Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    donnyitsme's Avatar
    Baru Gabung
    Join Date
    Mar 2013
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question [ASK] firewall disetting drop untuk ICMP tapi kenapa masih tembus ?

    Assalaamu'alaikum ..

    akang-akang, mau nanya dong, Click here to enlarge

    ana kan udah setting firewal filter untuk blokir (action=drop) untuk protokol ICMP, maksudnya untuk blokir "ping" gitu, yang udah ana setting sih bgini :

    >_
    ;;; Test Firewall
    chain=forward action=drop protocol=icmp dst-address=192.168.20.1


    tapi kok setelah dites ngeping ke ip 192.168.20.1 kok masih bisa ngereply yah ??
    apa mungkin ana yang salah command atau gimana gitu ??
    mohon bantuannya yaa Click here to enlarge

  2. #2
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau yg ngeping masih satu subnet, tentu aja reply. Kalau beda subnet, rule tsb berlaku. Lihat aja di stat nya, jalan gak?
    Gunakan FreeRadius sebagai pengganti user manager

  3. #3
    Status
    Offline
    donnyitsme's Avatar
    Baru Gabung
    Join Date
    Mar 2013
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    kalau yg ngeping masih satu subnet, tentu aja reply. Kalau beda subnet, rule tsb berlaku. Lihat aja di stat nya, jalan gak?
    Ooowh, iyaa emang ngetesnya masih satu subnet sih, baru tau ana rulenya berlaku kalo beda subnet yah, hmm ..
    maksudnya stat nya, lihat dimananya ?? di stat interfacenya ?

  4. #4
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donnyitsme Click here to enlarge
    Ooowh, iyaa emang ngetesnya masih satu subnet sih, baru tau ana rulenya berlaku kalo beda subnet yah, hmm ..
    maksudnya stat nya, lihat dimananya ?? di stat interfacenya ?
    double klik di rule nya. liat di tab statistics, kalau ada packet, brarti rule tersebut jalan.
    Gunakan FreeRadius sebagai pengganti user manager

  5. The Following User Says Thank You to pos_ronda For This Useful Post:


  6. #5
    Status
    Offline
    ferrycupu's Avatar
    Member Super Senior
    Join Date
    Jan 2009
    Location
    Jakarta
    Posts
    564
    Reviews
    Read 0 Reviews
    Downloads
    8
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donnyitsme Click here to enlarge
    Assalaamu'alaikum ..

    akang-akang, mau nanya dong, Click here to enlarge

    ana kan udah setting firewal filter untuk blokir (action=drop) untuk protokol ICMP, maksudnya untuk blokir "ping" gitu, yang udah ana setting sih bgini :

    >_
    ;;; Test Firewall
    chain=forward action=drop protocol=icmp dst-address=192.168.20.1


    tapi kok setelah dites ngeping ke ip 192.168.20.1 kok masih bisa ngereply yah ??
    apa mungkin ana yang salah command atau gimana gitu ??
    mohon bantuannya yaa Click here to enlarge
    perlu di pelajari juga fungsi-fungsi "chain" biar tau kapan harus pake forward/input/output

  7. #6
    Status
    Offline
    donnyitsme's Avatar
    Baru Gabung
    Join Date
    Mar 2013
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ferrycupu Click here to enlarge
    perlu di pelajari juga fungsi-fungsi "chain" biar tau kapan harus pake forward/input/output
    Waah, Alhamdulillah, makasih makasih nih diingetin, ternyata baru nyaadaar klo mau kayak gitu ngetesnya harusnya chainnya bukan forward tapi input yaah ..
    baru bisa nih eksperimen Click here to enlarge

    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    double klik di rule nya. liat di tab statistics, kalau ada packet, brarti rule tersebut jalan.
    iyaa keliatan tuh ada paket yang jalan, Makasih yaa akang-akang Click here to enlarge
    Last edited by donnyitsme; 25-04-2013 at 15:39.

  8. #7
    Status
    Offline
    ferrycupu's Avatar
    Member Super Senior
    Join Date
    Jan 2009
    Location
    Jakarta
    Posts
    564
    Reviews
    Read 0 Reviews
    Downloads
    8
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donnyitsme Click here to enlarge
    Waah, Alhamdulillah, makasih makasih nih diingetin, ternyata baru nyaadaar klo mau kayak gitu ngetesnya harusnya chainnya bukan forward tapi input yaah ..
    baru bisa nih eksperimen Click here to enlarge

    iyaa keliatan tuh ada paket yang jalan, Makasih yaa akang-akang Click here to enlarge
    budaya kan "thanks" Click here to enlarge
    kl memang membantu....

  9. The Following 2 Users Say Thank You to ferrycupu For This Useful Post:


  10. #8
    Status
    Offline
    adh1et's Avatar
    Member Senior
    Join Date
    Jul 2010
    Posts
    341
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    input : yg luar ke mikrotik
    output : dari mikrotik ke luar
    forward : dari luar ke luar (numpang lewat doang di mikrotik)

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Firewall Filter drop tidak bekerja
    By akasia56 in forum Scripting @ Mikrotik
    Replies: 7
    Last Post: 07-06-2012, 16:34
  2. Replies: 8
    Last Post: 26-07-2011, 10:45
  3. boss untuk 20km pake 64mW tembus gak?
    By Devilion in forum Wireless Networking
    Replies: 22
    Last Post: 20-08-2010, 01:18
  4. modem sudah di ganti tapi masih saja suka DC
    By goez in forum General Networking
    Replies: 14
    Last Post: 22-11-2009, 11:22
  5. blok p2p di mikrotik 2.9.50 masih tembus
    By awarmanf in forum Beginner Basics
    Replies: 4
    Last Post: 30-04-2009, 06:26

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •