Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 4 of 5 FirstFirst ... 2345 LastLast
Results 46 to 60 of 69
  1. #46
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kasus yg sama nih,
    ane biasa install aplikasi, game dan copy lagu, lewat sharing dari komputer operator
    permasalahannya, sebelum menggunakan mikrotik lancar dan cepet, namum setelah pke mikrotik,
    instal game PB aja lama bgt.. apa ada yg salah ma setting'an mikrotik ane?...
    mohon pencerahan master2 FMI...

  2. #47
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by warnet Click here to enlarge
    kiasan gw balas kiasan...
    hahah serius amat ama kata-kata... dia jg pake kiasan kale...
    ky dia sih cuma bs nyaranin liat tutorial lah, baca manual, malas nyari... (sudah search tidak ada kasus ky gene)
    Code:
    / ip firewall nat 
    add chain=srcnat action=src-nat to-addresses=202.158.3.7 to-ports=0-65535 out-interface=wlan1 src-address=192.168.1.0/24 comment="" disabled=no 
    add chain=srcnat action=src-nat to-addresses=202.158.3.7 to-ports=0-65535 out-interface=ether1 src-address=192.168.1.0/24 dst-address=192.168.1.0/24 comment="" disabled=no 
    add chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=6001 dst-address=202.158.3.7 dst-port=6001 protocol=tcp comment="" disabled=no 
    add chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=6002 dst-address=202.158.3.7 dst-port=6002 protocol=tcp comment="" disabled=no 
    add chain=dstnat action=dst-nat to-addresses=192.168.1.3 to-ports=6003 dst-address=202.158.3.7 dst-port=6003 protocol=tcp comment="" disabled=no 
    add chain=dstnat action=dst-nat to-addresses=192.168.1.4 to-ports=6004 dst-address=202.158.3.7 dst-port=6004 protocol=tcp comment="" disabled=no 
    add chain=dstnat action=dst-nat to-addresses=192.168.1.5 to-ports=6005 dst-address=202.158.3.7 dst-port=6005 protocol=tcp comment="" disabled=no 
    
    / ip route 
    add dst-address=0.0.0.0/0 gateway=202.158.3.1 scope=255 target-scope=10 comment="" disabled=no 
    
    / ip firewall mangle 
    add chain=prerouting action=mark-connection new-connection-mark=con-iix passthrough=yes in-interface=ether1 dst-address-list=nice comment="Mark-connection IIX Traffic" disabled=no 
    add chain=prerouting action=mark-packet new-packet-mark=iix-mark passthrough=no connection-mark=con-iix comment="Mark-packet IIX Traffic" disabled=no 
    add chain=prerouting action=mark-packet new-packet-mark=int-mark passthrough=no comment="Mark-packet Overseas Traffic" disabled=no 
    
    / queue simple 
    add name="IIX" target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=iix-mark direction=both priority=8 queue=iix-up/iix-dn limit-at=0/0 \
        max-limit=0/0 total-queue=default-small disabled=no 
    add name="INT" target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=int-mark direction=both priority=8 queue=int-up/int-dn limit-at=0/0 \
        max-limit=0/0 total-queue=default-small disabled=no 
    
    / ip address 
    add address=202.158.3.7/24 network=202.158.3.0 broadcast=202.158.3.255 interface=wlan1 comment="" disabled=no 
    add address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment="" disabled=no

    address list berisi list nice dari mikrotik.co.id
    firewall kosong, conntrack biasa ga diubah2, mangle dari mikrotik.co.id, queue dgn pcq sudah dicoba disable tp sama aja
    Maaf newbie coba bantu.. kebetulan dulu aku jg pernah mengalami yg agan alami.. tapi Alhamdulillah masalah terselesaikan berkat baca2 di forum ini dan forum mikrotik luar.. yg jelas permasalahan ada di NAT tuh gan.. ini aku kasih lihat NAT punyaku..
    Code:
    /ip firewall nat
    add action=masquerade chain=srcnat  out-interface=wlan1
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.1 to-ports=6151
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1 to-ports=6151
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.2 to-ports=6152
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.2 to-ports=6152
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6153 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.3 to-ports=6153
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6153 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.3 to-ports=6153
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6154 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.4 to-ports=6154
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6154 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.4 to-ports=6154
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6155 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.5 to-ports=6155
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6155 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.5 to-ports=6155
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6156 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.6 to-ports=6156
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6156 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.6 to-ports=6156
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6157 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.7 to-ports=6157
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6157 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.7 to-ports=6157
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6158 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.8 to-ports=6158
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6158 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.8 to-ports=6158
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6159 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.9 to-ports=6159
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6160 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.10 to-ports=6160
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6160 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.10 to-ports=6160
    add action=src-nat chain=srcnat dst-address=192.168.1.0/24 out-interface=ether1 src-address=192.168.1.0/24 to-addresses=xxx.xxx.xxx.xxx
    xxx.xxx.xxx.xxx --> ip public agan..
    semoga membantu

  3. #48
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=wlan1
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.1 to-ports=6151
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1 to-ports=6151

    mohon penjelasan, maklum ane nubie bgt, yg di bold itu interfaces pa y?
    soalya di interfaces saya cma ada ether1-speedy, ethe2, ether3, ether4 dan ether5-speedy,
    (ethet1-speedy = ke modem, ether5-lan = ke hub)
    Click here to enlarge

  4. #49
    Status
    Offline
    ucok_karnadi's Avatar
    ..:: Masih Bodoh ::..
    Join Date
    Jan 2009
    Location
    PATI - JAWA TENGAH
    Posts
    1,187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by helloween Click here to enlarge
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=wlan1
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.1 to-ports=6151
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1 to-ports=6151

    mohon penjelasan, maklum ane nubie bgt, yg di bold itu interfaces pa y?
    soalya di interfaces saya cma ada ether1-speedy, ethe2, ether3, ether4 dan ether5-speedy,
    (ethet1-speedy = ke modem, ether5-lan = ke hub)
    Click here to enlarge
    kuenya seperti apa? dibagi berapa banyak??
    ___________________________________________


  5. #50
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    cara menampilkan'y gimna?
    maklum baru pertama pake mikrotik...Click here to enlarge

  6. #51
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by helloween Click here to enlarge
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=wlan1
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=wlan1 protocol=tcp to-addresses=192.168.1.1 to-ports=6151
    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1 to-ports=6151

    mohon penjelasan, maklum ane nubie bgt, yg di bold itu interfaces pa y?
    soalya di interfaces saya cma ada ether1-speedy, ethe2, ether3, ether4 dan ether5-speedy,
    (ethet1-speedy = ke modem, ether5-lan = ke hub)
    Click here to enlarge
    wlan1 --> interface publik om... kalo di tempat si om berarti ya yg speedy
    ether1 --> interface lokal om.. kalo di tempat si om berarti ya yg ether5

  7. #52
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=ether1-speedy

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.2 to-ports=6152

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6152 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.2 to-ports=6152

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6153 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.3 to-ports=6153

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6153 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.3 to-ports=6153

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6154 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.4 to-ports=6154

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6154 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.4 to-ports=6154

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6155 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.5 to-ports=6155

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6155 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.5 to-ports=6155

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6156 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.6 to-ports=6156

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6156 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.6 to-ports=6156

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6157 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.7 to-ports=6157

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6157 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.7 to-ports=6157

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6158 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.8 to-ports=6158

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6158 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.8 to-ports=6158

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6159 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.9 to-ports=6159

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6159 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.9 to-ports=6159

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6160 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.10 to-ports=6160

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6160 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.10 to-ports=6160

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6161 in-interface=ether1-speedy protocol=tcp to-addresses=192.168.3.11 to-ports=6161

    add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=6161 in-interface=ether5-lan protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.3.11 to-ports=6161

    add action=src-nat chain=srcnat dst-address=192.168.1.0/24 out-interface=ether5-lan src-address=192.168.1.0/24 to-addresses=xxx.xxx.xxx.xxx


    koreksi bener ga gan?
    yg dirubah cuma xxx.xxx.xxx.xxx sama ip publik ku

    topologi
    operator - client2 sampe client 11
    soalnya copy file atau instal game dari komputer operator yg di share masih lelet
    Click here to enlarge
    Last edited by helloween; 02-09-2012 at 23:26.

  8. #53
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    maaf... kembali ke kasus si TS yg membuat nat buat dota supaya 1 warnet bisa main di satu room.. tapi efeknya kata TS mempengaruhi kecepatan copy file (sharing di windows) antar client...
    aku coba bantu dengan share nat punyaku yg buat dota om.. tapi ga mempengaruhi kecepatan sharing data..
    coba mungkin kasus om hellowen dicoba mikrotiknya dimatiin dulu.. kalo emang kecepatan sharingnya masih lambat berarti ada kemungkinan permasalahan bukan di mikrotik... tapi kalo sharingnya jd normal setelah mikrotik dimatiin.. coba deh dicek lg settingan mikrotiknya dari awal.. seperti yg master2 sini jawab di post2 sebelumnya.. "gak ada hubungannya antara mikrotik dengan kecepatan sharing di windows"

  9. #54
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlargeClick here to enlarge kirain nat diatas buat sharing....
    ane dah coba matiin mikrotik..
    sapidi => modem => hub => client
    sharing lancar jaya copy file 15 GB sekitar 1 jam
    instal game rohan sekitar 1/2 jam
    klo pake mikrotik copy file 15 GB sekitar 3 jam
    instal game rohan sekitar 2 jam...
    apakah ada setting mikrotik yg salah?....
    Click here to enlargeClick here to enlargeClick here to enlarge

  10. #55
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    jelas ada kesalahan tuh om.. coba share di sini setingan mikrotiknya... terutama di bagian, filter, nat, sama mangle, bagian queue juga om....
    caranya.. new terminal
    filter --> /ip firewall filter export
    nat --> /ip firewall nat export
    mangle --> /ip firewall mangle export
    queue (kalo pake simple) --> /queue simple export
    queue (kalo pake tree) --> /queue tree export
    tinggal copas masukin sini tuh om.. siapa tahu master2 di sini ada yg ngerespon om...

  11. #56
    Status
    Offline
    troyPollux's Avatar
    Member
    Join Date
    Mar 2010
    Location
    Surabaya - Malang (PP)
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by helloween Click here to enlarge
    Click here to enlargeClick here to enlarge kirain nat diatas buat sharing....
    ane dah coba matiin mikrotik..
    sapidi => modem => hub => client
    sharing lancar jaya copy file 15 GB sekitar 1 jam
    instal game rohan sekitar 1/2 jam
    klo pake mikrotik copy file 15 GB sekitar 3 jam
    instal game rohan sekitar 2 jam...
    apakah ada setting mikrotik yg salah?....
    Click here to enlargeClick here to enlargeClick here to enlarge
    sudah di coba untuk disable rule2 yang ada om ? seperti mangle / queues, nat cukup 1 dulu, test file sharing lagi, nanti biasanya kelihatan mana yang salah

  12. #57
    Status
    Offline
    mattnux's Avatar
    Forum Guru
    Join Date
    Jun 2008
    Location
    jakarta
    Posts
    1,255
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    kalo masih pake cara coba2 percuma belajar mikrotiknya Click here to enlarge

    prinsipnya gini, ente pasti punya mangle untuk marking2
    ente pasti pake itu mangle untuk queue baik simple maupun tree
    nah yg jadi masalah karena ente bikin itu queue makanya bikin akses lokal file sharing ente jadi lemot...

    solusinya bypass semua paket dari dan ke filesharing, bisa pake ip, port maupun layer7
    abis itu bikin simple queue atau queuetree dan letakkan di baris paling atas.

    sori ane hanya berteori xixixxi

  13. #58
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by mattnux Click here to enlarge
    kalo masih pake cara coba2 percuma belajar mikrotiknya Click here to enlarge

    prinsipnya gini, ente pasti punya mangle untuk marking2
    ente pasti pake itu mangle untuk queue baik simple maupun tree
    nah yg jadi masalah karena ente bikin itu queue makanya bikin akses lokal file sharing ente jadi lemot...

    solusinya bypass semua paket dari dan ke filesharing, bisa pake ip, port maupun layer7
    abis itu bikin simple queue atau queuetree dan letakkan di baris paling atas.

    sori ane hanya berteori xixixxi
    " kalo masih pake cara coba2 percuma belajar mikrotiknya Click here to enlarge "
    maaf MASTER ane ga setuju statement itu.. yang namanya orang mau belajar ya pasti coba2 lah.. kita waktu bayi aja mau belajar jalan coba2 dulu kok.... jatuh kepleset dan lain2 ya emang itu resikonya.. demikian juga dengan mikrotik.. kesalahan dan menghadapi permaslahan ya hal yang wajar.. musti COBA2...

  14. #59
    Status
    Offline
    helloween's Avatar
    Baru Gabung
    Join Date
    Dec 2009
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    /ip firewall filter
    add action=accept chain=forward comment="allow established connections" \
    connection-state=established disabled=no
    add action=accept chain=forward comment="allow related connections" \
    connection-state=related disabled=no
    add action=accept chain=output content="530 Login incorrect" disabled=no \
    dst-limit=1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=FTP_BlackList \
    address-list-timeout=1d chain=output content="530 Login incorrect" \
    disabled=no protocol=tcp
    add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=\
    no protocol=udp src-port=135-139
    add action=drop chain=forward disabled=no dst-port=135-139 protocol=udp
    add action=drop chain=forward disabled=no protocol=udp src-port=445
    add action=drop chain=forward disabled=no dst-port=445 protocol=udp
    add action=drop chain=forward disabled=no protocol=tcp src-port=135-139
    add action=drop chain=forward disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=forward disabled=no protocol=tcp src-port=445
    add action=drop chain=forward disabled=no dst-port=445 protocol=tcp
    add action=drop chain=forward disabled=no dst-port=4691 protocol=tcp
    add action=drop chain=forward disabled=no dst-port=5933 protocol=tcp
    add action=drop chain=forward comment="Blok LLMNR" disabled=no dst-port=5355 \
    protocol=udp
    add action=drop chain=forward disabled=no dst-port=4647 protocol=udp
    add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
    src-port=25
    add action=drop chain=forward disabled=no dst-port=25 protocol=tcp
    add action=drop chain=forward disabled=no dst-port=7777 protocol=tcp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    135-139 protocol=tcp
    add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=\
    135-139 protocol=udp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=tcp
    add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
    add action=drop chain=virus comment=________ disabled=no dst-port=593 protocol=\
    tcp
    add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
    protocol=tcp
    add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
    protocol=tcp
    add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
    protocol=tcp
    add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
    protocol=tcp
    add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
    protocol=tcp
    add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
    add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 protocol=\
    tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp
    add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 \
    protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
    3127-3128 protocol=tcp
    add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
    dst-port=3410 protocol=tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=udp
    add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 \
    protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 \
    protocol=tcp
    add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
    protocol=tcp
    add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 \
    protocol=tcp
    add action=drop chain=virus comment="Drop PhatBot,Agobot, Gaobot" disabled=no \
    dst-port=65506 protocol=tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=12667 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=27665 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=31335 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=27444 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=34555 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=35555 protocol=\
    udp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=27444 protocol=\
    tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=27665 protocol=\
    tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=31335 protocol=\
    tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=31846 protocol=\
    tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=34555 protocol=\
    tcp
    add action=drop chain=virus comment=Trinoo disabled=no dst-port=35555 protocol=\
    tcp
    add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=\
    no protocol=udp src-port=135-139,445
    add action=drop chain=forward disabled=no dst-port=135-139,445 protocol=udp
    add action=drop chain=forward disabled=no protocol=tcp src-port=135-139,445,593
    add action=drop chain=forward disabled=no dst-port=135-139,445,593 protocol=tcp
    add action=drop chain=input comment="drop ftp brute forcers" disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_blacklist
    add action=accept chain=output content="530 Login incorrect" disabled=no \
    dst-limit=1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    disabled=no protocol=tcp
    add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp
    add action=drop chain=forward comment="drop ssh brute downstream" disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist


    /ip firewall nat
    add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
    add action=masquerade chain=srcnat comment="masquerade modem" disabled=no \
    out-interface=ether1-speedy src-address=192.168.3.0/24


    /ip firewall mangle
    add action=mark-connection chain=forward disabled=no dst-address=\
    192.168.1.1-192.168.1.11 new-connection-mark=all-warnet passthrough=yes
    add action=mark-packet chain=forward connection-mark=all-warnet disabled=no \
    new-packet-mark=all-warnet passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.1 \
    new-connection-mark=server passthrough=yes
    add action=mark-packet chain=forward connection-mark=server disabled=no \
    new-packet-mark=server passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.2 \
    new-connection-mark=client2 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client2 disabled=no \
    new-packet-mark=client2 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.3 \
    new-connection-mark=client3 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client3 disabled=no \
    new-packet-mark=client3 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.4 \
    new-connection-mark=client4 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client4 disabled=no \
    new-packet-mark=client4 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.5 \
    new-connection-mark=client5 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client5 disabled=no \
    new-packet-mark=client5 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.6 \
    new-connection-mark=client6 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client6 disabled=no \
    new-packet-mark=client6 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.7 \
    new-connection-mark=client7 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client7 disabled=no \
    new-packet-mark=client7 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.8 \
    new-connection-mark=client8 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client8 disabled=no \
    new-packet-mark=client8 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.9 \
    new-connection-mark=client9 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client9 disabled=no \
    new-packet-mark=client9 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.10 \
    new-connection-mark=client10 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client10 disabled=no \
    new-packet-mark=client10 passthrough=no
    add action=mark-connection chain=forward disabled=no dst-address=192.168.3.11 \
    new-connection-mark=client11 passthrough=yes
    add action=mark-packet chain=forward connection-mark=client11 disabled=no \
    new-packet-mark=client11 passthrough=no


    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=2M name=all-warnet packet-mark=all-warnet parent=global-out \
    priority=8
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=2M name=server packet-mark=server parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client2 packet-mark=client2 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client3 packet-mark=client3 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client4 packet-mark=client4 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client5 packet-mark=client5 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client6 packet-mark=client6 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client7 packet-mark=client7 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client8 packet-mark=client8 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client9 packet-mark=client9 parent=all-warnet priority=3 \
    queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client10 packet-mark=client10 parent=all-warnet priority=\
    3 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=180k \
    max-limit=1M name=client11 packet-mark=client11 parent=all-warnet priority=\
    3 queue=default

    mohon koreksi para master2 FMI..

  15. #60
    Status
    Offline
    armyoty's Avatar
    Newbie
    Join Date
    Apr 2010
    Posts
    58
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    kok kayak ada yg aneh yah...
    kalo boleh tau ip ether1 berapa? ether1 itu ether yg ke modem kan?
    trs ip ether5 berapa? ether5 itu ether yg ke hub kan?

 

 
Page 4 of 5 FirstFirst ... 2345 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Internet jadi lambat setelah pakai mikrotik
    By emruxc in forum Beginner Basics
    Replies: 23
    Last Post: 11-09-2016, 10:58
  2. web proxy jadi lambat
    By onet in forum General Networking
    Replies: 6
    Last Post: 13-08-2008, 11:30
  3. Replies: 17
    Last Post: 02-07-2008, 22:48
  4. [ask] Upgrage ke V3.6 DOM jadi Full & koneksi jadi lambat?
    By sacilad in forum General Networking
    Replies: 9
    Last Post: 14-04-2008, 02:25
  5. Cara sharing file tapi beda subnetmask
    By Anoordy in forum General Networking
    Replies: 12
    Last Post: 31-01-2008, 22:54

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •