Mikrotik | Forum Mikrotik Indonesia   Mikrotik Manual Mikrotik iSPY Mikrotik RSS Feed
This Logo is a Courtesy from RumahDowty

Go Back   Mikrotik | Forum Mikrotik Indonesia > Diskusi Mikrotik RouterOS > General Networking
Reload this Page Memblok situs untuk 1 client
iSpy My iTrade Register FAQ Members List Calendar Mark Forums Read

Diskusi Memblok situs untuk 1 client pada General Networking | Mikrotik | Forum Mikrotik Indonesia : Hi All, Tolong bantuin saya bagaimana caranya agar client dgn IP tertentu hanya bisa mengakses ...


Official Board Announcements
NEW
Kunjungi Forum Diskusi PROXY Linux di FMI
donasi



 
Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools
  #1 (permalink)  
Old 20-06-2008, 12:45
zLay zLay is offline
Baru Gabung
  
Join Date: Jun 2008
Posts: 2
iTrader: (0)
Thanks: 0
Thanked 2 Times in 2 Posts
zLay is on a distinguished road
Memblok situs untuk 1 client



Hi All,

Tolong bantuin saya bagaimana caranya agar client dgn IP tertentu hanya bisa mengakses 1 website, tidak boleh ke website yg lain. untuk informasi saya menggunakan mikrotik hanya untuk router n dhcp server.

Thx b4

zLay

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to zLay For This Useful Post:
  #2 (permalink)  
Old 20-06-2008, 12:59
icmpreq icmpreq is offline
Newbie
  
Join Date: Sep 2007
Posts: 47
iTrader: (0)
Thanks: 1
Thanked 8 Times in 6 Posts
icmpreq is on a distinguished road
kalau client nya pake ip private, dan nat buat masquerade :
ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following 2 Users Say Thank You to icmpreq For This Useful Post:
  #3 (permalink)  
Old 20-06-2008, 19:52
Akangage's Avatar
Akangage Akangage is offline
Administrator
  
Join Date: Aug 2007
Location: Purwokerto
Posts: 3,553
iTrader: (0)
Thanks: 218
Thanked 3,286 Times in 561 Posts
Akangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond reputeAkangage has a reputation beyond repute
Send a message via Yahoo to Akangage
Quote:
Originally Posted by icmpreq View Post
kalau client nya pake ip private, dan nat buat masquerade :
ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
nice inpo Om

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following 2 Users Say Thank You to Akangage For This Useful Post:
  #4 (permalink)  
Old 23-06-2008, 14:39
zLay zLay is offline
Baru Gabung
  
Join Date: Jun 2008
Posts: 2
iTrader: (0)
Thanks: 0
Thanked 2 Times in 2 Posts
zLay is on a distinguished road
Skg udah bisa. Thanks ya kk..

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to zLay For This Useful Post:
  #5 (permalink)  
Old 29-06-2008, 18:52
nuxboy's Avatar
nuxboy nuxboy is offline
Newbie
  
Join Date: May 2008
Posts: 38
iTrader: (0)
Thanks: 7
Thanked 3 Times in 3 Posts
nuxboy is on a distinguished road
Quote:
Originally Posted by icmpreq View Post
kalau client nya pake ip private, dan nat buat masquerade :
ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
info bagus thanks Bro
lumayan rule ini bs dikombinasiin buat pelanggan atau pc yg khusus buat games jd gk bisa browsing kemana mana.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to nuxboy For This Useful Post:
  #6 (permalink)  
Old 02-07-2008, 21:54
134L4N9 134L4N9 is offline
Newbie
  
Join Date: Jul 2008
Posts: 21
iTrader: (0)
Thanks: 17
Thanked 1 Time in 1 Post
134L4N9 is on a distinguished road
Quote:
Originally Posted by icmpreq View Post
kalau client nya pake ip private, dan nat buat masquerade :
ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
punya saia kok blum bisa ya kk..???
untuk dst-address udah saia masukin ip nya yahoo.com (209.131.36.158) dan untuk konfigurasi yang lain sudah sama kayak script di atas. Tapi kok masih bisa bukan yang lain..??

mohon pencerahannya...

thx sebelumnya kk,..

Last edited by 134L4N9 : 02-07-2008 at 21:59.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 04-07-2008, 11:59
icmpreq icmpreq is offline
Newbie
  
Join Date: Sep 2007
Posts: 47
iTrader: (0)
Thanks: 1
Thanked 8 Times in 6 Posts
icmpreq is on a distinguished road
Quote:
Originally Posted by 134L4N9 View Post
punya saia kok blum bisa ya kk..???
untuk dst-address udah saia masukin ip nya yahoo.com (209.131.36.158) dan untuk konfigurasi yang lain sudah sama kayak script di atas. Tapi kok masih bisa bukan yang lain..??

mohon pencerahannya...

thx sebelumnya kk,..
tjoba paste disini config nat nya :

/ip fire nat exp

Last edited by icmpreq : 04-07-2008 at 12:01.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 31-10-2008, 17:39
kuraikun kuraikun is offline
Newbie
  
Join Date: Oct 2008
Posts: 23
iTrader: (0)
Thanks: 15
Thanked 0 Times in 0 Posts
kuraikun is on a distinguished road
aku juga ga bisa
di aku juga ga bisa KK.

ini script yang ada di bagian nat MT aku;

0 chain=srcnat src-address=192.168.0.2 dst-address=216.239.61.104
action=masquerade

1 ;;; share inet
chain=srcnat out-interface=Net action=masquerade

2 ;;; web-proxy
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128

tolong di bantu y KK

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 31-10-2008, 20:46
adiel.nopria's Avatar
adiel.nopria adiel.nopria is offline
Calon Member
  
Join Date: Sep 2007
Posts: 81
iTrader: (0)
Thanks: 1
Thanked 12 Times in 10 Posts
adiel.nopria is on a distinguished road
Bro, coba dari web proxynya dibuatin rule kyk gini:

rule izinkan ke yahoo:
- source address diisi IP traget, trus di URl nya diisi misalkan *.yahoo* action allow

Block Unconditional:
- source address: 0.0.0.0/0, action deny

trus juga cek ip dari Yahoo brp aja dan buatin rule di Firewall dengan action accept. jadi client ga akan bisa buka web selain Yahoo walaupun yg diinput di address bar itu IP address web lain.

gw terapin di kantor gw dan berjalan normal tuh.

maap klo kurang jelas...

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to adiel.nopria For This Useful Post:
  #10 (permalink)  
Old 06-11-2008, 12:27
kuraikun kuraikun is offline
Newbie
  
Join Date: Oct 2008
Posts: 23
iTrader: (0)
Thanks: 15
Thanked 0 Times in 0 Posts
kuraikun is on a distinguished road
hohohoho...senang nya....
terima kasih y KK...knapa ga kpikiran ya tadi nya. padahal saya ud pake rule web proxy untuk ngeblok situs" porno.
hahahahha.... sekali lagi terima kasih ya KK-KK semua yang sudah berpartisipasi dan memberikan masukan nya. Semoga tuhan membalas budi baik KK-KK semua.

btw, ini rule yang aku pake di web proxi nya;
src-address=192.168.0.2/32 dst-address=!202.147.240.133/32 action=deny
(contoh ngeblok situs selain www.liputan6.com untuk ip 192.168.0.2)
mungkin aja akan berguna untuk newbie lain seperti saya.


Terima kasih.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 07-11-2008, 15:32
adiel.nopria's Avatar
adiel.nopria adiel.nopria is offline
Calon Member
  
Join Date: Sep 2007
Posts: 81
iTrader: (0)
Thanks: 1
Thanked 12 Times in 10 Posts
adiel.nopria is on a distinguished road
Quote:
Originally Posted by kuraikun View Post
hohohoho...senang nya....
terima kasih y KK...knapa ga kpikiran ya tadi nya. padahal saya ud pake rule web proxy untuk ngeblok situs" porno.
hahahahha.... sekali lagi terima kasih ya KK-KK semua yang sudah berpartisipasi dan memberikan masukan nya. Semoga tuhan membalas budi baik KK-KK semua.

btw, ini rule yang aku pake di web proxi nya;
src-address=192.168.0.2/32 dst-address=!202.147.240.133/32 action=deny
(contoh ngeblok situs selain www.liputan6.com untuk ip 192.168.0.2)
mungkin aja akan berguna untuk newbie lain seperti saya.


Terima kasih.
gmn bro rulenya udah jalan blm ??

klo bisa di cek juga pas buka web misalkan yahoo, dia nglink kemana aja. jangan berpatokan pada nslookup aja. Dikantor, gw terapin dari jam 8-16 ga boleh buka youtube,friendster,metacafe. ampuh tuh.....

klo ok klik thanks dunk......

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to adiel.nopria For This Useful Post:
  #12 (permalink)  
Old 11-11-2008, 12:03
kuraikun kuraikun is offline
Newbie
  
Join Date: Oct 2008
Posts: 23
iTrader: (0)
Thanks: 15
Thanked 0 Times in 0 Posts
kuraikun is on a distinguished road
Mr.Adiel
Gmana klo mau 1 ip cuma bisa buka 2 situs? misal yahoo n gmail.
apa mesti pake firewall filter?
soal nya wa ud coba2 tapi kaga bisa2. ud bikin list addressnya, ud set filter nya (chain forward, ip target, destination list, action.)
ada ide ga Mr.Adiel?!

Thanks.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 11-11-2008, 16:22
zinhell zinhell is offline
Member
  
Join Date: Sep 2008
Location: Salatiga
Posts: 183
iTrader: (0)
Thanks: 0
Thanked 25 Times in 14 Posts
zinhell is on a distinguished roadzinhell is on a distinguished road
Send a message via Yahoo to zinhell Send a message via Skype™ to zinhell
Quote:
Originally Posted by kuraikun View Post
Mr.Adiel
Gmana klo mau 1 ip cuma bisa buka 2 situs? misal yahoo n gmail.
apa mesti pake firewall filter?
soal nya wa ud coba2 tapi kaga bisa2. ud bikin list addressnya, ud set filter nya (chain forward, ip target, destination list, action.)
ada ide ga Mr.Adiel?!

Thanks.
kasi aja script firewall nya itu mas ...

destination address list nya sudah pakai tanda "!" ? ... terus itu rule sudah ditaruh di urutan paling atas dari rule - rule yang lain ?

mungkin gitu ya ?

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 11-11-2008, 18:09
zainalk29's Avatar
zainalk29 zainalk29 is offline
Donatur
  
Join Date: Aug 2007
Location: Yogyakarta and Banjarmasin
Posts: 671
iTrader: (0)
Thanks: 25
Thanked 162 Times in 99 Posts
zainalk29 is a splendid one to beholdzainalk29 is a splendid one to beholdzainalk29 is a splendid one to beholdzainalk29 is a splendid one to beholdzainalk29 is a splendid one to beholdzainalk29 is a splendid one to beholdzainalk29 is a splendid one to behold
Send a message via Yahoo to zainalk29
hmmm .. bagus banget nih info na ... thx banget bos

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 13-11-2008, 19:11
kuraikun kuraikun is offline
Newbie
  
Join Date: Oct 2008
Posts: 23
iTrader: (0)
Thanks: 15
Thanked 0 Times in 0 Posts
kuraikun is on a distinguished road
Quote:
Originally Posted by zinhell View Post
kasi aja script firewall nya itu mas ...

destination address list nya sudah pakai tanda "!" ? ... terus itu rule sudah ditaruh di urutan paling atas dari rule - rule yang lain ?

mungkin gitu ya ?
Saya ud coba cara itu tapi tetep aja ip target masi bisa buka situs2 yg lain.
Barangkali para senior yg baik hati bisa membantu saya.

Berikut ini list rule yg ada di filter saya. dengan contoh saya membuka hanya situs gmail untuk ip 192.168.0.2.
Mungkin saja ada rule yg salah, sehingga saya ga bisa memblok ip target.
Mohon koreksi dan pencerahan dari KK-KK senior yg baik hati
Bantuan nya akan amat sangat dihargai.Terima Kasih

/ ip firewall filter
add chain=forward src-address=192.168.0.2 dst-address-list=!gmail action=drop comment="" disabled=no
add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y, sebaiknya di didisable karena juga sering \
digunakan utk vpn atau webmin" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
add chain=virus protocol=tcp dst-port=53 action=drop comment="219.232.241.91 port 53" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no
add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment="FTP" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment="SSH for secure shell" \
disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment="Telnet" disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment="Web" disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment="winbox" disabled=no
add chain=input protocol=tcp dst-port=1723 action=accept comment="pptp-server" disabled=no
add chain=input src-address-list=ournetwork action=accept comment="From Datautama network" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2 >

« bandwidth drop ketika menggunakan mikrotik | Cara Gabungkan ISP+LOCAL LAN+VPN Telkom »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[HELP] Bandwith 256 kbps untuk 25 Client gimana cara settingnya. brain_devil2006 Beginner Basics 37 09-02-2009 22:25
Bagaimana sich perintah route gateway klo pake DHCP client untuk 2 ISP icemen_212 Beginner Basics 2 23-05-2008 03:00
Situs Depkominfo di crack [a] Chit Chat 9 28-03-2008 14:11
blok situs helppppp aris-setiawan Beginner Basics 4 31-01-2008 20:51
[ask]Gimana caranya memblok trafiic local gateway General Networking 34 19-07-2007 01:59


This Forum is Powered by Orion Net.

All times are GMT +8. The time now is 05:45.

Contact Us - Forum Mikrotik Indonesia - Top