Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
  1. #1
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Trik sederhana untuk RTRWnet BLOK IP selain IP klien yang sudah terdaftar

    Assalamu’alaikum wr.wb...
    Menjelang berbuka puasa saya mencoba share trik sederhana ini, di tujukan untuk para newbie2 seperti saya yang sedang berusaha belajar dan mendalami mikrotik melalui FMI tercinta ini... Click here to enlarge Untuk yang sudah para master mohon koreksi dan bimbingannya.. Click here to enlarge

    Trik ini saya pakai di RTRW net yang bertujuan untuk memblok IP ilegal ( IP selain klien saya ) masuk ke dalam jaringan. Sehingga hanya IP yang terdaftar aja yang bisa masuk dan akses internet ke RTRW net.

    Untuk settingan lainnya tidak saya bahas karena pasti puanjang banget, saya hanya pada intinya saja, monggo langsung aja ... Click here to enlarge

    1. Buat rule jump target :
    /ip firewall filter
    add chain=input src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked
    add chain=output src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=jump jump-target=blocked

    2. Buat daftar IP yang di ijinkan akses di IP-Firewall-Adress list
    /ip firewall address-list
    add address=192.168.1.1 comment="" disabled=no list=klien
    add address=192.168.1.2 comment="" disabled=no list=klien
    add address=192.168.1.3 comment="" disabled=no list=klien
    add address=192.168.1.4 comment="" disabled=no list=klien
    add address=192.168.1.5 comment="" disabled=no list=klien

    dan seterusnya sampai di masukin semua IP klien yang terdaftar

    3. Buat rule di IP-Firewall-Filter untuk mengijinkan IP yang sudah terdaftar
    /ip firewall filter
    add chain=blocked protocol=udp src-address-list=klien action=accept
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=klien action=accept
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=klien action=accept

    4. Buat rule untuk Blok IP selain IP klien yang sudah terdaftar
    /ip firewall filter
    add chain=blocked src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=add-src-to-address-list address-list=src-not-whitelist address-list-timeout=1d
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 src-address-list=!klien action=drop
    add chain=forward src-address=0.0.0.0/0 dst-address=0.0.0.0/0 dst-address-list=!klien action=drop

    Selesai deh............... Click here to enlarge
    Dah cukup sekian dulu, mudah2an bermanfaat & berguna buat para newbie....
    Mohon koreksi & bimbingannya buat para master..

    Hatur nuhun

  2. The Following 7 Users Say Thank You to cikruk21 For This Useful Post:


  3. #2
    Status
    Offline
    dencow's Avatar
    Forum Guru
    Join Date
    Jan 2008
    Posts
    1,728
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    apa ga terlalu muter muter ya?
    bisa disederhanakan seperti ini:

    Code:
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    
    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop 
    add chain=forward src-address-list=!klien action=drop

    CMIIW, maklum saya masih nubie...

  4. The Following 4 Users Say Thank You to dencow For This Useful Post:


  5. #3
    Status
    Offline
    junkist's Avatar
    Member
    Join Date
    Jul 2009
    Posts
    130
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge

    CMIIW, maklum saya masih nubie...
    sama mas......Click here to enlarge

  6. #4
    Status
    Offline
    cank ole's Avatar
    Member
    Join Date
    Apr 2010
    Posts
    144
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nice share omClick here to enlargeClick here to enlarge

  7. #5
    Status
    Offline
    supermanVSspiderman's Avatar
    Member
    Join Date
    Jun 2010
    Posts
    121
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    apa ga terlalu muter muter ya?
    CMIIW, maklum saya masih nubie...
    bisa pake yg ini

    add chain=forward src-mac-address=00:1D:72:20:E8:1E action=drop comment="maling bandwith"

  8. #6
    Status
    Offline
    cikruk21's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    65
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    apa ga terlalu muter muter ya?
    bisa disederhanakan seperti ini:

    Code:
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    
    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop 
    add chain=forward src-address-list=!klien action=drop

    CMIIW, maklum saya masih nubie...
    ohh bisa pake rumus sederhana itu to gan....
    ta' coba dulu gan ,,, Click here to enlarge

  9. #7
    Status
    Offline
    alaska's Avatar
    Newbie
    Join Date
    Mar 2010
    Posts
    33
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    saya masih newbi nih klo urusannya wireless, mau tanya

    gimana ya klo user yg nakal menggunakan mac cloning, saya masih bingung nih nanganin maling yg nakal kaya gini.

    di LAN (kabel) saya biasanya ARP nya saya bikin statik, jadi IP ini hanya untuk mac yg ini, tapi tetep aja ada maling yg bisa masuk dengan mengcloning ip dan mac user saya

    mohon pencerahannya

  10. #8
    Status
    Offline
    dencow's Avatar
    Forum Guru
    Join Date
    Jan 2008
    Posts
    1,728
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by alaska Click here to enlarge
    saya masih newbi nih klo urusannya wireless, mau tanya

    gimana ya klo user yg nakal menggunakan mac cloning, saya masih bingung nih nanganin maling yg nakal kaya gini.

    di LAN (kabel) saya biasanya ARP nya saya bikin statik, jadi IP ini hanya untuk mac yg ini, tapi tetep aja ada maling yg bisa masuk dengan mengcloning ip dan mac user saya

    mohon pencerahannya
    bagaimana bila dibikin tiap klien harus login pakai pptp atau authentikasi yang lain sebelum bisa masuk jaringan Click here to enlarge

  11. #9
    Status
    Offline
    klontong's Avatar
    Member
    Join Date
    Jul 2010
    Location
    Bekasi - Timur
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    bagaimana bila dibikin tiap klien harus login pakai pptp atau authentikasi yang lain sebelum bisa masuk jaringan Click here to enlarge


    kl pk pptp b'arti smua radio client kudu pk MT yea gan apa bisa jg g pk radio yg ada MTnya,mklum ane nubie bgt gan, teye agan !!!

  12. #10
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by supermanVSspiderman Click here to enlarge
    bisa pake yg ini

    add chain=forward src-mac-address=00:1D:72:20:E8:1E action=drop comment="maling bandwith"
    kalo yang nge clone mac address nya gimana? masuk juga kan heheheheh,
    kalo keamanan ini hanya di router aja berarti ndak bisa internetan, tapi kalo keamanan mac di gunakan di wirelless, ada dua mac address sama, bikin pening kepala,
    Last edited by panji; 19-08-2010 at 05:21.

  13. #11
    Status
    Offline
    oscark007's Avatar
    Member
    Join Date
    Jul 2010
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    entar aku coba ..

  14. #12
    Status
    Offline
    rerenet's Avatar
    Member
    Join Date
    Feb 2010
    Location
    jaktim
    Posts
    242
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bagaimana kl yg di list IP dan MAC nya gmn setingannya...maksudnya wl ada yg ganti IP tp kl ga sama MAC ga bisa konek jd harus sama IP dan MAC nya

  15. #13
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    apa ga terlalu muter muter ya?
    bisa disederhanakan seperti ini:

    Code:
    /ip firewall address-list
    add address=192.168.1.1 disabled=no list=klien
    add address=192.168.1.2 disabled=no list=klien
    add address=192.168.1.3 disabled=no list=klien
    add address=192.168.1.4 disabled=no list=klien
    add address=192.168.1.5 disabled=no list=klien
    
    /ip firewall filter
    add chain=input dst-address-list=!klien action=drop 
    add chain=forward src-address-list=!klien action=drop
    CMIIW, maklum saya masih nubie...
    sesederhana mungkin hehehe
    /ip firewall address-list
    add address=192.168.1.0/24 disabled=no list=ip-klien

    /ip firewall filter
    add chain=input dst-address-list=!ip-klien action=drop
    add chain=forward src-address-list=!ip-klien action=drop

    sama-sama newbieClick here to enlarge

  16. #14
    Status
    Offline
    wie_chang81's Avatar
    Member
    Join Date
    Sep 2009
    Location
    riau
    Posts
    255
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    bagaimana bila dibikin tiap klien harus login pakai pptp atau authentikasi yang lain sebelum bisa masuk jaringan Click here to enlarge
    setubuh Click here to enlargeClick here to enlarge

  17. #15
    Status
    Offline
    ardysolo's Avatar
    Newbie
    Join Date
    Feb 2010
    Posts
    67
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 3 users browsing this thread. (0 members and 3 guests)

Similar Threads

  1. Gimana Blok IP diluar yang sudah ditentukan...
    By reical in forum Beginner Basics
    Replies: 5
    Last Post: 05-12-2010, 06:44
  2. ping dari server ke klien RTO( radio klien)
    By kokoksnusantara in forum Beginner Basics
    Replies: 1
    Last Post: 08-04-2010, 21:28
  3. Replies: 26
    Last Post: 17-09-2008, 18:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •