Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 15 of 15
  1. #1
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Sebagian Client Tidak bisa terkoneksi ke beberapa situs [Tapi hanya sementara]

    Sebelumnya mohon maaf agan" semua, kalau nantinya hal ini pernah ditanyakan di thread yang lain... (tapi rasanya belum) Click here to enlarge
    Langsung aja,
    ada sebagian dari client ane yg tidak bisa terkoneksi ke internet, itupun cuma situs" tertentu saja, (facebook, yahoo, terkadang juga google). namun ini hanya bersifat sementara. yang tambah bingungnya, di client yg lain tidak ada masalah... padahal menggunakan kelas ip yang sama.

    apakah ada kesalahan pada firewall filter yang ane punya, atau gimana ya gan. berikut ane lampirin firewallnya ;

    /ip firewall filter
    add action=drop chain=forward comment="Filter - Traceroute" disabled=no \
    icmp-options=11:0 protocol=icmp
    add action=drop chain=forward disabled=no icmp-options=3:3 protocol=icmp
    add action=add-src-to-address-list address-list=WARN-FTP \
    address-list-timeout=4w2d chain=input comment="Filter - Wan Access FTP" \
    disabled=no dst-port=21 protocol=tcp src-address-list=!local-addr
    add action=drop chain=input disabled=no src-address-list=WARN-FTP
    add action=accept chain=input disabled=no dst-port=21 protocol=tcp \
    src-address-list=local-addr
    add action=add-src-to-address-list address-list=WARN-SSH \
    address-list-timeout=4w2d chain=input comment="Filter - Wan Access SSH" \
    disabled=no dst-port=22 protocol=tcp src-address-list=!local-addr
    add action=drop chain=input disabled=no src-address-list=WARN-SSH
    add action=accept chain=input disabled=no dst-port=22 protocol=tcp \
    src-address-list=local-addr
    add action=add-src-to-address-list address-list=WARN-TELNET \
    address-list-timeout=4w2d chain=input comment=\
    "Filter - Wan Access TELNET" disabled=no dst-port=23 protocol=tcp \
    src-address-list=!local-addr
    add action=drop chain=input disabled=no src-address-list=WARN-TELNET
    add action=accept chain=input disabled=no dst-port=23 protocol=tcp \
    src-address-list=local-addr
    add action=add-src-to-address-list address-list=WARN-WEB \
    address-list-timeout=4w2d chain=input comment="Filter - Wan Access WEB" \
    disabled=no dst-port=80 protocol=tcp src-address-list=!local-addr
    add action=drop chain=input disabled=no src-address-list=WARN-WEB
    add action=accept chain=input disabled=no dst-port=80 protocol=tcp \
    src-address-list=local-addr
    add action=add-src-to-address-list address-list=WARN-WINBOX \
    address-list-timeout=4w2d chain=input comment=\
    "Filter - Wan Access WINBOX" disabled=no dst-port=8291 protocol=tcp \
    src-address-list=!local-addr
    add action=drop chain=input disabled=no src-address-list=WARN-WINBOX
    add action=accept chain=input disabled=no dst-port=8291 protocol=tcp \
    src-address-list=local-addr
    add action=add-src-to-address-list address-list="Filter - Port Scanners" \
    address-list-timeout=2w chain=input comment="Filter - Port Scanners" \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input disabled=no src-address-list="port scanners"
    add action=accept chain=forward comment=Connections connection-state=\
    established disabled=no
    add action=accept chain=forward connection-state=related disabled=no
    add action=drop chain=forward comment="BLOCK IP 4 INT || local only" \
    disabled=no src-address-list=block
    add action=drop chain=input comment="Drop SSH brute forcers" disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port Scanners to list " \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input disabled=no src-address-list="port scanners"
    add action=drop chain=input comment="Filter FTP to Box" disabled=no dst-port=\
    21 protocol=tcp src-address-list=ftp_blacklist
    add action=accept chain=output content="530 Login incorrect" disabled=no \
    dst-limit=1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    disabled=no protocol=tcp
    add action=jump chain=forward comment="Separate Protocol into Chains" \
    disabled=no jump-target=tcp protocol=tcp
    add action=jump chain=forward disabled=no jump-target=udp protocol=udp
    add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
    add action=drop chain=udp comment="Blocking UDP Packet" disabled=no dst-port=\
    69 protocol=udp
    add action=drop chain=udp disabled=no dst-port=111 protocol=udp
    add action=drop chain=udp disabled=no dst-port=135 protocol=udp
    add action=drop chain=udp disabled=no dst-port=137-139 protocol=udp
    add action=drop chain=udp disabled=no dst-port=2049 protocol=udp
    add action=drop chain=udp disabled=no dst-port=3133 protocol=udp
    add action=drop chain=tcp comment="Bloking TCP Packet" disabled=no dst-port=\
    69 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=137-139 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp
    add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp
    add action=accept chain=icmp comment="Limited Ping Flood" disabled=no \
    icmp-options=0:0-255 limit=5,5 protocol=icmp
    add action=accept chain=icmp disabled=no icmp-options=3:3 limit=5,5 protocol=\
    icmp
    add action=accept chain=icmp disabled=no icmp-options=3:4 limit=5,5 protocol=\
    icmp
    add action=accept chain=icmp disabled=no icmp-options=8:0-255 limit=5,5 \
    protocol=icmp
    add action=accept chain=icmp disabled=no icmp-options=11:0-255 limit=5,5 \
    protocol=icmp
    add action=drop chain=icmp disabled=no protocol=icmp
    add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no \
    dst-address-type=broadcast
    add action=accept chain=input comment="Connection State" connection-state=\
    established disabled=no
    add action=accept chain=input connection-state=related disabled=no
    add action=drop chain=virus comment="Sockets des Troie" disabled=no dst-port=\
    1 protocol=udp
    add action=drop chain=virus comment=Death disabled=no dst-port=2 protocol=tcp
    add action=drop chain=virus comment="Ajan, Antigen, Barok, Email Password Send\
    er EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang\
    2, Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi, NewAp\
    t worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, Wi\
    nSpy" disabled=no dst-port=25 protocol=tcp
    add action=drop chain=virus comment="Agent 40421" disabled=no dst-port=30 \
    protocol=tcp
    add action=drop chain=virus comment=\
    "Agent 31, Hackers Paradise, Masters Paradise" disabled=no dst-port=31 \
    protocol=tcp
    add action=drop chain=virus comment="Deep Throat, Foreplay" disabled=no \
    dst-port=41 protocol=tcp
    add action=drop chain=virus comment=DRAT disabled=no dst-port=48 protocol=tcp
    add action=drop chain=virus comment=DRAT disabled=no dst-port=50 protocol=tcp
    add action=drop chain=virus comment=DMSetup disabled=no dst-port=58 protocol=\
    tcp
    add action=drop chain=virus comment=DMSetup disabled=no dst-port=59 protocol=\
    tcp
    add action=drop chain=virus comment="CDK, Firehotcker" disabled=no dst-port=\
    79 protocol=tcp
    add action=drop chain=virus comment=RemoConChubo disabled=yes dst-port=81 \
    protocol=tcp
    add action=drop chain=virus comment="Hidden Port, NCX" disabled=no dst-port=\
    99 protocol=tcp
    add action=drop chain=virus comment="ProMail trojan" disabled=no dst-port=110 \
    protocol=tcp
    add action=drop chain=virus comment="Invisible Identd Deamon, Kazimas" \
    disabled=no dst-port=113 protocol=tcp
    add action=drop chain=virus comment=Happy99 disabled=no dst-port=119 \
    protocol=tcp
    add action=drop chain=virus comment="Attack Bot, God Message, JammerKillah" \
    disabled=no dst-port=121 protocol=tcp
    add action=drop chain=virus comment="Net Controller" disabled=no dst-port=123 \
    protocol=tcp
    add action=drop chain=virus comment=Farnaz disabled=no dst-port=133 protocol=\
    tcp
    add action=drop chain=virus comment="Blaster worm" disabled=no dst-port=\
    135-139 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=135-139 protocol=udp
    add action=drop chain=virus comment=NetTaxi disabled=no dst-port=142 \
    protocol=tcp
    add action=drop chain=virus comment=Infector disabled=no dst-port=146 \
    protocol=tcp
    add action=drop chain=virus comment=Infector disabled=no dst-port=146 \
    protocol=udp
    add action=drop chain=virus comment=A-trojan disabled=no dst-port=170 \
    protocol=tcp
    add action=drop chain=virus comment=Backage disabled=no dst-port=334 \
    protocol=tcp
    add action=drop chain=virus comment=Backage disabled=no dst-port=411 \
    protocol=tcp
    add action=drop chain=virus comment="Breach, Incognito" disabled=no dst-port=\
    420 protocol=tcp
    add action=drop chain=virus comment="TCP Wrappers trojan" disabled=no \
    dst-port=421 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=udp
    add action=drop chain=virus comment="Fatal Connections" disabled=no dst-port=\
    455 protocol=tcp
    add action=drop chain=virus comment="Hackers Paradise" disabled=no dst-port=\
    456 protocol=tcp
    add action=drop chain=virus comment=Grlogin disabled=no dst-port=513 \
    protocol=tcp
    add action=drop chain=virus comment="RPC Backdoor" disabled=no dst-port=514 \
    protocol=tcp
    add action=drop chain=virus comment="Net666, Rasmin" disabled=no dst-port=531 \
    protocol=tcp
    add action=drop chain=virus comment="711 trojan, Seven Eleven, Ini-Killer, Net\
    \_Administrator, Phase Zero, Phase-0, Stealth Spy" disabled=no dst-port=\
    555 protocol=tcp
    add action=drop chain=virus comment="Secret Service" disabled=no dst-port=605 \
    protocol=tcp
    add action=drop chain=virus comment="Attack FTP, Back Construction, BLA trojan\
    , Cain & Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3\
    rz Therippers" disabled=no dst-port=666 protocol=tcp
    add action=drop chain=virus comment=SniperNet disabled=no dst-port=667 \
    protocol=tcp
    add action=drop chain=virus comment="DP trojan" disabled=no dst-port=669 \
    protocol=tcp
    add action=drop chain=virus comment=GayOL disabled=no dst-port=692 protocol=\
    tcp
    add action=drop chain=virus comment="AimSpy, Undetected" disabled=no \
    dst-port=777 protocol=tcp
    add action=drop chain=virus comment=WinHole disabled=no dst-port=808 \
    protocol=tcp
    add action=drop chain=virus comment="Dark Shadow" disabled=no dst-port=911 \
    protocol=tcp
    add action=drop chain=virus comment="Deep Throat, Foreplay, WinSatan" \
    disabled=no dst-port=999 protocol=tcp
    add action=drop chain=virus comment="Der Spaeher, Direct Connection" \
    disabled=no dst-port=1000 protocol=tcp
    add action=drop chain=virus comment=\
    "Der Spaeher, Le Guardien, Silencer, WebEx" disabled=no dst-port=1001 \
    protocol=tcp
    add action=drop chain=virus comment="Doly Trojan" disabled=no dst-port=\
    1010-1016 protocol=tcp
    add action=drop chain=virus comment=Vampire disabled=no dst-port=1020 \
    protocol=tcp
    add action=drop chain=virus comment="Jade, Latinus, NetSpy" disabled=no \
    dst-port=1024 protocol=tcp
    add action=drop chain=virus comment="Remote Storm" disabled=no dst-port=1025 \
    protocol=tcp
    add action=drop chain=virus comment="Remote Storm" disabled=no dst-port=1025 \
    protocol=udp
    add action=drop chain=virus comment=Multidropper disabled=no dst-port=1035 \
    protocol=tcp
    add action=drop chain=virus comment="BLA trojan" disabled=no dst-port=1042 \
    protocol=tcp
    add action=drop chain=virus comment=Rasmin disabled=no dst-port=1045 \
    protocol=tcp
    add action=drop chain=virus comment="sbin initd" disabled=no dst-port=1049 \
    protocol=tcp
    add action=drop chain=virus comment=MiniCommand disabled=no dst-port=1050 \
    protocol=tcp
    add action=drop chain=virus comment="The Thief" disabled=no dst-port=1053 \
    protocol=tcp
    add action=drop chain=virus comment=AckCmd disabled=no dst-port=1054 \
    protocol=tcp
    add action=drop chain=virus comment=WinHole disabled=no dst-port=1080-1083 \
    protocol=tcp
    add action=drop chain=virus comment=Xtreme disabled=no dst-port=1090 \
    protocol=tcp
    add action=drop chain=virus comment="Remote Administration Tool RAT" \
    disabled=no dst-port=1095-1098 protocol=tcp
    add action=drop chain=virus comment=\
    "Blood Fest Evolution, Remote Administration Tool RAT" disabled=no \
    dst-port=1099 protocol=tcp
    add action=drop chain=virus comment=Orion disabled=no dst-port=1150-1151 \
    protocol=tcp
    add action=drop chain=virus comment=\
    "Psyber Stream Server PSS, Streaming Audio Server, Voice" disabled=no \
    dst-port=1170 protocol=tcp
    add action=drop chain=virus comment=NoBackO disabled=no dst-port=1200-1201 \
    protocol=udp
    add action=drop chain=virus comment=SoftWAR disabled=no dst-port=1207 \
    protocol=tcp
    add action=drop chain=virus comment=Infector disabled=no dst-port=1208 \
    protocol=tcp
    add action=drop chain=virus comment=Kaos disabled=no dst-port=1212 protocol=\
    tcp
    add action=drop chain=virus comment="SubSeven Java client, Ultors Trojan" \
    disabled=no dst-port=1234 protocol=tcp
    add action=drop chain=virus comment=\
    "BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles" disabled=no dst-port=\
    1243 protocol=tcp
    add action=drop chain=virus comment="VooDoo Doll" disabled=no dst-port=1245 \
    protocol=tcp
    add action=drop chain=virus comment=Scarab disabled=no dst-port=1255 \
    protocol=tcp
    add action=drop chain=virus comment="Project nEXT" disabled=no dst-port=1256 \
    protocol=tcp
    add action=drop chain=virus comment=Matrix disabled=no dst-port=1269 \
    protocol=tcp
    add action=drop chain=virus comment="The Matrix" disabled=no dst-port=1272 \
    protocol=tcp
    add action=drop chain=virus comment=NETrojan disabled=no dst-port=1313 \
    protocol=tcp
    add action=drop chain=virus comment="Millenium Worm" disabled=no dst-port=\
    1338 protocol=tcp
    add action=drop chain=virus comment="Bo dll" disabled=no dst-port=1349 \
    protocol=tcp
    add action=drop chain=virus comment="GoFriller, Backdoor G-1" disabled=no \
    dst-port=1394 protocol=tcp
    add action=drop chain=virus comment="Remote Storm" disabled=no dst-port=1441 \
    protocol=tcp
    add action=drop chain=virus comment=FTP99CMP disabled=no dst-port=1492 \
    protocol=tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=1524 \
    protocol=tcp
    add action=drop chain=virus comment="Remote Hack" disabled=no dst-port=1568 \
    protocol=tcp
    add action=drop chain=virus comment="Direct Connection, Shivka-Burka" \
    disabled=no dst-port=1600 protocol=tcp
    add action=drop chain=virus comment=Exploiter disabled=no dst-port=1703 \
    protocol=tcp
    add action=drop chain=virus comment=Scarab disabled=no dst-port=1777 \
    protocol=tcp
    add action=drop chain=virus comment=SpySender disabled=no dst-port=1807 \
    protocol=tcp
    add action=drop chain=virus comment="Fake FTP" disabled=no dst-port=1966 \
    protocol=tcp
    add action=drop chain=virus comment="WM FTP Server" disabled=no dst-port=1967 \
    protocol=tcp
    add action=drop chain=virus comment="OpC BO" disabled=no dst-port=1969 \
    protocol=tcp
    add action=drop chain=virus comment="Bowl, Shockrave" disabled=no dst-port=\
    1981 protocol=tcp
    add action=drop chain=virus comment="Back Door, SubSeven, TransScout" \
    disabled=no dst-port=1999 protocol=tcp
    add action=drop chain=virus comment="Der Spaeher, Insane Network, Last 2000, R\
    emote Explorer 2000, Senna Spy Trojan Generator" disabled=no dst-port=\
    2000 protocol=tcp
    add action=drop chain=virus comment="Der Spaeher, Trojan Cow" disabled=no \
    dst-port=2001 protocol=tcp
    add action=drop chain=virus comment="Ripper Pro" disabled=no dst-port=2023 \
    protocol=tcp
    add action=drop chain=virus comment=WinHole disabled=no dst-port=2080 \
    protocol=tcp
    add action=drop chain=virus comment=Bugs disabled=no dst-port=2115 protocol=\
    tcp
    add action=drop chain=virus comment="Mini Backlash" disabled=no dst-port=2130 \
    protocol=udp
    add action=drop chain=virus comment="The Invasor" disabled=no dst-port=2140 \
    protocol=tcp
    add action=drop chain=virus comment="Deep Throat, Foreplay" disabled=no \
    dst-port=2140 protocol=udp
    add action=drop chain=virus comment="Illusion Mailer" disabled=no dst-port=\
    2155 protocol=tcp
    add action=drop chain=virus comment=Nirvana disabled=no dst-port=2255 \
    protocol=tcp
    add action=drop chain=virus comment="Hvl RAT" disabled=no dst-port=2283 \
    protocol=tcp
    add action=drop chain=virus comment=Xplorer disabled=no dst-port=2300 \
    protocol=tcp
    add action=drop chain=virus comment="Studio 54" disabled=no dst-port=2311 \
    protocol=tcp
    add action=drop chain=virus comment=Contact disabled=no dst-port=2330-2339 \
    protocol=tcp
    add action=drop chain=virus comment="Voice Spy" disabled=no dst-port=2339 \
    protocol=udp
    add action=drop chain=virus comment="Doly Trojan" disabled=no dst-port=2345 \
    protocol=tcp
    add action=drop chain=virus comment="Striker trojan" disabled=no dst-port=\
    2565 protocol=tcp
    add action=drop chain=virus comment=WinCrash disabled=no dst-port=2583 \
    protocol=tcp
    add action=drop chain=virus comment="Digital RootBeer" disabled=no dst-port=\
    2600 protocol=tcp
    add action=drop chain=virus comment="The Prayer" disabled=no dst-port=2716 \
    protocol=tcp
    add action=drop chain=virus comment="SubSeven, SubSeven 2.1 Gold" disabled=no \
    dst-port=2773-2774 protocol=tcp
    add action=drop chain=virus comment="Phineas Phucker" disabled=no dst-port=\
    2801 protocol=tcp
    add action=drop chain=virus comment="Remote Administration Tool RAT" \
    disabled=no dst-port=2989 protocol=udp
    add action=drop chain=virus comment="Remote Shut" disabled=no dst-port=3000 \
    protocol=tcp
    add action=drop chain=virus comment=WinCrash disabled=no dst-port=3024 \
    protocol=tcp
    add action=drop chain=virus comment=Microspy disabled=no dst-port=3031 \
    protocol=tcp
    add action=drop chain=virus comment="Reverse WWW Tunnel Backdoor, RingZero" \
    disabled=no dst-port=3128 protocol=tcp
    add action=drop chain=virus comment="Masters Paradise" disabled=no dst-port=\
    3129 protocol=tcp
    add action=drop chain=virus comment="The Invasor" disabled=no dst-port=3150 \
    protocol=tcp
    add action=drop chain=virus comment="Deep Throat, Foreplay, Mini Backlash" \
    disabled=no dst-port=3150 protocol=udp
    add action=drop chain=virus comment="Terror trojan" disabled=no dst-port=3456 \
    protocol=tcp
    add action=drop chain=virus comment="Eclipse 2000, Sanctuary" disabled=no \
    dst-port=3459 protocol=tcp
    add action=drop chain=virus comment="Portal of Doom" disabled=no dst-port=\
    3700 protocol=tcp
    add action=drop chain=virus comment=PsychWard disabled=no dst-port=3777 \
    protocol=tcp
    add action=drop chain=virus comment="Total Solar Eclypse" disabled=no \
    dst-port=3791-3801 protocol=tcp
    add action=drop chain=virus comment=SkyDance disabled=no dst-port=4000 \
    protocol=tcp
    add action=drop chain=virus comment=WinCrash disabled=no dst-port=4092 \
    protocol=tcp
    add action=drop chain=virus comment="Virtual Hacking Machine VHM" disabled=no \
    dst-port=4242 protocol=tcp
    add action=drop chain=virus comment=BoBo disabled=no dst-port=4321 protocol=\
    tcp
    add action=drop chain=virus comment="Prosiak, Swift Remote" disabled=no \
    dst-port=4444 protocol=tcp
    add action=drop chain=virus comment="File Nail" disabled=no dst-port=4567 \
    protocol=tcp
    add action=drop chain=virus comment="ICQ Trojan" disabled=no dst-port=4590 \
    protocol=tcp
    add action=drop chain=virus comment="ICQ Trogen Lm" disabled=no dst-port=4950 \
    protocol=tcp
    add action=drop chain=virus comment=\
    "Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie" \
    disabled=no dst-port=5000 protocol=tcp
    add action=drop chain=virus comment="Back Door Setup, Sockets des Troie" \
    disabled=no dst-port=5001 protocol=tcp
    add action=drop chain=virus comment="cd00r, Shaft" disabled=no dst-port=5002 \
    protocol=tcp
    add action=drop chain=virus comment=Solo disabled=no dst-port=5010 protocol=\
    tcp
    add action=drop chain=virus comment=\
    "One of the Last Trojans OOTLT, One of the Last Trojans OOTLT, modified" \
    disabled=no dst-port=5011 protocol=tcp
    add action=drop chain=virus comment="WM Remote KeyLogger" disabled=no \
    dst-port=5025 protocol=tcp
    add action=drop chain=virus comment="Net Metropolitan" disabled=no dst-port=\
    5031-5032 protocol=tcp
    add action=drop chain=virus comment=Firehotcker disabled=no dst-port=5321 \
    protocol=tcp
    add action=drop chain=virus comment="Backage, NetDemon" disabled=no dst-port=\
    5333 protocol=tcp
    add action=drop chain=virus comment="wCrat WC Remote Administration Tool" \
    disabled=no dst-port=5343 protocol=tcp
    add action=drop chain=virus comment="Back Construction, Blade Runner" \
    disabled=no dst-port=5400-5402 protocol=tcp
    add action=drop chain=virus comment="Illusion Mailer" disabled=no dst-port=\
    5512 protocol=tcp
    add action=drop chain=virus comment="The Flu" disabled=no dst-port=5534 \
    protocol=tcp
    add action=drop chain=virus comment=Xtcp disabled=no dst-port=5550 protocol=\
    tcp
    add action=drop chain=virus comment=ServeMe disabled=no dst-port=5555 \
    protocol=tcp
    add action=drop chain=virus comment="BO Facil" disabled=no dst-port=5556-5557 \
    protocol=tcp
    add action=drop chain=virus comment=Robo-Hack disabled=no dst-port=5569 \
    protocol=tcp
    add action=drop chain=virus comment="PC Crasher" disabled=no dst-port=\
    5637-5638 protocol=tcp
    add action=drop chain=virus comment=WinCrash disabled=no dst-port=5742 \
    protocol=tcp
    add action=drop chain=virus comment="Portmap Remote Root Linux Exploit" \
    disabled=no dst-port=5760 protocol=tcp
    add action=drop chain=virus comment="Y3K RAT" disabled=no dst-port=5880-5889 \
    protocol=tcp
    add action=drop chain=virus comment="The Thing" disabled=no dst-port=6000 \
    protocol=tcp
    add action=drop chain=virus comment="Bad Blood" disabled=no dst-port=6006 \
    protocol=tcp
    add action=drop chain=virus comment="Secret Service" disabled=no dst-port=\
    6272 protocol=tcp
    Thanks atas waktunya Click here to enlarge

  2. #2
    Status
    Offline
    tkgit's Avatar
    Member
    Join Date
    Mar 2014
    Location
    nomaden
    Posts
    175
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    matikan semua ip-fi-fi

  3. #3
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    792
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by tkgit Click here to enlarge
    matikan semua ip-fi-fi
    setuju sama Om Noeg....
    coba matikan dulu filternya dulu trus di tes lagi....
    atau reset dulu semua counternya, trus coba tes browsing di client, liatin couter di filter nya, kalo ada yg nambah couter nya berarti ada yg nyangkut di filternya...Click here to enlarge


    atau juga menurut saya, bisa jadi ada penggunaan ip dns yg berbeda beda tiap client nya, coba az bikin rule redirect dns di mikrotik nya biar semua client dipaksa menggunakan dns nya mikrotik, harus nya kalo udah di buat rule tersebut akan mengurangi kemungkinan gk bisa konek karna masalh dns..

  4. #4
    Status
    Offline
    m4l41k4t_p3n454r4n's Avatar
    Member
    Join Date
    Jun 2009
    Posts
    213
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wow firewall filter banyak amat yach...
    coba ditest disabled saja dlu semuanya, lalu ditest satu2 dan dienabledkan sesuai kebutuhan saja jika dibutuhkan
    dan juga dicoba pastikan saat akses web tersebut ga bs coba ditest ping dan dibangdingkan dgn pc yg lain jg

  5. #5
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ayo suhu turun gunung plisss...
    ane udah baca thread dari yg udah resolve

    permasalahan yang terjadi persis sama dengan kejadian pada kasus agan pada thread diatas...

    udah ane terapin cuma masi g bisa ni agan"...

    terakhir ane coba hal ini :
    /ip dns static
    add address=206.190.36.45 disabled=no name=yahoo.com ttl=1d
    add address=8.8.8.8 disabled=no name="dns google" ttl=1d
    add address=98.138.253.109 disabled=no name=yahoo.com ttl=1d
    add address=173.252.110.27 disabled=no name=facebook.com ttl=1d
    add address=98.136.189.41 disabled=no name=mail.yahoo.com ttl=1d
    add address=216.115.100.102 disabled=no name=mail.yahoo.com ttl=1d
    add address=106.10.193.20 disabled=no name=mail.yahoo.com ttl=1d
    add address=173.194.117.102 disabled=no name=youtube.com ttl=1d
    add address=74.125.200.17 disabled=no name=google ttl=1d
    add address=74.125.200.19 disabled=no name=google ttl=1d
    add address=74.125.200.83 disabled=no name=google ttl=1d
    sedikit sudah membantu, cuma apa ada efek kalau ane pake statik dns gini g gan??

    thanks, mohon pencerahannya... Click here to enlarge
    Last edited by romi poetra minang; 05-04-2014 at 15:50.

  6. #6
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by brutuz_1 Click here to enlarge
    setuju sama Om Noeg....
    coba matikan dulu filternya dulu trus di tes lagi....
    atau reset dulu semua counternya, trus coba tes browsing di client, liatin couter di filter nya, kalo ada yg nambah couter nya berarti ada yg nyangkut di filternya...Click here to enlarge


    atau juga menurut saya, bisa jadi ada penggunaan ip dns yg berbeda beda tiap client nya, coba az bikin rule redirect dns di mikrotik nya biar semua client dipaksa menggunakan dns nya mikrotik, harus nya kalo udah di buat rule tersebut akan mengurangi kemungkinan gk bisa konek karna masalh dns..

    udah dilaksanakan agan... cuma masi aja sama... Click here to enlarge

  7. #7
    Status
    Offline
    tkgit's Avatar
    Member
    Join Date
    Mar 2014
    Location
    nomaden
    Posts
    175
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pake ISP apa? setting DNS gimana?

  8. #8
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ane pake ISP Astinet gan,
    ini set dns punya ne :

    /ip dns
    set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=\
    208.67.222.222,208.67.220.220,203.158.3.7,8.8.8.8
    /ip dns static
    add address=98.138.253.109 disabled=no name=yahoo.com ttl=1d
    add address=173.252.110.27 disabled=no name=facebook.com ttl=1d
    add address=98.136.189.41 disabled=no name=mail.yahoo.com ttl=1d
    add address=216.115.100.102 disabled=no name=mail.yahoo.com ttl=1d
    add address=106.10.193.20 disabled=no name=mail.yahoo.com ttl=1d
    add address=173.194.117.102 disabled=no name=youtube.com ttl=1d
    add address=74.125.200.17 disabled=no name=google ttl=1d
    add address=74.125.200.19 disabled=no name=google ttl=1d
    add address=74.125.200.83 disabled=no name=google ttl=1d

  9. #9
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Setelah ane perhatiin, penggunaan ipdns static bikin lemot di kompi client ane gan... Click here to enlarge Help

  10. #10
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    792
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by romi poetra minang Click here to enlarge
    ane pake ISP Astinet gan,
    ini set dns punya ne :
    Click here to enlarge Originally Posted by romi poetra minang Click here to enlarge
    Setelah ane perhatiin, penggunaan ipdns static bikin lemot di kompi client ane gan... Click here to enlarge Help
    udah bikin rule redirect dns client ke dns mikrotik nya..????
    coba taro dns google di depan, saya dari dulu pake dns gugel gk ada masalah...Click here to enlarge
    Last edited by brutuz_1; 07-04-2014 at 01:48.

  11. #11
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ok om brutuz, ane coba dulu... ntar tak kabari lagi perkembangannya..
    Click here to enlarge Semngat..!! Click here to enlarge

    udah bikin rule redirect dns client ke dns mikrotik nya..????
    ane udah coba, malah ndak conect ke clientnya gan... apakah ane kudu flush semua client dulu..??
    masalahnya client ane lokasinya jauh" gan, total client juga mencapai lebih 50+,.. apakah ada cara selain Flush ke client ane gan...?? thanks pencerahannya...
    Last edited by romi poetra minang; 07-04-2014 at 10:58.

  12. #12
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    792
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by romi poetra minang Click here to enlarge
    Ok om brutuz, ane coba dulu... ntar tak kabari lagi perkembangannya..
    Click here to enlarge Semngat..!! Click here to enlarge


    ane udah coba, malah ndak conect ke clientnya gan... apakah ane kudu flush semua client dulu..??
    masalahnya client ane lokasinya jauh" gan, total client juga mencapai lebih 50+,.. apakah ada cara selain Flush ke client ane gan...?? thanks pencerahannya...
    gk konek apa gk bisa internetan..??? rule redirect dns nya gimana??
    pake hotspot gk???
    harus nya rule redirect dns cuman kayak gini
    Code:
    chain=dstnat protocol=tcp dst-port=53 action=redirect to-port=53
    chain=dstnat protocol=udp dst-port=53 action=redirect to-port=53

  13. #13
    Status
    Offline
    romi poetra minang's Avatar
    Calon Member
    Join Date
    Oct 2013
    Location
    Padang - Sumatera Barat
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by brutuz_1 Click here to enlarge
    gk konek apa gk bisa internetan..??? rule redirect dns nya gimana??
    pake hotspot gk???
    harus nya rule redirect dns cuman kayak gini
    Code:
    chain=dstnat protocol=tcp dst-port=53 action=redirect to-port=53
    chain=dstnat protocol=udp dst-port=53 action=redirect to-port=53
    g bisa internetan gan...
    ping ke gateway bisa.. g pake hotspot kok gan.. ane kasi ke client static ip langsung masuk ke wan Modem...

    Rule ridect dnsnya gini gan (apa ada yg salah):
    add action=dst-nat chain=dstnat comment="Ridect DNS WAN" disabled=no \
    dst-port=53 protocol=tcp src-address-list=local-addr to-addresses=\
    202.152.165.36 to-ports=53
    add action=dst-nat chain=dstnat disabled=no dst-port=53 protocol=udp \
    src-address-list=local-addr to-addresses=202.152.165.36 to-ports=53
    add action=dst-nat chain=dstnat disabled=no dst-port=53 protocol=tcp \
    src-address-list=local-addr to-addresses=203.158.3.7 to-ports=53
    add action=dst-nat chain=dstnat disabled=no dst-port=53 protocol=udp \
    src-address-list=local-addr to-addresses=203.158.3.7 to-ports=53
    Local-addr = ip local bt client ane gan, ane masukin ke list. soalnya ada lebih dari 2 ip buat local ane bikin.
    ada yg salah itu g gan..??

    Apa ada yg nyasar gan Click here to enlarge

  14. #14
    Status
    Offline
    bayo's Avatar
    Calon Member
    Join Date
    Mar 2013
    Location
    Bukittinggi
    Posts
    89
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    install ulang aja pc nya mungkin banyak virus . gk mungkin di pc lain bisa dan di satu pc gk bisa... berarti yang bermaslah bukan mikrotiknya tapi pC kliennnya

  15. #15
    Status
    Offline
    yudigadget's Avatar
    Calon Member
    Join Date
    Dec 2007
    Posts
    81
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sorry nggak bisa bantu masalah utama..
    mau komentar soal firewall filternya saja

    itu nggak salah yah filter segitu banyak, karena menurut saya ada 2 effectnya:
    1. Membuat kerja processor MikroTik lebih berat, akibatnya panas
    2. Agak repot managenya, apalagi kalau cari kutu masalah, karena buanyak filter rulenya

    Kalau butuhnya buat proteksi dari luar (WAN), saran saya mendingan pakai port knocking saja, ini sudah cukup aman koq, saya sendiri sudah praktekan di semua router MikroTik yang saya punya.
    Kalau butuh proteksi buat LAN, kenapa nggak allow saja port2 yang diperbolehkan, sisanya drop semua. Kebetulan karena klien saya karyawan kantor, jadi saya bisa kontrol aplikasi2nya, jadi saya nggak buat sih filter buat hal ini.

    Terakhir, saya bingung itu koq bisa yah chain-nya virus, icmp, tcp dan udp. Bukannya chain di filter cuma ada 3 opsi yah: forward, input dan output ?

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 02-06-2014, 01:08
  2. tidak bisa ping ke client tapi client bisa browsing
    By jeffry christopher in forum General Networking
    Replies: 13
    Last Post: 03-12-2012, 04:50
  3. [ASK] EoIP over PPTP, client tidak bisa terkoneksi.
    By routerbies in forum General Networking
    Replies: 3
    Last Post: 08-10-2011, 17:23
  4. PC Client Hanya Bisa Browsing Beberapa Alamat Web Saja
    By numpangnimbrung in forum General Networking
    Replies: 5
    Last Post: 20-05-2011, 14:40

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •