Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 3 of 3
  1. #1
    Status
    Offline
    NeoSaka's Avatar
    Baru Gabung
    Join Date
    Apr 2009
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    pptp client tidak bisa masuk ke lan lokal ketika menggunakan 2 isp

    permisi suhu2 di FMI, saya mo tanya dunk.
    saya pakai 2 buah koneksi fasnet yang digunakan untuk membedakan koneksi internet beberapa ip tertentu. untuk pembedaan koneksi sudah berjalan dengan baik.
    Yang jadi masalah adalah pptp client dari luar dapat terhubung dengan mikrotik pptp-server dan dapat melakukan ping ke ip lan mikrotik (10.0.0.50), tetapi tidak dapat melakukan ping ke ip lan yang lainnya. Padahal ketika tidak dilakukan pemisahan koneksi dari lan ke fasnet1/fasnet2 pptp-client dapat terhubung ke jaringan lan yang ada.

    gambar jaringannya kurang lebih seperti ini :
    Code:
    fasnet1---|                       |----lan1 (10.0.0.1-10.0.0.39)
              |---mikrotik---switch---|
    fasnet2---|                       |----lan2 (10.0.0.40-10.0.0.254)
    
    lan1 diseting agar menggunakan fasnet1
    lan2 diseting agar menggunakan fasnet2
    pptp-client diharapkan masuk dari fasnet1 dan bisa digunakan untuk remote koneksi ke lan1
    
    jaringan lan lokal : 10.0.0.0/24
    ini konfigurasi yang saya gunakan :
    firewall filter :
     

    Code:
     /ip firewall filter
     0   ;;; drop ssh brute forcers
         chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 
     1   ;;; dropping port scanners
         chain=input action=drop src-address-list=port_scanners 
     2   ;;; ssh check condition for brute force
         chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist 
         address-list-timeout=1w3d dst-port=22 
     3   chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 
         address-list-timeout=1m dst-port=22 
     4   chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 
         address-list-timeout=1m dst-port=22 
     5   chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 
     6   ;;; Port scanners to list
         chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port_scanners address-list-timeout=2w 
     7   ;;; NMAP FIN Stealth scan
         chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port_scanners address-list-timeout=2w 
     8   ;;; SYN/FIN scan
         chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port_scanners address-list-timeout=2w 
     9   ;;; SYN/RST scan
         chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port_scanners address-list-timeout=2w 
    10   ;;; FIN/PSH/URG scan
         chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list=port_scanners address-list-timeout=2w 
    11   ;;; ALL/ALL scan
         chain=input action=add-src-to-address-list tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port_scanners address-list-timeout=2w 
    12   ;;; NMAP NULL scan
         chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port_scanners address-list-timeout=2w 
    13   ;;; accept established connection packets
         chain=input action=accept connection-state=established 
    14   ;;; accept related connection packets
         chain=input action=accept connection-state=related 
    15   ;;; drop invalid packets
         chain=input action=drop connection-state=invalid


    firewall nat :
     

    Code:
    /ip firewall nat
     0   chain=srcnat action=masquerade out-interface=fasnet1 
     1   chain=srcnat action=masquerade out-interface=fasnet2


    firewall mangle :
     

    Code:
    /ip firewall mangle
     0  chain=input action=mark-connection new-connection-mark=fasnet1_connection passthrough=yes in-interface=fasnet1 
     1  chain=input action=mark-connection new-connection-mark=fasnet2_connection passthrough=yes in-interface=fasnet2 
     2  chain=output action=mark-routing new-routing-mark=to_fasnet1 passthrough=no connection-mark=fasnet1_connection 
     3  chain=output action=mark-routing new-routing-mark=to_fasnet2 passthrough=no connection-mark=fasnet2_connection 
     4  chain=prerouting action=mark-routing new-routing-mark=to_fasnet1 passthrough=no src-address=10.0.0.1-10.0.0.39
     5  chain=prerouting action=mark-routing new-routing-mark=to_fasnet2 passthrough=no src-address=10.0.0.40-10.0.0.250


    ip route :
     

    Code:
    /ip route
     0  S  dst-address=0.0.0.0/0 gateway=118.137.7.1 gateway-status=118.137.7.1 inactive distance=1 scope=30 target-scope=10 routing-mark=to_fasnet1
     1  S  dst-address=0.0.0.0/0 gateway=118.137.107.1 gateway-status=118.137.107.1 inactive distance=1 scope=30 target-scope=10 routing-mark=to_fasnet2
     2 ADS  dst-address=0.0.0.0/0 gateway=118.137.7.1 gateway-status=118.137.7.1 reachable fasnet1 distance=1 scope=30 target-scope=10
     3 ADS  dst-address=0.0.0.0/0 gateway=118.137.107.1 gateway-status=118.137.107.1 reachable fasnet2 distance=1 scope=30 target-scope=10
     4 ADC  dst-address=10.0.0.0/24 pref-src=10.0.0.50 gateway=lan gateway-status=lan reachable distance=0 scope=10 
     5 ADC  dst-address=118.137.7.0/24 pref-src=118.137.7.35 gateway=fasnet1 gateway-status=fasnet1 reachable distance=0 scope=10
     6 ADC  dst-address=118.137.107.0/24 pref-src=118.137.107.20 gateway=fasnet1 gateway-status=fasnet2 reachable distance=0 scope=10


    ip address :
     

    Code:
    /ip address
     0   address=10.0.0.50/24 network=10.0.0.0 broadcast=10.0.0.255 interface=lan actual-interface=lan 
     1 D address=118.137.7.35/24 network=118.137.7.0 broadcast=118.137.7.255 interface=fasnet1 actual-interface=fasnet1
     2 D address=118.137.107.20/24 network=118.137.107.0 broadcast=118.137.107.255 interface=fasnet2 actual-interface=fasnet2


    ppp profile dan secret :
     

    Code:
    /ppp profile pr det
     0 name="svtpoe" local-address=10.20.30.1 remote-address=MyPool use-compression=yes use-vj-compression=yes use-encryption=yes only-one=yes change-tcp-mss=yes
    /ppp secret pr det
     0   name="saka" service=pptp caller-id="" password="password" profile=svtpoe local-address=10.20.30.1 remote-address=10.20.30.2 routes="" limit-bytes-in=0 limit-bytes-out=0


    kira2 apa yang harus saya tambahkan/ubah agar pptp-client dapat terhubung dengan jaringan lan Click here to enlarge
    Last edited by NeoSaka; 10-03-2011 at 13:00.

  2. #2
    Status
    Offline
    NeoSaka's Avatar
    Baru Gabung
    Join Date
    Apr 2009
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    argh pusing masih mentok juga, pptp-client ga bisa konek ke lan lokal Click here to enlargeClick here to enlarge

  3. #3
    Status
    Offline
    ndasjowo's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Boyolali - Solo - Sragen
    Posts
    267
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tambahkan ini coba gan ->
    Code:
    /ip fi na dst-address=10.0.0.50/24 out-int=lan action=masquerade;
    /ip rou ru dst-address=10.0.0.50/24 look-up=main;

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 31-12-2010, 18:26
  2. bandwidth drop ketika menggunakan mikrotik
    By aradea in forum General Networking
    Replies: 11
    Last Post: 03-06-2009, 01:55
  3. Replies: 0
    Last Post: 29-03-2009, 01:00
  4. Replies: 8
    Last Post: 08-11-2008, 09:02
  5. Help! YM tidak bisa masuk room.
    By chepoek in forum General Networking
    Replies: 0
    Last Post: 19-02-2008, 21:25

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •