.14

    thx b4......

  2. #17
    Status
    Offline
    mahaadit's Avatar
    VIP Member
    Join Date
    Jan 2010
    Location
    Yogyakarta
    Posts
    706
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by cikruk21 Click here to enlarge
    Assalamu’alaikum wr.wb...
    Menjelang berbuka puasa saya mencoba share trik sederhana ini, di tujukan untuk para newbie2 seperti saya yang sedang berusaha belajar dan mendalami mikrotik melalui FMI tercinta ini... Click here to enlarge Untuk yang sudah para master mohon koreksi dan bimbingannya.. Click here to enlarge

    Trik ini saya pakai di RTRW net yang bertujuan untuk memblok IP ilegal ( IP selain klien saya ) masuk ke dalam jaringan. Sehingga hanya IP yang terdaftar aja yang bisa masuk dan akses internet ke RTRW net.

    Untuk settingan lainnya tidak saya bahas karena pasti puanjang banget, saya hanya pada intinya saja, monggo langsung aja ... Click here to enlarge

    1. Buat rule jump target :
    /ip firewall filter
    add chain=input src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
    add chain=output src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked

    2. Buat daftar IP yang di ijinkan akses di IP-Firewall-Adress list
    /ip firewall address-list
    add address=192.168.1.1 comment="" disabled=no list=klien
    add address=192.168.1.2 comment="" disabled=no list=klien
    add address=192.168.1.3 comment="" disabled=no list=klien
    add address=192.168.1.4 comment="" disabled=no list=klien
    add address=192.168.1.5 comment="" disabled=no list=klien

    dan seterusnya sampai di masukin semua IP klien yang terdaftar

    3. Buat rule di IP-Firewall-Filter untuk mengijinkan IP yang sudah terdaftar
    /ip firewall filter
    add chain=blocked protocol=udp src-address-list=klien action=accept
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=klien action=accept
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=klien action=accept

    4. Buat rule untuk Blok IP selain IP klien yang sudah terdaftar
    /ip firewall filter
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=add-src-to-address-list address-list=src-not-whitelist address-list-timeout=1d
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=drop
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=!klien action=drop

    Selesai deh............... Click here to enlarge
    Dah cukup sekian dulu, mudah2an bermanfaat & berguna buat para newbie....
    Mohon koreksi & bimbingannya buat para master..

    Hatur nuhun
    klo t4 ane ada cerita gini gan..hotspot area ane kan ada client yg gunakan dengan 1 acount bisa di share dengan pc dia kasih 2 lan card dan kabel lan ke satu ke internet sy dan 1nya di sahre ke pc ke-2 gitu.kira2 pk tuts ini bisa matiin yg share ga ya gan..mohon di jawab gan..tq

  3. #18
    Status
    Offline
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    di mikrotik muter2 nyari untuk MAC address list koq lom nemu2 yachh.. kalo ip emang bisa di address list-khan.. tp kalo MAC muter2 lom dapet2.... Click here to enlarge

  4. #19
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by iyou Click here to enlarge
    sesederhana mungkin hehehe
    /ip firewall address-list
    add address=192.168.1.0/24 disabled=no list=ip-klien

    /ip firewall filter
    add chain=input dst-address-list=!ip-klien action=drop
    add chain=forward src-address-list=!ip-klien action=drop

    sama-sama newbieClick here to enlarge
    klo ini berarti ip 192.168.1.1 - 192.168.1.254 bisa digunakan Click here to enlarge

  5. #20
    Status
    Offline
    adamsky's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    3
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak gan maklum neubi

  6. #21
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    apa ga terlalu muter muter ya?
    bisa disederhanakan seperti ini:

    Code:
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    
    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop 
    add chain=forward src-address-list=!klien action=drop

    CMIIW, maklum saya masih nubie...
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    add address=10.10.0.101-10.10.0.130 disabled=no list=klien

    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop

    baru sampai langkah ini, tiba2 koneksi remote putus (setting via remote), tidak bisa di remote sama sekali Click here to enlarge
    Click here to enlargeClick here to enlargeClick here to enlarge

    kidx13@linux:~$ ping [ip-server]
    PING [ip-server] ([ip-server]) 56(84) bytes of data.
    64 bytes from [ip-server]: icmp_req=1 ttl=61 time=39.4 ms
    64 bytes from [ip-server]: icmp_req=2 ttl=61 time=36.7 ms
    64 bytes from [ip-server]: icmp_req=3 ttl=61 time=36.1 ms
    64 bytes from [ip-server]: icmp_req=4 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=5 ttl=61 time=36.5 ms
    64 bytes from [ip-server]: icmp_req=6 ttl=61 time=50.0 ms
    64 bytes from [ip-server]: icmp_req=7 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=8 ttl=61 time=38.9 ms
    64 bytes from [ip-server]: icmp_req=9 ttl=61 time=38.6 ms
    64 bytes from [ip-server]: icmp_req=10 ttl=61 time=40.2 ms
    64 bytes from [ip-server]: icmp_req=11 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=12 ttl=61 time=37.6 ms
    64 bytes from [ip-server]: icmp_req=13 ttl=61 time=39.2 ms
    ^C
    --- [ip-server] ping statistics ---
    13 packets transmitted, 13 received, 0% packet loss, time 12014ms
    rtt min/avg/max/mdev = 36.128/39.180/50.039/3.340 ms


    kidx13@linux:~$ ssh admin@[ip-server]
    ssh: connect to host [ip-server] port 22: Connection timed out
    Last edited by kidx13; 10-01-2011 at 16:23.

  7. #22
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by iyou Click here to enlarge
    sesederhana mungkin hehehe
    /ip firewall address-list
    add address=192.168.1.0/24 disabled=no list=ip-klien

    /ip firewall filter
    add chain=input dst-address-list=!ip-klien action=drop
    add chain=forward src-address-list=!ip-klien action=drop

    sama-sama newbieClick here to enlarge
    Salah Total !

    Click here to enlarge Originally Posted by kidx13 Click here to enlarge
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    add address=10.10.0.101-10.10.0.130 disabled=no list=klien

    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop

    baru sampai langkah ini, tiba2 koneksi remote putus (setting via remote), tidak bisa di remote sama sekali Click here to enlarge
    Click here to enlargeClick here to enlargeClick here to enlarge

    kidx13@linux:~$ ping [ip-server]
    PING [ip-server] ([ip-server]) 56(84) bytes of data.
    64 bytes from [ip-server]: icmp_req=1 ttl=61 time=39.4 ms
    64 bytes from [ip-server]: icmp_req=2 ttl=61 time=36.7 ms
    64 bytes from [ip-server]: icmp_req=3 ttl=61 time=36.1 ms
    64 bytes from [ip-server]: icmp_req=4 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=5 ttl=61 time=36.5 ms
    64 bytes from [ip-server]: icmp_req=6 ttl=61 time=50.0 ms
    64 bytes from [ip-server]: icmp_req=7 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=8 ttl=61 time=38.9 ms
    64 bytes from [ip-server]: icmp_req=9 ttl=61 time=38.6 ms
    64 bytes from [ip-server]: icmp_req=10 ttl=61 time=40.2 ms
    64 bytes from [ip-server]: icmp_req=11 ttl=61 time=38.5 ms
    64 bytes from [ip-server]: icmp_req=12 ttl=61 time=37.6 ms
    64 bytes from [ip-server]: icmp_req=13 ttl=61 time=39.2 ms
    ^C
    --- [ip-server] ping statistics ---
    13 packets transmitted, 13 received, 0% packet loss, time 12014ms
    rtt min/avg/max/mdev = 36.128/39.180/50.039/3.340 ms


    kidx13@linux:~$ ssh admin@[ip-server]
    ssh: connect to host [ip-server] port 22: Connection timed out
    jangan2 ip router nya ikut masuk juga bro

  8. #23
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge jadi sebuah pengalaman
    jangan asal copy paste Click here to enlargeClick here to enlargeClick here to enlarge

  9. #24
    Status
    Offline
    faqiir's Avatar
    Member
    Join Date
    Feb 2009
    Posts
    156
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    klo saya sih maen di NAT, jadi bikin list klien trus dimasukin ke nat di bagian source address list Click here to enlarge... dah wes klo IP yg lom kedaftar ya otomatis ga bisa nge-net ping bisa tp net ga jalan ... yg susah emang klo di Mac Clone berat wess Click here to enlarge... mo nyuba PPtp gagal muluClick here to enlargeClick here to enlarge

  10. #25
    Status
    Offline
    marteen's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    128
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    kalo ane salah satu pengamanan client di buat berpasangan aja ip & mac nya kek gn:

    ip fi fi
    add action=drop chain=forward comment=\
    "\"kunci 192.168.1.7 ke xx:xx:xx:xx:xx:xx\"" disabled=no src-address=\
    192.168.1.7 src-mac-address=!xx:xx:xx:xx:xx:xx

    add action=drop chain=forward comment=\
    "\"kunci !192.168.1.7 ke xx:xx:xx:xx:xx:xx\"" disabled=no src-address=\
    192.168.1.7 src-mac-address=xx:xx:xx:xx:xx:xx

    Click here to enlarge

  11. #26
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau di tempat gw seperti ini :

    buat yg belum tahu , kalau yg udah pake mohon masukannya mungkin ada yg kurang.thanks

    1

    Click here to enlarge

    liat bagian Address Per MAC

    itu gunanya untuk share beberapa ip yg berbeda da dan mac yg sama dalam satu AP

    2.Click here to enlarge

    ini juga hampir sama tapi ini lebih ke arah share koneksi ..

    Shared User - isi sesuai jumlah network yg masuk contoh di atas saya ada 2 profile yaitu Global hanya bisa di pake 1 koneksi dan Rt007 ( karena terdapat repeater jumlah user 4 )

    3. Click here to enlarge

    Pastikan setiap user sesuai dengan profile masing2 . Click here to enlarge

    4. Click here to enlarge

    Liat bagian address dengan to address biasanya kalau cloning kedua nya ga bisa sama Click here to enlarge ( itu yg udah gw pantau sampe saat ini, ga tau kemudian hari.)

    kalau beda block di ip > binding

    5. Click here to enlarge

    masukin semua informasi yg ga sesuai dengan daftar user mulai dari mac,address,to address.

    hasilnya



    Mungkin itu dulu share dari gw. Mohon di maafkan jika ada salah dalam penjelasan di atas.
    Last edited by donipermono1982; 11-01-2011 at 23:41.

  12. #27
    Status
    Offline
    s!mbahNET's Avatar
    Newbie
    Join Date
    Nov 2010
    Location
    Bantul, Djogjakarta
    Posts
    62
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mahaadit Click here to enlarge
    klo t4 ane ada cerita gini gan..hotspot area ane kan ada client yg gunakan dengan 1 acount bisa di share dengan pc dia kasih 2 lan card dan kabel lan ke satu ke internet sy dan 1nya di sahre ke pc ke-2 gitu.kira2 pk tuts ini bisa matiin yg share ga ya gan..mohon di jawab gan..tq
    mungkin bisa baca" ini ganClick here to enlarge

  13. #28
    Status
    Offline
    naga wulan's Avatar
    Member
    Join Date
    Jan 2010
    Location
    Bandoeng
    Posts
    205
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Originally Posted by dencow View Post
    apa ga terlalu muter muter ya?
    bisa disederhanakan seperti ini:

    Code:

    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien

    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop
    add chain=forward src-address-list=!klien action=drop

    CMIIW, maklum saya masih nubie...
    saya pake kabel, sudah diterapiin setingan di atas, komp sendiri ip dimasukin tapi di disable, komp ane tetap bs browsing, knapa ya gan? sy pake proxy external, mmohon pencerahan

  14. #29
    Status
    Offline
    yogaponsel's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Location
    "BnetAkses"
    Posts
    2,511
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    banyak jalan ke rumah si "romlah" ... disesuai kan kebutuhan masing 2 dengan kombinasi ... karena setiap teknisi punya teknik dan topologi jaringan berbeda2.... bisa dengan lebih simpel .... kayak

    chain=dst-nat src-address-list=klien action=masquerade .. ( klien = list ip allowed )
    kurang ... tinggal di tambahin mac filtering .. kurang lagi ... ya ditutup aja .... hueueheueu ... OOT sory

  15. #30
    Status
    Offline
    naga wulan's Avatar
    Member
    Join Date
    Jan 2010
    Location
    Bandoeng
    Posts
    205
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini juga ga bisa: ip fi fi add:chain forward src addres=ip klien src mac-addres=mac addres klien action drop

    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien

    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop
    add chain=forward src-address-list=!klien action=drop
    masih ada ip asing selain ip yang sudah di list, kalau ip tsb di torch ada paket yang masuk, dan kalau lan-nya di torch ip tsb jg tertangkap

    sudah coba yang ini: chain=srcnat src-address-list=klien action=masquerade --> ga bisa
    chain dicoba diganti sama yg ini : chain=dst-nat src-address-list=klien action=masquerade ada tulisan couldn't change NAT rule: dstnat chain can not contain masquarade snat action (6), knapa ya?

 

 
Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Gimana Blok IP diluar yang sudah ditentukan...
    By reical in forum Beginner Basics
    Replies: 5
    Last Post: 05-12-2010, 06:44
  2. ping dari server ke klien RTO( radio klien)
    By kokoksnusantara in forum Beginner Basics
    Replies: 1
    Last Post: 08-04-2010, 21:28
  3. Replies: 26
    Last Post: 17-09-2008, 18:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •