Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0

    perbedaan redirect sm dstnat port dns

    mau tanya rekan2 semua,moga2 aja gak repost n ada yg bantu jwb.kalo slh room tlng dipindah ya om momod.

    Code:
    /ip fi na
    chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Lokal dst-port=53 disabled=no
    chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Lokal dst-port=53 disabled=no
    Code:
    /ip fi na
    chain=dstnat dst-port=53 protocol=udp action=redirect to-ports=53 disabled=no
    chain=dstnat dst-port=53 protocol=tcp action=redirect to-ports=53 disabled=no
    perbedaanya apa ya?resolvenya lbh cpt yg mn?
    atas jawabna sy ucapkan thx Click here to enlarge

  2. #2
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sebenernya sama antara redirect dan dst-nat
    sama2 bertujuan merubah destinasi

    bedanya redirect digunakan tanpa dst-address , hanya menggunakan to-port
    kalo di logikakan tujuan redirect adalah membelokan langsung ke local process itu sendiri, dengan kata lain traffic akan masuk ke chain=input

    sedangkan dst-nat digunakan jika kita ingin membelokan ke suatu host / ip tertentu , dengan kata lain traffic akan di lewatkan melalui chain=forward

    sebagai ilustrasi perhatingan firewall nat berikut
    Code:
    # Misal Gateway client / ip interface mikrotik = 192.168.1.1 , traffic dns ingin kita belokkan ke ip bind9(dns server pada mesin linux) 192.168.100.1
    /ip firewall nat
    add chain=dstnat in-interface=LAN protocol=udp dst-port=53 action=dstnat to-address=192.168.100.1 to-port=53
    
    # Jika kita ingin melakukan transparent dns ke mikrotik (dns server pada mikrotik itu sendiri)
    /ip firewall nat
    add chain=dstnat in-interface=LAN protocol=udp dst-port=53 to-port=53 action=redirect
    
    penulisan nat diatas bisa saja di buat seperti ini dengan action=dst-nat
    /ip firewall nat
    add chain=dstnat in-interface=LAN protocol=udp dst-port=53 to-port=53 action=dstnat to-address=192.168.1.1
    Click here to enlargeClick here to enlargeClick here to enlarge
    Last edited by adiputrolds; 11-06-2011 at 17:15.

  3. The Following 2 Users Say Thank You to adiputrolds For This Useful Post:


  4. #3
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    @ electrix_85
    thx bro penjelasane,brti bisa diasumsikan(untuk newbie) kalo menggunakan dstnat harus ada in-interface nya dan kalo redirect bisa tidak menggunakan in-interface gitu ya?

  5. #4
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    @ electrix_85
    thx bro penjelasane,brti bisa diasumsikan(untuk newbie) kalo menggunakan dstnat harus ada in-interface nya dan kalo redirect bisa tidak menggunakan in-interface gitu ya?
    bukan seperti itu penggunaan src-address / src-address-list / in-interface berhubungan dengan flow traffic
    agar kita bisa menentukan pada interface mana atau src-address yang mana kita ingin melakukan re-direction

    setiap traffic yang masuk melalui interface mikrotik akan melewati chain=prerouting , table D-NAT ada pada chain=prerouting ini
    D-NAT = dst-nat ataupun redirect

    coba perhatikan " CODE " diatas
    baik redirect maupun dst-nat menggunakan in-interface=LAN
    jadi bukan karena redirect perlu atau tidak menggunakan in-interface
    penggunaan in-interface ataupun src-address itu wajib hukum nya
    agar mikrotik bisa bertindak pintar , traffic dari interface mana yang perlu dilakukan redirection
    jika tanpa src-address atau in-interface , process redirection terjadi pada semua interface , baik LAN , hotspot , Proxy , dan juga WAN ( menyebabkan open port dari luar jaringan Lokal )


    OM MOMOD Thanked count saya kok berkurang terus ya ?
    Last edited by adiputrolds; 11-06-2011 at 13:22.

  6. The Following 5 Users Say Thank You to adiputrolds For This Useful Post:


  7. #5
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    weeewwww....penjelasane manteb abis bro,di baca bolak balik akhire mudeng jg,thx ya bro,electrix_85 Click here to enlarge

  8. #6
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    weeewwww....penjelasane manteb abis bro,di baca bolak balik akhire mudeng jg,thx ya bro,electrix_85 Click here to enlarge
    wah hebat cepet nangkep nya Click here to enlargeClick here to enlarge

  9. #7
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    OM MOMOD Thanked count saya kok berkurang terus ya ?
    kali aja di remove gan.. ato postnya di hapus
    ta tambahin 1 dah.. Click here to enlarge

  10. #8
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    wah hebat cepet nangkep nya Click here to enlargeClick here to enlarge
    bukan cepet nangkepnya tp cepet pusingnya wekekekekeke,
    se x lg thx ya bro electrix_85, ini mau dipraktekan dl,spa tau ntar tmbh pusingnya Click here to enlarge

  11. #9
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    kali aja di remove gan.. ato postnya di hapus
    ta tambahin 1 dah.. Click here to enlarge
    hahahahha bisa aja si Anto neh

    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    bukan cepet nangkepnya tp cepet pusingnya wekekekekeke,
    se x lg thx ya bro electrix_85, ini mau dipraktekan dl,spa tau ntar tmbh pusingnya Click here to enlarge
    wekekeke
    yups silahkan experiment
    banyak2 dech trial error biar banyak tau sifat mikrotik

  12. The Following User Says Thank You to adiputrolds For This Useful Post:


 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Redirect Port 25 ke 587
    By eleven09 in forum General Networking
    Replies: 3
    Last Post: 20-06-2011, 21:26
  2. Script untuk dstnat (proxy transparent) dengan 3 target
    By awarmanf in forum Scripting @ Mikrotik
    Replies: 1
    Last Post: 22-02-2010, 23:58
  3. (ask) cara redirect dstnat dari MT ke squidbox
    By sum14rdi in forum General Networking
    Replies: 15
    Last Post: 17-11-2008, 13:04
  4. <ASK>Penggabungan routing mark dan redirect port
    By pionkerton in forum General Networking
    Replies: 1
    Last Post: 31-07-2008, 13:56
  5. <ask> ttg redirect port 80
    By john_0ng80 in forum Beginner Basics
    Replies: 1
    Last Post: 18-12-2007, 09:26

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •