Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    MAC address vs IP Address...

    Suhu suhu mikrotik mau tanya nih...

    Gimana caranya kasih pembanding MAC dengan IP di Mikrotik...

    Misal gini :

    IP : 192.168.0.1 - MAC :11:22:33:44:55, nah bila paket melalui router, maka akan dibandingkan dahulu, bila MAC dengan IP sesuai, maka paket dilewatkan, bila tidak sesuai, paket akan di drop.

    Terima kasih ya atas bantuannya.

  2. #2
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Gak ada yg bs bantu ya... Click here to enlarge Click here to enlarge

  3. #3
    Status
    Offline
    Xerophie's Avatar
    Calon Member
    Join Date
    Sep 2007
    Location
    Recycle Bin
    Posts
    84
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    Exclamation hmm...

    bagaimana kalau dibikin static aja arp nya,

    winbox > ip > arp

    pilih ip dan mac yg akan di static kan > klik kanan > make static Click here to enlarge

  4. #4
    Status
    Offline
    mossy's Avatar
    Member
    Join Date
    Apr 2008
    Location
    Jakarta, Cikarang
    Posts
    247
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Xerophie Click here to enlarge
    bagaimana kalau dibikin static aja arp nya,

    winbox > ip > arp

    pilih ip dan mac yg akan di static kan > klik kanan > make static Click here to enlarge
    se7...Click here to enlarge

  5. #5
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gak bs kk, masalahnya gini, warnet aq ada 10 klien...

    nah ip aq set static... 192..0.71 - 80, gateway : 0.1.

    nah ceritanya ada yg iseng ganti ip nya jadi 192..0.1, gateway : 0.1

    mati deh internetnya...

  6. #6
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    lha pake ARP static udah bener caranya.. jadi yg gak bisa ganti2 ip di warnet koe...

    ada cara lain masukin di firewall filter,
    chain forward src-address action mark trus jump deh...
    trus lo buat rule 1-1 dari src-address trus src-macaddress action accept..
    cape

  7. #7
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sry kk msh newbie nih... Click here to enlarge

    Gini alurnya :

    IP ADD :

    0 192.168.0.1/24 192.168.0.0 192.168.0.255 local
    1 192.168.27.28/24 192.168.27.0 192.168.27.255 public

    IP ROUTE :

    0 ADC 192.168.0.0/24 192.168.0.1 local
    1 ADC 192.168.27.0/24 192.168.27.28 public
    2 A S 0.0.0.0/0 r 192.168.27.27 public


    IP FIRE NAT :

    0 chain=srcnat out-interface=public action=masquerade

    1 chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

    2 chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

    3 chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080

    4 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=53 action=dst-na>
    to-addresses=192.168.0.1 to-ports=53

    5 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=953
    action=dst-nat to-addresses=202.134.0.61 to-ports=953

    6 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=53 action=dst-na>
    to-addresses=202.134.1.10 to-ports=53

    7 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=953
    action=dst-nat to-addresses=202.134.1.10 to-ports=953

    8 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=53 action=dst-na>
    to-addresses=203.130.196.155 to-ports=53

    9 chain=dstnat src-address=0.0.0.0/0 protocol=udp dst-port=953
    action=dst-nat to-addresses=203.130.196.155 to-ports=953

    0 D 192.168.0.99 00:0D:56:39Click here to enlarge4:93 local
    1 192.168.0.5 00:E0:4D:2F:10:A4 local
    2 192.168.0.71 00:E0:4D:2F:0A:55 local
    3 192.168.0.72 00:E0:4D:46:BD:BE local
    4 192.168.0.73 00:E0:4D:2F:0A:58 local
    5 192.168.0.74 00:E0:4D:2F:0A:5A local
    6 192.168.0.76 00:13:F7:81:84:72 local
    7 192.168.0.77 00:E0:4D:2F:10:92 local
    8 192.168.0.78 00:E0:4D:2F:44:72 local
    9 192.168.0.80 00:13:F7:81:84:73 local
    10 192.168.27.27 00:13:F7:6C:F2:B0 public
    11 192.168.0.75 00:13:F7:81:84:71 local
    12 192.168.0.79 00:E0:4D:2F:0A:20 local

    Nah abis gitu klien gue set ip static, gateway ke 0.1

    gue coba test ke klien, dengan mengganti ip yg semula 0.71 ke 0.1... langsung deh... internet mati... Click here to enlarge(

  8. #8
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    weleh.. gak ngerti gw lo copypaste configurasi buat apaan...
    yg gw liad disitu

    ip private lokal, trus routing, redirect port, arpnya udha di static itu ya???

    pake windows ya, control panelnya di lock aje, biar gak ada yg iseng... Click here to enlarge

  9. #9
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge... hehehehe harap 1000x maklum deh kk... newbie banget nih... br seminggu belajar mikrotik... darah tinggi naik...

    itu udah distatic kk...

    control panel udah di lock, tp masih ada yg canggih bisa ganti IP...

    dan sialnya lg, operator gue diberitahu ama tuh orang, kl internetnya mati, gara-gara dia ganti tuh ip... Click here to enlarge

    padahal baru 3 hari pake mikrotik buat web-proxy aja... Click here to enlarge

    bantuin kk... Click here to enlarge

  10. #10
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Kalau ada yang jahil ganti2 gini susah, yang bisa dilakukan adalah user windows dibuat user only, bukan administrator, jadi tidak bisa ganti IP.

  11. #11
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ya itu mslhnya...

    Click here to enlarge

    andaikata aja MT bisa detect IP klien...

    terus misal IP klien ke detect sama persis dengan IP MT...

    maka otomatis MT akan ganti IP klien dengan yg IP sesuai dengan ARP berdasarkan MAC...

    tapi IP itu untuk komunikasi dalam MT aja, tampilan di windows tetap IP yg diganti...

    jadi kecut nanti tuh yg jahil... Click here to enlarge

    canggih khan... ada caranya gak ya... Click here to enlarge
    Last edited by erick81; 13-10-2008 at 22:51.

  12. #12
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Gawat kalau ada program yang membuat sebuah mesin bisa mengatur paksa IP komputer lain... Click here to enlarge Yang ada juga bisa kacau kalau gitu caranya. Yang benar adalah mengatur hak orang yang bisa mengganti IP... gitu...
    Atau kalau mau bikin lebih ribet sedikit, di bikin IP-nya point to point /30 jadi masing2 komputer punya gateway sendiri2 sehingga kalaupun ada komputer yang jahil pindah IP, tidak akan mengganggu seluruh network.
    Last edited by rahwana; 13-10-2008 at 22:50. Reason: Dilengkapi dengan PTP

  13. #13
    Status
    Offline
    erick81's Avatar
    Baru Gabung
    Join Date
    Oct 2008
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rahwana Click here to enlarge
    Gawat kalau ada program yang membuat sebuah mesin bisa mengatur paksa IP komputer lain... Click here to enlarge Yang ada juga bisa kacau kalau gitu caranya. Yang benar adalah mengatur hak orang yang bisa mengganti IP... gitu...
    Atau kalau mau bikin lebih ribet sedikit, di bikin IP-nya point to point /30 jadi masing2 komputer punya gateway sendiri2 sehingga kalaupun ada komputer yang jahil pindah IP, tidak akan mengganggu seluruh network.
    Khan ada basis dari data di ARP-nya kk... Click here to enlarge

    tp ide gateway 1-1 itu juga masuk akal kk...

    berarti setting di MT gateway ada banyak ya kk..

  14. #14
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yg di interface udah di buat reply-only belom?

    tp gak epek juga sih kalo lo tetep keras kepala gitu, buat basis networking sendiri..
    yg jelas OSI layer yang lo pake itu sudah di buatkan semudah mungkin digunakan.

  15. The Following User Says Thank You to ataru For This Useful Post:


  16. #15
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Kalo dibuat Static ARP gitu juga bisa mencegah ARP poisoning, jadi di /ip arp di make static trus interface dibuat reply-only. Cuman kalo pasang node baru musti dibuka dulu biar bisa akses.

    Kalo mau pake Filter Firewall bisa juga dengan kekurangan kalo ada yang terkena ARP poisoning/Virus, koneksi client bisa kacau. Caranya dengan kasih daftar yang di accept di /ip firewall filter dengan diisikan src-address dan mac-nya trus di paling bawah dikasih drop semua.

  17. The Following User Says Thank You to yosanpro For This Useful Post:


 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. mac address cloning?
    By learn2clocks in forum Beginner Basics
    Replies: 3
    Last Post: 30-12-2012, 19:42
  2. Blok MAC Address
    By kifli.sul in forum Beginner Basics
    Replies: 2
    Last Post: 08-10-2008, 14:20
  3. Replies: 15
    Last Post: 31-07-2008, 02:00
  4. address list
    By c0nf in forum General Networking
    Replies: 3
    Last Post: 06-11-2007, 17:50

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •