Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    tidak bisa access IP Publik dari Internet dengan load balancing PCC

    malam kakak mau tanya donk, saya sudah mengaktifkan LB menggunakan PCC dengan 2 IP Public tapi kenapa ke 2 ip tersebut gak bisa di di ping dari Internet dan access Winbox pun gak bisa hanya bisa di ping dari lokal saja untuk LBnya sudah berjalan. berikut settingan di manglenya

    /ip address
    add address=172.16.201.4/29 network=172.16.201.0 broadcast=172.16.201.7 interface=LAN
    add address=180.xxx.xxx.34/29 network=180.xxx.xxx.32 broadcast=180.xxx.xxx.39 interface=TELKOM
    add address=202.xxx.xxx154/29 network=202.xxx.xxx.152 broadcast=202.xxx.xxx.159 interface=LINTASARTA

    /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8, 8.8.4.4

    0 ;;; Load Balancing With PCC
    chain=input action=mark-connection new-connection-mark=TELKOM_conn passthrough=yes in-interface=TELKOM

    1 chain=input action=mark-connection new-connection-mark=LINTASARTA_conn passthrough=yes in-interface=LINTASARTA

    2 chain=output action=mark-routing new-routing-mark=to_TELKOM passthrough=no connection-mark=TELKOM_conn

    3 chain=output action=mark-routing new-routing-mark=to_LINTASARTA passthrough=no connection-mark=LINTASARTA_conn

    4 chain=prerouting action=accept dst-address=202.xxx.xxx.152/29 in-interface=LAN

    5 chain=prerouting action=accept dst-address=180.xxx.xxx.32/29 in-interface=LAN

    6 chain=prerouting action=mark-connection new-connection-mark=TELKOM_conn passthrough=yes dst-address-type=!local in-interface=LAN
    per-connection-classifier=both-addresses-and-ports:2/0

    7 chain=prerouting action=mark-connection new-connection-mark=LINTASARTA_conn passthrough=yes dst-address-type=!local in-interface=LAN
    per-connection-classifier=both-addresses-and-ports:2/1

    8 chain=prerouting action=mark-routing new-routing-mark=to_TELKOM passthrough=yes in-interface=LAN connection-mark=TELKOM_conn

    9 chain=prerouting action=mark-routing new-routing-mark=to_LINTASARTA passthrough=yes in-interface=LAN connection-mark=LINTASARTA_conn

    /ip route
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 routing-mark=to_TELKOM distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 routing-mark=to_LINTASARTA distance=2 check-gateway=ping

    /ip firewall nat
    add chain=srcnat out-interface=TELKOM action=masquerade
    add chain=srcnat out-interface=LINTASARTA action=masquerade

    sudah coba test di ip firewall filter icmp dan port 8291 masih gak bisa juga... mohon untuk pencerahannya donk

    Click here to enlarge

  2. #2
    Status
    Offline
    Noeg Waskito's Avatar
    Member Senior
    Join Date
    Aug 2012
    Location
    Jogja
    Posts
    405
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    kalau saya main LB,cuman gini aja
    Click here to enlarge

  3. #3
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ada yang salahkan dari konfigurasi saya yang menyebabkan IP Public gak bisa di access ping,winbox, dan telnet.

  4. #4
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Please bantu donk.... Click here to enlarge

  5. #5
    Status
    Offline
    yohanexz's Avatar
    Member Super Senior
    Join Date
    Sep 2010
    Location
    Rawamangun, Jakarta
    Posts
    613
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    1
    Feedback Score
    0
    ip pablic atau bukan yaa. ( static atau dinamik IP )
    kl pake modem jadiin bridge mode aja, jadiin yang dial di mikrotiknya aja. selama ini lancar aja. yang pasti ip route mu bener aja priority nya. mana yang bisa di remote. harusnya ga pake neko neko jiga bisa ke baca di publik. gampang koo

  6. #6
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    Please bantu donk.... Click here to enlarge
    coba chain=input diganti prerouting.

  7. #7
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yohanexz Click here to enlarge
    ip pablic atau bukan yaa. ( static atau dinamik IP )
    kl pake modem jadiin bridge mode aja, jadiin yang dial di mikrotiknya aja. selama ini lancar aja. yang pasti ip route mu bener aja priority nya. mana yang bisa di remote. harusnya ga pake neko neko jiga bisa ke baca di publik. gampang koo
    IP Public static range /29 baik dari telkom dan lintasarta sebelumnya menggunakan router cisco bisa di telnet dari internet tapi sekarang menggunakan RB gak bisa.

    coba chain=input diganti prerouting.
    sudah di coba rubah chain input menjadi prerouting masih belum bisa di telnet dan winbox dari internet.

  8. #8
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    IP Public static range /29 baik dari telkom dan lintasarta sebelumnya menggunakan router cisco bisa di telnet dari internet tapi sekarang menggunakan RB gak bisa.


    sudah di coba rubah chain input menjadi prerouting masih belum bisa di telnet dan winbox dari internet.
    firewall filter dan nat di non aktifkan dulu semuanya..
    Gunakan FreeRadius sebagai pengganti user manager

  9. #9
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    firewall filter dan nat di non aktifkan dulu semuanya..
    sudah di coba disable firewall filter dan Nat hanya sisa mangle untuk LB saja masih tidak bisa.

  10. #10
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    setelah otak atik ternyata karena menggunakan ip route dengan routing mark jika di pakai ip route tanya routing mark ping dan access dari IP WAN bisa. tapi kalau tidak pakai routing mark di ip route Load balancing tidak jalan... ada masukan supaya access dari wan bisa dan tidak mengganggu loadbalancingnya

  11. #11
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    setelah otak atik ternyata karena menggunakan ip route dengan routing mark jika di pakai ip route tanya routing mark ping dan access dari IP WAN bisa. tapi kalau tidak pakai routing mark di ip route Load balancing tidak jalan... ada masukan supaya access dari wan bisa dan tidak mengganggu loadbalancingnya
    coba distance nya diganti 1 semua..
    Gunakan FreeRadius sebagai pengganti user manager

  12. #12
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    coba distance nya diganti 1 semua..
    jika saya pasang distance defaultroute tanpa routing mark saya samakan 1 semua load balancing tidak jalan hanya 1 link saya yang jalan distance saya rubah jadi 10 juga sama saja. apa memang menggunakan pcc tidak bisa di access dari luar dengan menggunakan mangle di atas.

  13. #13
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    malam kakak mau tanya donk, saya sudah mengaktifkan LB menggunakan PCC dengan 2 IP Public tapi kenapa ke 2 ip tersebut gak bisa di di ping dari Internet dan access Winbox pun gak bisa hanya bisa di ping dari lokal saja untuk LBnya sudah berjalan. berikut settingan di manglenya
    ....
    /ip route
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 routing-mark=to_TELKOM distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 routing-mark=to_LINTASARTA distance=2 check-gateway=ping

    ....
    sudah coba test di ip firewall filter icmp dan port 8291 masih gak bisa juga... mohon untuk pencerahannya donk
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    jika saya pasang distance defaultroute tanpa routing mark saya samakan 1 semua load balancing tidak jalan hanya 1 link saya yang jalan distance saya rubah jadi 10 juga sama saja. apa memang menggunakan pcc tidak bisa di access dari luar dengan menggunakan mangle di atas.
    coba ip route diganti seperti ini.

    Code:
    / ip route
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 routing-mark=to_TELKOM check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 routing-mark=to_LINTASARTA check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 distance=2 check-gateway=ping

  14. #14
    Status
    Offline
    arditriantoro's Avatar
    Baru Gabung
    Join Date
    May 2013
    Posts
    8
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    coba ip route diganti seperti ini.

    Code:
    / ip route
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 routing-mark=to_TELKOM check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 routing-mark=to_LINTASARTA check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=180.xxx.xxx.33 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=202.xxx.xxx.153 distance=2 check-gateway=ping
    sudah saya coba di buat seperti perintah di atas traffic malah mengarah ke telkom trus trafficnya.
    saat ini saya desable lagi

    0 A S 0.0.0.0/0 180.xxx.xxx.33 1
    1 A S 0.0.0.0/0 202.xxx.xxx.153 1
    2 X S 0.0.0.0/0 180.xxx.xxx.33 1
    3 X S 0.0.0.0/0 202.xxx.xxx.153 2
    4 A S 117.xxx.xxx.137/32 180.xxx.xxx.33 10 ( sementara sudah bisa di remote bikin static route ke ip public yang di tuju.)
    5 S 117.xxx.xxx.137/32 202.xxx.xxx.153 20
    6 A S 118.xxx.xxx.204/32 180.xxx.xxx.33 10
    7 S 118.xxx.xxx.204/32 202.xxx.xxx.153 20

  15. #15
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arditriantoro Click here to enlarge
    sudah saya coba di buat seperti perintah di atas traffic malah mengarah ke telkom trus trafficnya.
    saat ini saya desable lagi

    0 A S 0.0.0.0/0 180.xxx.xxx.33 1
    1 A S 0.0.0.0/0 202.xxx.xxx.153 1
    2 X S 0.0.0.0/0 180.xxx.xxx.33 1
    3 X S 0.0.0.0/0 202.xxx.xxx.153 2
    4 A S 117.xxx.xxx.137/32 180.xxx.xxx.33 10 ( sementara sudah bisa di remote bikin static route ke ip public yang di tuju.)
    5 S 117.xxx.xxx.137/32 202.xxx.xxx.153 20
    6 A S 118.xxx.xxx.204/32 180.xxx.xxx.33 10
    7 S 118.xxx.xxx.204/32 202.xxx.xxx.153 20
    back to topic, dengan cara tersebut. bisa gak router diakses dari luar?
    Gunakan FreeRadius sebagai pengganti user manager

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 3 users browsing this thread. (0 members and 3 guests)

Similar Threads

  1. tidak bisa remote via winbox dari wan/internet
    By igum in forum Beginner Basics
    Replies: 9
    Last Post: 26-02-2013, 16:13
  2. Replies: 36
    Last Post: 15-10-2011, 13:52
  3. Replies: 7
    Last Post: 22-08-2011, 18:43
  4. setelah load balancing tidak bisa remote mikrotik
    By pentiumx in forum General Networking
    Replies: 9
    Last Post: 16-06-2009, 18:00
  5. <ask>IP publik tidak bisa di ping dari internet
    By pionkerton in forum General Networking
    Replies: 0
    Last Post: 11-08-2008, 14:56

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •