Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 16 to 30 of 62
  1. #16
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    @bung [a] gimana nich saran bung [a] solusinya..... he he he apa memang engga bisa seperti itu ya... Click here to enlargeClick here to enlarge atau ikut lagunya ebiet GAD aja dech... Tanyakan pada rumput....yang..... ke ke ke Click here to enlarge

  2. #17
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @semua
    coba nat mangle nya di share sini sapa tau ada yg salah ^^.
    kalo 2 gateway.... itu udah di masquerade?? soalnya ku baca2 load balancing:
    This thing is not going to work, unless you do masquerading for your LAN! The simplest way to do it is by adding one NAT rule for Src. Address 192.168.100.0/24 and Action masquerade:
    Click here to enlarge

  3. #18
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ini ada loadbalancing script (hasil modifikasian) ^^.
    Code:
    / ip address
    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local 
    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2
    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1
    Code:
    /ip fire mangle
    (untuk exe file)
    add chain=prerouting src-address-list=exefile in-interface=Local action=mark-connection new-connection-mark=exefile passthrough=yes 
    add chain=prerouting src-address-list=exefile in-interface=Local action=mark-routing new-routing-mark=exefile passthrough=no
    add chain=prerouting in-interface=Local content=application/octet-stream action=mark-connection new-connection-mark=exefile passthrough=yes
    add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=exefile address-list-timeout=1d connection-mark=exefile passthrough=yes 
    add chain=prerouting in-interface=Local connection-mark=exefile action=mark-routing new-routing-mark=exefile passthrough=no
    
    (untuk tipe jpg)
    add chain=prerouting src-address-list=otherexe in-interface=Local action=mark-connection new-connection-mark=otherexe passthrough=yes 
    add chain=prerouting src-address-list=otherexe in-interface=Local action=mark-routing new-routing-mark=otherexe passthrough=no
    add chain=prerouting in-interface=Local content=image/jpeg action=mark-connection new-connection-mark=otherexe passthrough=yes
    add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=otherexe address-list-timeout=1d connection-mark=otherexe passthrough=yes 
    add chain=prerouting in-interface=Local connection-mark=otherexe action=mark-routing new-routing-mark=otherexe passthrough=no
    Code:
     ip firewall nat
    add chain=srcnat connection-mark=exefile action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 
    add chain=srcnat connection-mark=otherexe action=src-nat to-addresses=10.112.0.2 to-ports=0-65535
    Code:
    / ip route
    (untuk merouting exe dan jpeg)
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=exefile
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=otherexe
    (untuk merouting paket laen)
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10
    coba dulu deh... kl ga bisa post laporanm, kalo bisa juga post laporannya ke sini yah jgn ke forum laen ^^.
    Last edited by okto_2005; 26-07-2007 at 16:39.

  4. The Following 2 Users Say Thank You to okto_2005 For This Useful Post:


  5. #19
    Status
    Offline
    reel's Avatar
    Baru Gabung
    Join Date
    Jul 2007
    Posts
    11
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @bung okto

    cool! sayang ilmunya ku belum sampe kesana Click here to enlarge

  6. #20
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    @bung [a] gimana nich saran bung [a] solusinya..... he he he apa memang engga bisa seperti itu ya... Click here to enlargeClick here to enlarge atau ikut lagunya ebiet GAD aja dech... Tanyakan pada rumput....yang..... ke ke ke Click here to enlarge

    bro....gua baru cuma nyobain di sisi manglenya doang tuhhClick here to enlarge



    klo untuk routingnya blum sempet nyobain....apa yg gua kasih itu atau yg dari bro daniel ga ada yang nyangkut ??


  7. #21
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    @bung okto_2005.... address list nya dari mana yach.. atau hasil dari mangle nya bung [a] atau gimana ?
    maaf soalnya newbie ... jadi gak tau...

    terima kasihClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  8. #22
    Status
    Offline
    daniel's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    31
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by [a] Click here to enlarge
    bro....gua baru cuma nyobain di sisi manglenya doang tuhhClick here to enlarge



    klo untuk routingnya blum sempet nyobain....apa yg gua kasih itu atau yg dari bro daniel ga ada yang nyangkut ??
    Keliatannya lebih mantab punyanya bang Okto deh.

    Jadi dibuat dulu conn-mark nya baru di routing mark.

    cuman untuk nat nya,.. ngga gitu paham aku. kenapa mesti src-nat dan bukan masq?


    thanks bung okto! nice sharing!

  9. #23
    Status
    Offline
    daniel's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    31
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    @bung okto_2005.... address list nya dari mana yach.. atau hasil dari mangle nya bung [a] atau gimana ?
    maaf soalnya newbie ... jadi gak tau...

    terima kasihClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge
    address list nya dibuat secara dinamis/otomatis Click here to enlarge

  10. #24
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by daniel Click here to enlarge
    address list nya dibuat secara dinamis/otomatis Click here to enlarge
    boss Daniel,

    Kalo' addresslist secara dinamic, bisa ndak remote listnya setelah connections ndak established ? lewat script gitu...
    Terima kasih.

    hakeem

  11. #25
    Status
    Offline
    daniel's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    31
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by hakeem Click here to enlarge
    boss Daniel,

    Kalo' addresslist secara dinamic, bisa ndak remote listnya setelah connections ndak established ? lewat script gitu...
    Terima kasih.

    hakeem
    kalo address-list-timeout=1d nya di buang saja gmn?

    keliatanya bang hakeem ini lebih jago deh. Click here to enlarge


    ayo dong di share sekalian. Click here to enlarge

  12. #26
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    sudah diberi pencerahan dan tutorial sama bung hakeem ... tapi emang namanya newbie ... Click here to enlarge( ampun dech... masih gak bisa... Click here to enlargeClick here to enlarge...harus berguru lagi sama senior semua l..... Click here to enlarge

  13. #27
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    sudah diberi pencerahan dan tutorial sama bung hakeem ... tapi emang namanya newbie ... Click here to enlarge( ampun dech... masih gak bisa... Click here to enlargeClick here to enlarge...harus berguru lagi sama senior semua l..... Click here to enlarge
    pantang nyerah bro....Click here to enlarge


  14. #28
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dibuat 1s juga ga masalah kok ^^. palingan nongol lagi ip clientnya. heh.

    masquerade harusnya gpp sih ^^. tapi teknisi providernya bilang NAT nya enakan pake srcnat-dstnat drpada masquearade. ga tau deh da pernah coba yg ini ^^.

    barusan gue post ke forum pusat dapet balesan kaya gini:

    If you want to catch .exe files you should use application/x-msdos-program

    But I believe that it is not possible to correctly redirect exe or other files.

    add chain=prerouting in-interface=Local content=application/octet-stream action=mark-connection new-connection-mark=exefile passthrough=yes
    Rule above marks already established connection, but through /ip firewall NAT goes only new connections. It means that it probably won't work
    Last edited by okto_2005; 27-07-2007 at 23:25.

  15. #29
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    sudah diberi pencerahan dan tutorial sama bung hakeem ... tapi emang namanya newbie ... Click here to enlarge( ampun dech... masih gak bisa... Click here to enlargeClick here to enlarge...harus berguru lagi sama senior semua l..... Click here to enlarge
    bung lonthong,

    Ada yg kurang tuh "contekannya"........cek lagi dong.
    huehehehehehe........

    Click here to enlarge

    hakeem

  16. #30
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by daniel Click here to enlarge
    kalo address-list-timeout=1d nya di buang saja gmn?

    keliatanya bang hakeem ini lebih jago deh. Click here to enlarge


    ayo dong di share sekalian. Click here to enlarge
    kekekekekeke....
    Gue newbie bgt....Click here to enlarge
    Gak terpikir kalo' ndak bung lonthong yg rekuest ..Click here to enlarge

    caranya :
    1. filter trafficnya yg lewat dengan data > dari 1024000 byte, actionnya record as srcaddress list dinamic
    2. Mangle dah mark-routing yg addresslistnya udah ter-record dinamic itu
    3. tambahin di route-nya ke gateway satunya, untuk pindah jalur gateway yg di mark-routing.
    4. udeh deh, semua traffic yg > dari 1024000 byte pindah pas donlot.

    Tapi ini ada masalah baru,
    1. hasil dari dinamic addrestlist tadi ndak bisa autoremove setelah koneksi ndak established.
    2. Kalo' dinamic addresslistnya di buat timeout dalam 1 jam,...dalam 1 jam dinamic addresslist akan remove sendiri. Tapi kalo' donlot lom selesai udah timeout addresslistnya...pedot deh koneksinya.

    Pertanyaannya,
    Gimana caranya remove dinamic addresslist kalo' koneksinya udah ndak established ??

    Mohon bantuannya suhu semua.

    BR,
    hakeem

 

 
Page 2 of 5 FirstFirst 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •