Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0

    (ask) 2 Koneksi ke Internet

    mau tanya nie pada sesepuh mikrotik..
    saya mempunyai gambar topologi di bawah ini..


    Click here to enlarge

    saya mempunya 2 koneksi ke internet
    1 koneksi memakai modem adsl (speedy)
    1 koneksi memakai isp lokal

    yang menjadi pertanyaan.. ?
    saya bingung untuk routenya?

    1. Koneksi modem adsl hanya untuk internet (port 80), jadi semua traffick upstream dan downstream di atur ke arah modem adsl.

    2. koneksi isp lokal hanya untuk email pop3 (port 25 dan 110) dan tidak untuk internet.

    3. trus mengatur dns nya bagaimana? karena berbeda dns?


    yang di set di firewall?? apa di mangelnya?


    mohon pencerahan dari pakar mikrotik disini.
    atas saran dan pencerahan saya ucapkan terima kasih.


    -------------
    new bie from surabaya

  2. #2
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    coba dulu kaya gini yah...klo ada yg salah mohon dikoreksi...

    - bikin mangle untuk traffik 80, mark-conn dilanjut dengan mark-routing

    - bikin mangle untuk traffik 25 dan 110 (2 rule), mark-conn dilanjut dengan mark-routing juga...

    - setelah itu di ip->routes tinggal ditambah rule gateway dengan mark-routing web menuju gateway adsl, dan mark-routing email menuju gateway isp..

    untuk dns, dari client arahkan dns-nya ke mikrotik ajah...nanti dimikrotik tinggal di set DNSnya dan allow remote request...


    -------------------------------------------

    yg jadi pertanyaan saya, untuk YM dan traffik lainnya berarti ga ada yg boleh nih ?

  3. #3
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    terima kasih untuk pencerahannya Click here to enlarge
    -------------------------------------------------------------
    dns di client sudah saya set ke mikrotik
    --------------------------------------------------------------

    bikin mangle untuk traffik 80, mark-conn dilanjut dengan mark-routing

    - bikin mangle untuk traffik 25 dan 110 (2 rule), mark-conn dilanjut dengan mark-routing juga...
    ada contoh scripnya enggak?

    maklum saya nubie di mikrotik Click here to enlarge

    boleh aja... jadi intinya
    semua traffict internet lewat speedy cuman
    yang buat email harus lewat isp itu aja..

    mungkin ada cara yang lebih sederhana?

  4. #4
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    di mangle bikin rule dgn parameter :

    Rule 1
    chain : prerouting
    in-interface : <LAN>
    Protocol : TCP
    Dst. Port : 80
    Action : Mark-connection
    New Conn Mark : WEB
    Passthrough : Yes

    Rule 2
    chain : prerouting
    in-interface : <LAN>
    Protocol : TCP
    Dst. Port : 80
    Connection-Mark : WEB
    Action : Mark-routing
    New Routing Mark : WEB
    Passthrough : No


    ------------------------------------------------

    2 Rule diatas untuk menandai traffik web, ulangi langkah diatas untuk traffik email

    lalu pada sisi IP->Routes

    buat rule dengan parameter :

    destination : 0.0.0.0/0
    gateway : <ip gateway adsl>
    mark : WEB

    destination : 0.0.0.0/0
    gateway : <ip gateway ISP>
    mark : EMAIL

    destination : 0.0.0.0/0
    gateway : <ip gateway adsl>


    ---------------------------------------

    rule yg terakhir untuk sisa traffik yg tidak terkena di mangle...

  5. The Following User Says Thank You to [a] For This Useful Post:


  6. #5
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by [a] Click here to enlarge
    di mangle bikin rule dgn parameter :

    Rule 1
    chain : prerouting
    in-interface : <LAN>
    Protocol : TCP
    Dst. Port : 80
    Action : Mark-connection
    New Conn Mark : WEB
    Passthrough : Yes

    Rule 2
    chain : prerouting
    in-interface : <LAN>
    Protocol : TCP
    Dst. Port : 80
    Connection-Mark : WEB
    Action : Mark-routing
    New Routing Mark : WEB
    Passthrough : No


    ------------------------------------------------

    2 Rule diatas untuk menandai traffik web, ulangi langkah diatas untuk traffik email

    lalu pada sisi IP->Routes

    buat rule dengan parameter :

    destination : 0.0.0.0/0
    gateway : <ip gateway adsl>
    mark : WEB

    destination : 0.0.0.0/0
    gateway : <ip gateway ISP>
    mark : EMAIL

    destination : 0.0.0.0/0
    gateway : <ip gateway adsl>


    ---------------------------------------

    rule yg terakhir untuk sisa traffik yg tidak terkena di mangle...
    thank bro atas pencerahannya
    saya coba sekarang nanti saya akan memberikan responya.......

    viva mikrotik Click here to enlarge

  7. #6
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by s3ijiro Click here to enlarge
    thank bro atas pencerahannya
    saya coba sekarang nanti saya akan memberikan responya.......

    viva mikrotik Click here to enlarge
    koq masih belum bisa ya ??
    waktu di mark masih belum terdekteksi Click here to enlarge

  8. #7
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    mangle nya

    [admin@MikroTik] > ip firewall mangle print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=prerouting in-interface=LAN protocol=tcp src-port=80 connection-mark=WEB action=mark-connection
    new-connection-mark=WEB passthrough=yes

    1 chain=prerouting in-interface=LAN protocol=tcp src-port=80 connection-mark=WEB action=mark-routing
    new-routing-mark=web passthrough=no

    2 chain=prerouting in-interface=LAN protocol=tcp src-port=25 connection-mark=SMTP action=mark-connection
    new-connection-mark=SMTP passthrough=no

    3 chain=prerouting in-interface=LAN protocol=tcp src-port=25 connection-mark=SMTP action=mark-routing
    new-routing-mark=SMTP passthrough=no

    4 chain=prerouting in-interface=LAN protocol=tcp src-port=110 action=mark-connection new-connection-mark=POP3
    passthrough=yes

    5 chain=prerouting in-interface=LAN protocol=tcp src-port=110 connection-mark=POP3 action=mark-routing
    new-routing-mark=POP3 passthrough=no
    [admin@MikroTik] >

  9. #8
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    ip route nya

    [admin@MikroTik] > ip route print
    Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
    # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
    0 ADC 192.168.0.0/24 192.168.0.100 LAN
    1 ADC 192.168.1.0/28 192.168.1.3 SPEEDY
    2 ADC 202.X.X.145/32 202.X.X.149 ISP
    3 A S 0.0.0.0/0 r 202.X.X.145 ISP
    r 192.168.1.1 SPEEDY
    r 192.168.1.1 SPEEDY
    4 S 0.0.0.0/0 r 192.168.1.1 SPEEDY
    [admin@MikroTik] >

  10. #9
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    NAT firewall

    [admin@MikroTik] > ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat out-interface=SPEEDY src-address=192.168.0.0/24 action=masquerade
    [admin@MikroTik] >

  11. #10
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    ip dns __________________Click here to enlarge

    [admin@MikroTik] > ip dns print
    primary-dns: 202.134.1.10
    secondary-dns: 202.134.0.155
    allow-remote-requests: yes
    cache-size: 2048KiB
    cache-max-ttl: 1w
    cache-used: 151KiB
    [admin@MikroTik] >

  12. #11
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    dari semua setingan diatas koq masih belum bias konek ya???
    bahkan belum bisa ter "mark" paket/koneksinya ??

    mohon pencerahannya.... terima kasih.

  13. #12
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by s3ijiro Click here to enlarge
    NAT firewall
    yang ke ISP di NAT/MASQUERADE juga

  14. #13
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    yang ke ISP di NAT/MASQUERADE juga
    sudah tapi koq masih nyantol ??
    untuk email....nya

    pop3nya lancar, tapi smtpnya masih gak bisa ?
    apa masih ada yang salah ya?

  15. #14
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini dari halaman 1

    [admin@MikroTik] > ip firewall nat print
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat out-interface=SPEEDY src-address=192.168.0.0/24 action=masquerade
    [admin@MikroTik] >
    blom ada yang ke ISP

    tambahin

    /ip fire nat out-interface=ISP src-address=192.168.0.0/24 action=masquerade chain=src-nat

  16. #15
    Status
    Offline
    s3ijiro's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    sudah kena Click here to enlarge

    ternyata begini Click here to enlarge
    ----------------------------------------
    /ip firewall mangle

    0 chain=prerouting in-interface=LAN protocol=tcp dst-port=25 src-address-list=karyawan action=mark-routing
    new-routing-mark=smtpisp passthrough=no

    1 chain=prerouting in-interface=LAN protocol=tcp dst-port=110 src-address-list=karyawan action=mark-routing
    new-routing-mark=popisp passthrough=no

    ----------------------------------------------
    [admin@MikroTik] <SAFE> ip firewall address-list print
    Flags: X - disabled, D - dynamic
    # LIST ADDRESS
    0 lxxxx 192.168.0.220-192.168.0.249
    1 lxxxx 192.168.0.110-192.168.0.149
    2 karyawan 192.168.0.2-192.168.0.20
    [admin@MikroTik] <SAFE>

    -----------------------------------------------
    [admin@MikroTik] > ip route print
    Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
    # DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
    0 ADC 192.168.0.0/24 192.168.0.100 LAN
    1 ADC 192.168.1.0/28 192.168.1.3 SPEEDY
    2 ADC 202.X.X.145/32 202.X.X.149 ISP
    3 S 0.0.0.0/0 r 202.X.X.145 ISP
    r 192.168.1.1 SPEEDY
    r 192.168.1.1 SPEEDY
    4 A S 0.0.0.0/0 r 192.168.1.1 SPEEDY
    5 A S 0.0.0.0/0 r 202.X.X.145 ISP
    6 A S 0.0.0.0/0 r 202.X.X.145 ISP
    [admin@MikroTik] >
    ----------------------------------------------------------------

    thanks to all Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 16
    Last Post: 09-05-2012, 14:11
  2. Replies: 81
    Last Post: 08-08-2011, 15:00
  3. Replies: 4
    Last Post: 22-06-2011, 15:44
  4. Internet CATV
    By locantop in forum General Networking
    Replies: 14
    Last Post: 18-08-2008, 11:56

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •