Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Status
    Offline
    kera's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    Bali
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    ngeblok komunikasi antar interface

    dear all, aku ad sedikit kejanggalan nih, lansgung to the point ja ya, ether1=publik ether2=office ether3=hotspot. nah masalah na kenapa user2 hotspot bisa mengakses ke jaringan office padahal ip yg diberikan udah beda jauh, coba ngoprek di firewall filter dan nat mentok (maklum itu juga cuman coba2 doank, ndak tahu cara nyeting yg bener), thanks ya

  2. #2
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by kera Click here to enlarge
    dear all, aku ad sedikit kejanggalan nih, lansgung to the point ja ya, ether1=publik ether2=office ether3=hotspot. nah masalah na kenapa user2 hotspot bisa mengakses ke jaringan office padahal ip yg diberikan udah beda jauh, coba ngoprek di firewall filter dan nat mentok (maklum itu juga cuman coba2 doank, ndak tahu cara nyeting yg bener), thanks ya
    di natnya isi aja out-interface=ether1 untuk nat jaringan hotspot.

    CMIIW

  3. #3
    Status
    Offline
    kera's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    Bali
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lini Click here to enlarge
    di natnya isi aja out-interface=ether1 untuk nat jaringan hotspot.

    CMIIW
    ndak mau, masih tetep bisa konek ke jaringan office Click here to enlarge
    {chain=srcnat src-address=(ip hotspot) out-interface=ether1 action=masquerade} di nat yg ini maksudnya. ada ide lagi ndak?
    thanks berat nih kalo bisa sukses

  4. #4
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kera Click here to enlarge
    ndak mau, masih tetep bisa konek ke jaringan office Click here to enlarge
    {chain=srcnat src-address=(ip hotspot) out-interface=ether1 action=masquerade} di nat yg ini maksudnya. ada ide lagi ndak?
    thanks berat nih kalo bisa sukses
    actionnya ganti "drop" bisa ngga Click here to enlarge

  5. #5
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    seperti saran ^^ tuh buat dicoba

  6. #6
    Status
    Offline
    kera's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    Bali
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donipermono1982 Click here to enlarge
    actionnya ganti "drop" bisa ngga Click here to enlarge
    di filter rule udah tak tambahin itu bosss, tetep ndak mau Click here to enlarge
    ada ide yg lain na?

  7. #7
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    copas aja settinggannya ke sini. biar jelas

  8. #8
    Status
    Offline
    kera's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    Bali
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by felix_sg Click here to enlarge
    copas aja settinggannya ke sini. biar jelas
    as you wish, my lord
    ================================================== ========
    /firewall/nat :

    ;;; masquerade hotspot network
    chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=wan1

    ;;; masquerade Office network
    chain=srcnat action=masquerade src-address=168.168.12.0/24 out-interface=wan1

    /firewall/filter-rule :

    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 chain=input action=drop src-address=192.168.1.0/24 dst-address=168.168.12.0/24
    ================================================== ========


    demikian kira na boss...., trims

  9. #9
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo chain input nya di ganti forward ?

  10. #10
    Status
    Offline
    nyoman's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    142
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kera Click here to enlarge
    as you wish, my lord
    ================================================== ========
    /firewall/filter-rule :

    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 chain=input action=drop src-address=192.168.1.0/24 dst-address=168.168.12.0/24
    ================================================== ========


    demikian kira na boss...., trims
    Ini seharusnya chain FORWARD
    bila perlu tambahkan lagi 1,
    chain=forward src-address=168.168.12.0/24 dst-address=192.168.1.0/24 action=DROP

    Sc

  11. #11
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bisa di ikut saran2 senior di atas..

    btew ngasih saran yang beda dikit...

    apa karena nat nya di masquerade ya, makanya ip nya bisa saling intip.

    kalo logika saya apabila di masquerade, maka gatewaynya akan ketemu jadi satu di gateway ip public. nah karena sama2 ke satu ip public gatewaynya, maka ip local nya biar pun beda network masi bisa saling liat.

    ini logika saya aja lho... mohon maaf kalo salah.. (masih newbie juga bro) Click here to enlarge
    Last edited by felix_sg; 28-08-2008 at 03:16.

  12. #12
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Kalo pake action=src-nat gimana bro? bukan masquerade?

  13. #13
    Status
    Offline
    kera's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    Bali
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pake forward bisa bro, ndak bisa diping. cuman.....Click here to enlarge
    browsing ke via IE ke ip office (akses point dikantor bos)
    kemudian aku ubah aja, dr port 80 menjadi 8020. begitu juga dgn komputer2 yg lain, terutama local mailserver aku ubah semua portnya. sedikit ribet tp apa boleh buat, untuk sementara seh. sambil cari informasi mengenai settingan mikrotik untuk kasus yg satu ini. fyi web proxy aku aktifin pake port 8080. setidak na aku dah dapet informasi yg berharga dr temen2 semua, thanks alot ya..... for the support.... Click here to enlarge

  14. #14
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    kalo mo pake mangle untuk routing-mark seh pasti gak bisa kemana mana tuh

  15. #15
    Status
    Offline
    Xtreme's Avatar
    Newbie
    Join Date
    Aug 2008
    Location
    depan Router
    Posts
    64
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kali aja kabel nyolok semua ke HUB boss... Click here to enlarge
    Klo HOTSPOT pake AP mendingan colokin aja langsung ke ether3 ato yg di gunakan buat hotspot.... Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Web-proxy ngeblok all akses
    By rayzz in forum General Networking
    Replies: 6
    Last Post: 18-01-2010, 14:57
  2. ngeblok PPTP
    By cupu80 in forum General Networking
    Replies: 3
    Last Post: 03-12-2009, 03:04
  3. Komunikasi beberapa segmen IP
    By dane in forum Beginner Basics
    Replies: 11
    Last Post: 25-02-2009, 09:40
  4. (Ask) Cara ngeblok ip
    By roodeey in forum Beginner Basics
    Replies: 1
    Last Post: 03-04-2008, 15:53
  5. 2blok ip biar bisa komunikasi
    By shehoxs in forum Beginner Basics
    Replies: 10
    Last Post: 21-11-2007, 23:43

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •