Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    mualimsan's Avatar
    Baru Gabung
    Join Date
    Jul 2014
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Blok Internet Host Dibawah Router LAN

    Bagaimana caranya blok koneksi internet host yg berada di belakang router LAN.
    Topologi jaringannya seperti berikut :

    Click here to enlarge

  2. #2
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    ganti aja routenya. jangan pake 0.0.0.0/0
    ganti 192.168.0.0/16

    misalnya ip antar router adalah 10.0.0.1/30
    routenya musti gini
    Code:
    dst-address=0.0.0.0/0 gateway 10.0.0.1
    diubah jadi
    Code:
    dst-address=192.168.0.0/16 gateway 10.0.0.1

  3. #3
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    792
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mualimsan Click here to enlarge
    Bagaimana caranya blok koneksi internet host yg berada di belakang router LAN.
    Topologi jaringannya seperti berikut :

    Click here to enlarge
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    ganti aja routenya. jangan pake 0.0.0.0/0
    ganti 192.168.0.0/16

    misalnya ip antar router adalah 10.0.0.1/30
    routenya musti gini
    Code:
    dst-address=0.0.0.0/0 gateway 10.0.0.1
    diubah jadi
    Code:
    dst-address=192.168.0.0/16 gateway 10.0.0.1
    nah Om Anto udah kasih masukan tuh, lewat cara routing nya
    tapi IMHO, cara tersebut akan berlaku untuk semua clien, jadinya semua client (client router sebelah kanan dalm gambar=>R2) hanya akan bisa komunikasi antar lokal saja (client router seblah kiri dlm gmbr=>R1),
    trus bagamana kalo yg dimaksud TS adalah hanya client (client R2) tertentu saja yg di block...???
    nah mnuurut saya kalo kasus nya begitu, kita cukup bikin rule untuk drop koneksi selain ke ip lokal di R2 nya,
    Code:
    /ip fi fi
    add action=drop src-address=172.27.51.8 dst-address=!192.168.0.0/16
    Big CMIW...Click here to enlarge

  4. #4
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    oh, my fault.. gw g perhatikan kalo disana ada client yang diijinkan :v
    thanks om brutuz.

  5. #5
    Status
    Offline
    mualimsan's Avatar
    Baru Gabung
    Join Date
    Jul 2014
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    [QUOTE=Anto.PJ;283068]oh, my fault.. gw g perhatikan kalo disana ada client yang diijinkan :v
    thanks om brutuz.[/QUOTE

    Thanks Om Anto atas masukannya, saya sudah menemukan solusinya. saya hanya ingin blok user tertentu saja
    jadi saya gunakan skrip ini

    " /ip firewall filter
    add chain=forward protocol=tcp dst-port=80,443 out-interface=ether1 src-mac-address=14DAE99459A8 action=drop "

    saya blok berdasarkan port dan mac address

  6. #6
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    792
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    [QUOTE=mualimsan;283162]
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    oh, my fault.. gw g perhatikan kalo disana ada client yang diijinkan :v
    thanks om brutuz.[/QUOTE

    Thanks Om Anto atas masukannya, saya sudah menemukan solusinya. saya hanya ingin blok user tertentu saja
    jadi saya gunakan skrip ini

    " /ip firewall filter
    add chain=forward protocol=tcp dst-port=80,443 out-interface=ether1 src-mac-address=14DAE99459A8 action=drop "

    saya blok berdasarkan port dan mac address
    kalo berdasarkan port, terutama port 80, pastikan intranet agan tidak ada program/lokal server yg menggunakan port 80 juga,..Click here to enlarge

  7. #7
    Status
    Offline
    sim-X's Avatar
    Newbie
    Join Date
    May 2011
    Location
    YOGYAKARTA
    Posts
    51
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by brutuz_1 Click here to enlarge
    nah Om Anto udah kasih masukan tuh, lewat cara routing nya
    tapi IMHO, cara tersebut akan berlaku untuk semua clien, jadinya semua client (client router sebelah kanan dalm gambar=>R2) hanya akan bisa komunikasi antar lokal saja (client router seblah kiri dlm gmbr=>R1),
    trus bagamana kalo yg dimaksud TS adalah hanya client (client R2) tertentu saja yg di block...???
    nah mnuurut saya kalo kasus nya begitu, kita cukup bikin rule untuk drop koneksi selain ke ip lokal di R2 nya,
    Code:
    /ip fi fi
    add action=drop src-address=172.27.51.8 dst-address=!192.168.0.0/16
    Big CMIW...Click here to enlarge
    jozz gan,,

  8. #8
    Status
    Offline
    musafirr's Avatar
    Calon Member
    Join Date
    Jul 2010
    Location
    Tangerang Selatan
    Posts
    78
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Cool

    Kalau konfig saya dikantor berhubung staff ga dikasih akses ke seluruh link internet, Ya cukup buat kaya dibawah ini deh :

    action=drop chain=forward src-address=192.168.1.57 protocol=6(tcp) dst-port=0-65535

    barangkali ada yang mau implement kaya gini kalo udah last step ...

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Blok Youtube di router OS v6
    By tendabiru in forum Beginner Basics
    Replies: 11
    Last Post: 22-09-2016, 20:58
  2. script / blok berdasarkan active host! [netcut]
    By tjhoens in forum Scripting @ Mikrotik
    Replies: 38
    Last Post: 21-01-2013, 18:18
  3. Replies: 2
    Last Post: 13-01-2012, 09:02
  4. (open) Pendaftaran Dealer Pulsa Elektrik Harga Host to Host
    By be94joel in forum Lapak serba-serbi
    Replies: 0
    Last Post: 29-12-2009, 00:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •