Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Status
    Offline
    zLay's Avatar
    Baru Gabung
    Join Date
    Jun 2008
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Memblok situs untuk 1 client

    Hi All,

    Tolong bantuin saya bagaimana caranya agar client dgn IP tertentu hanya bisa mengakses 1 website, tidak boleh ke website yg lain. untuk informasi saya menggunakan mikrotik hanya untuk router n dhcp server.

    Thx b4

    zLay

  2. The Following User Says Thank You to zLay For This Useful Post:


  3. #2
    Status
    Offline
    icmpreq's Avatar
    Newbie
    Join Date
    Sep 2007
    Posts
    47
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau client nya pake ip private, dan nat buat masquerade :
    ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no

  4. The Following 2 Users Say Thank You to icmpreq For This Useful Post:


  5. #3
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Click here to enlarge Originally Posted by icmpreq Click here to enlarge
    kalau client nya pake ip private, dan nat buat masquerade :
    ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
    nice inpo Om Click here to enlarge

  6. The Following 2 Users Say Thank You to Akangage For This Useful Post:


  7. #4
    Status
    Offline
    zLay's Avatar
    Baru Gabung
    Join Date
    Jun 2008
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Skg udah bisa. Thanks ya kk..

  8. The Following User Says Thank You to zLay For This Useful Post:


  9. #5
    Status
    Offline
    nuxboy's Avatar
    Newbie
    Join Date
    May 2008
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by icmpreq Click here to enlarge
    kalau client nya pake ip private, dan nat buat masquerade :
    ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
    info bagus thanks Bro
    lumayan rule ini bs dikombinasiin buat pelanggan atau pc yg khusus buat games jd gk bisa browsing kemana mana.Click here to enlarge

  10. The Following User Says Thank You to nuxboy For This Useful Post:


  11. #6
    Status
    Offline
    134L4N9's Avatar
    Newbie
    Join Date
    Jul 2008
    Posts
    21
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by icmpreq Click here to enlarge
    kalau client nya pake ip private, dan nat buat masquerade :
    ip firewall nat> add chain=srcnat src-address=ip.client.yg.dibatasi dst-address=ip.website.yg.akan.dituju action=masquerade comment="" disabled=no
    punya saia kok blum bisa ya kk..???
    untuk dst-address udah saia masukin ip nya yahoo.com (209.131.36.158) dan untuk konfigurasi yang lain sudah sama kayak script di atas. Tapi kok masih bisa bukan yang lain..??

    mohon pencerahannya...

    thx sebelumnya kk,..
    Last edited by 134L4N9; 02-07-2008 at 21:59.

  12. #7
    Status
    Offline
    icmpreq's Avatar
    Newbie
    Join Date
    Sep 2007
    Posts
    47
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by 134L4N9 Click here to enlarge
    punya saia kok blum bisa ya kk..???
    untuk dst-address udah saia masukin ip nya yahoo.com (209.131.36.158) dan untuk konfigurasi yang lain sudah sama kayak script di atas. Tapi kok masih bisa bukan yang lain..??

    mohon pencerahannya...

    thx sebelumnya kk,..
    tjoba paste disini config nat nya :

    /ip fire nat exp
    Last edited by icmpreq; 04-07-2008 at 12:01.

  13. #8
    Status
    Offline
    kuraikun's Avatar
    Newbie
    Join Date
    Oct 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    aku juga ga bisa

    di aku juga ga bisa KK.Click here to enlarge

    ini script yang ada di bagian nat MT aku;

    0 chain=srcnat src-address=192.168.0.2 dst-address=216.239.61.104
    action=masquerade

    1 ;;; share inet
    chain=srcnat out-interface=Net action=masquerade

    2 ;;; web-proxy
    chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128

    tolong di bantu y KKClick here to enlargeClick here to enlarge

  14. #9
    Status
    Offline
    adiel.nopria's Avatar
    Calon Member
    Join Date
    Sep 2007
    Posts
    85
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Bro, coba dari web proxynya dibuatin rule kyk gini:

    rule izinkan ke yahoo:
    - source address diisi IP traget, trus di URl nya diisi misalkan *.yahoo* action allow

    Block Unconditional:
    - source address: 0.0.0.0/0, action deny

    trus juga cek ip dari Yahoo brp aja dan buatin rule di Firewall dengan action accept. jadi client ga akan bisa buka web selain Yahoo walaupun yg diinput di address bar itu IP address web lain.

    gw terapin di kantor gw dan berjalan normal tuh.

    maap klo kurang jelas...

  15. The Following User Says Thank You to adiel.nopria For This Useful Post:


  16. #10
    Status
    Offline
    kuraikun's Avatar
    Newbie
    Join Date
    Oct 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlargehohohoho...senang nya....
    terima kasih y KK...knapa ga kpikiran ya tadi nya. padahal saya ud pake rule web proxy untuk ngeblok situs" porno.
    hahahahha.... sekali lagi terima kasih ya KK-KK semua yang sudah berpartisipasi dan memberikan masukan nya. Semoga tuhan membalas budi baik KK-KK semua.Click here to enlarge

    btw, ini rule yang aku pake di web proxi nya;
    src-address=192.168.0.2/32 dst-address=!202.147.240.133/32 action=deny
    (contoh ngeblok situs selain untuk ip 192.168.0.2)
    mungkin aja akan berguna untuk newbie lain seperti saya.


    Terima kasih.

  17. #11
    Status
    Offline
    adiel.nopria's Avatar
    Calon Member
    Join Date
    Sep 2007
    Posts
    85
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kuraikun Click here to enlarge
    Click here to enlargehohohoho...senang nya....
    terima kasih y KK...knapa ga kpikiran ya tadi nya. padahal saya ud pake rule web proxy untuk ngeblok situs" porno.
    hahahahha.... sekali lagi terima kasih ya KK-KK semua yang sudah berpartisipasi dan memberikan masukan nya. Semoga tuhan membalas budi baik KK-KK semua.Click here to enlarge

    btw, ini rule yang aku pake di web proxi nya;
    src-address=192.168.0.2/32 dst-address=!202.147.240.133/32 action=deny
    (contoh ngeblok situs selain untuk ip 192.168.0.2)
    mungkin aja akan berguna untuk newbie lain seperti saya.


    Terima kasih.
    gmn bro rulenya udah jalan blm ??

    klo bisa di cek juga pas buka web misalkan yahoo, dia nglink kemana aja. jangan berpatokan pada nslookup aja. Dikantor, gw terapin dari jam 8-16 ga boleh buka youtube,friendster,metacafe. ampuh tuh.....

    klo ok klik thanks dunk......Click here to enlarge

  18. The Following User Says Thank You to adiel.nopria For This Useful Post:


  19. #12
    Status
    Offline
    kuraikun's Avatar
    Newbie
    Join Date
    Oct 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Mr.Adiel
    Gmana klo mau 1 ip cuma bisa buka 2 situs? misal yahoo n gmail.
    apa mesti pake firewall filter?
    soal nya wa ud coba2 tapi kaga bisa2. ud bikin list addressnya, ud set filter nya (chain forward, ip target, destination list, action.)
    ada ide ga Mr.Adiel?!

    Thanks.

  20. #13
    Status
    Offline
    zinhell's Avatar
    Member
    Join Date
    Sep 2008
    Location
    Salatiga
    Posts
    184
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kuraikun Click here to enlarge
    Mr.Adiel
    Gmana klo mau 1 ip cuma bisa buka 2 situs? misal yahoo n gmail.
    apa mesti pake firewall filter?
    soal nya wa ud coba2 tapi kaga bisa2. ud bikin list addressnya, ud set filter nya (chain forward, ip target, destination list, action.)
    ada ide ga Mr.Adiel?!

    Thanks.
    kasi aja script firewall nya itu mas ...

    destination address list nya sudah pakai tanda "!" ? ... terus itu rule sudah ditaruh di urutan paling atas dari rule - rule yang lain ?

    mungkin gitu ya ? Click here to enlarge

  21. #14
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    hmmm .. bagus banget nih info na ... thx banget bos

  22. #15
    Status
    Offline
    kuraikun's Avatar
    Newbie
    Join Date
    Oct 2008
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zinhell Click here to enlarge
    kasi aja script firewall nya itu mas ...

    destination address list nya sudah pakai tanda "!" ? ... terus itu rule sudah ditaruh di urutan paling atas dari rule - rule yang lain ?

    mungkin gitu ya ? Click here to enlarge
    Saya ud coba cara itu tapi tetep aja ip target masi bisa buka situs2 yg lain.
    Barangkali para senior yg baik hati bisa membantu saya.

    Berikut ini list rule yg ada di filter saya. dengan contoh saya membuka hanya situs gmail untuk ip 192.168.0.2.
    Mungkin saja ada rule yg salah, sehingga saya ga bisa memblok ip target.
    Mohon koreksi dan pencerahan dari KK-KK senior yg baik hatiClick here to enlargeClick here to enlarge
    Bantuan nya akan amat sangat dihargai.Click here to enlargeTerima Kasih

    / ip firewall filter
    add chain=forward src-address=192.168.0.2 dst-address-list=!gmail action=drop comment="" disabled=no
    add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
    add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
    add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
    add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no
    add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
    add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no
    add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no
    add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
    add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no
    add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
    add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no
    add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no
    add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no
    add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no
    add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no
    add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no
    add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no
    add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no
    add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no
    add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no
    add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" disabled=no
    add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no
    add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no
    add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no
    add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no
    add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no
    add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no
    add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y, sebaiknya di didisable karena juga sering \
    digunakan utk vpn atau webmin" disabled=no
    add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no
    add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no
    add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no
    add chain=virus protocol=tcp dst-port=53 action=drop comment="219.232.241.91 port 53" disabled=no
    add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no
    add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no
    add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no
    add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
    add chain=input protocol=udp action=accept comment="UDP" disabled=no
    add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
    add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
    add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment="FTP" disabled=no
    add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment="SSH for secure shell" \
    disabled=no
    add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment="Telnet" disabled=no
    add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment="Web" disabled=no
    add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment="winbox" disabled=no
    add chain=input protocol=tcp dst-port=1723 action=accept comment="pptp-server" disabled=no
    add chain=input src-address-list=ournetwork action=accept comment="From Datautama network" disabled=no
    add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
    add chain=input action=drop comment="Drop everything else" disabled=no

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. [HELP] Bandwith 256 kbps untuk 25 Client gimana cara settingnya.
    By brain_devil2006 in forum Beginner Basics
    Replies: 45
    Last Post: 22-09-2011, 13:41
  2. blok situs helppppp
    By aris-setiawan in forum Beginner Basics
    Replies: 5
    Last Post: 21-01-2011, 15:38
  3. Replies: 2
    Last Post: 23-05-2008, 03:00
  4. [ask]Gimana caranya memblok trafiic local
    By gateway in forum General Networking
    Replies: 34
    Last Post: 19-07-2007, 01:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •