Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Status
    Offline
    Xerophie's Avatar
    Calon Member
    Join Date
    Sep 2007
    Location
    Recycle Bin
    Posts
    84
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    Question [ask] cara pakai semua ip public dari ISP

    saya punya ip public dari ISP Anu
    katakanlah 118.104.180.104/29

    dengan 118.104.180.105 sebagai gateway

    dan sisa nya masuk di address list,

    118.104.180.106
    118.104.180.107
    118.104.180.108
    118.104.180.109
    118.104.180.110

    dan jika dipakai browsing dll maka yg terdeteksi yaitu ip yg pertama 118.104.180.106,

    bagaimana dan apakah bisa jika misal LAN ada 20 pc dan akan diatur pc 1-5 pakai ip 118.104.180.106,
    pc 6-10 menggunakan ip 118.104.180.107, dst...

    Click here to enlarge

  2. #2
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Dibikinin routingan nya aja gan

  3. #3
    Status
    Offline
    geonet_comp's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    527
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Xerophie Click here to enlarge
    saya punya ip public dari ISP Anu
    katakanlah 118.104.180.104/29

    dengan 118.104.180.105 sebagai gateway

    dan sisa nya masuk di address list,

    118.104.180.106
    118.104.180.107
    118.104.180.108
    118.104.180.109
    118.104.180.110

    dan jika dipakai browsing dll maka yg terdeteksi yaitu ip yg pertama 118.104.180.106,

    bagaimana dan apakah bisa jika misal LAN ada 20 pc dan akan diatur pc 1-5 pakai ip 118.104.180.106,
    pc 6-10 menggunakan ip 118.104.180.107, dst...

    Click here to enlarge
    kalo pake 20pc gituh pasti nat dong, jangan pake masquerade kalo emang ip nya pengen dipake semua. kalo cuman masquerade emang cuman 1 mulu yah keluar nyang laen nggak...Click here to enlarge

  4. #4
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Paling simple dengan mengubah konfigurasi menjadi kurang lebih begini :

    Router A (118.104.180.105/29)
    ....|
    ....|
    Swicth --- Router B (118.104.180.106/29) ----- Komputer Local NAT
    ....|
    ....|
    PC1 (118.104.180.107)
    PC2 (118.104.180.108) dst (semua connect ke Swicth dengan gateway tetap ke 118.104.180.105 (Router A))

    PC1, PC2 dst tidak akan masuk ke Mikrotik (Router B), sehingga langsung 'VIP' ke gateway. Hati2 bahwa kita tidak bisa mengontrol mereka melalui Router B, tapi harus langsung ke mesin Router ISP (Router A).

    Atau, selain konsep tersebut, bisa pakai NAT tapi terus terang untuk DNAT ini mustinya sih ada pemahaman khusus diluar 'standar' network. Enaknya kalau pakai DNAT tidak perlu diubah2 kabelnya, tapi ya itu tadi, perlu 'pemahaman' hehehe...

  5. #5
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by rahwana Click here to enlarge
    Paling simple dengan mengubah konfigurasi menjadi kurang lebih begini :

    Router A (118.104.180.105/29)
    ....|
    ....|
    Swicth --- Router B (118.104.180.106/29) ----- Komputer Local NAT
    ....|
    ....|
    PC1 (118.104.180.107)
    PC2 (118.104.180.108) dst (semua connect ke Swicth dengan gateway tetap ke 118.104.180.105 (Router A))

    PC1, PC2 dst tidak akan masuk ke Mikrotik (Router B), sehingga langsung 'VIP' ke gateway. Hati2 bahwa kita tidak bisa mengontrol mereka melalui Router B, tapi harus langsung ke mesin Router ISP (Router A).

    Atau, selain konsep tersebut, bisa pakai NAT tapi terus terang untuk DNAT ini mustinya sih ada pemahaman khusus diluar 'standar' network. Enaknya kalau pakai DNAT tidak perlu diubah2 kabelnya, tapi ya itu tadi, perlu 'pemahaman' hehehe...
    Untuk itulah kita disini berkumpul bersama sharing ide dan ilmunya untuk membahas yg diluar "standar" ............... Click here to enlargeClick here to enlarge

    Click here to enlarge

  6. #6
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Hehehe.. masalahnya, kalau cuma sekedar kasih scriptnya sih bisa bro, tapi kalau ada trouble, pasti ujung2nya kita susah juga karena dasarnya tidak ada. Gimana kalau kita belajar dari dasar dulu, setelah mahir baru main diluar standart? hehehe

  7. #7
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Kalo' saya pakai OSPF sesuai dengan area-nya yang di cisco ....
    Click here to enlargeClick here to enlarge

  8. #8
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Kalau hanya menggunakan 1 Router, Mungkin bisa di akalin seperti ini juragan :

    Router A -- 118.104.180.105/29
    ....|
    ....|
    Switch
    ....| PC A -- 118.104.180.106/29
    ....| PC B -- 118.104.180.107/29
    ....| PC C -- 118.104.180.108/29
    ....| PC D -- 118.104.180.109/29
    ....| PC E -- 118.104.180.110/29

    disini tidak menggunakan NAT tetapi menggunakan Filter Allow IP ... kalau menggunakan NAT (Masquerade) hanya akan terbaca 1 IP :

    /ip firewall filter
    add action=accept chain=allowed_ip comment="Allow Related Connection" connection-state=related disabled=no
    add action=accept chain=allowed_ip comment="Office" disabled=no src-address=118.104.180.106
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.107
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.108
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.109
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.110
    add action=drop chain=allowed_ip comment="" disabled=no out-interface="(interface yang keluar)"

    CMIIW Click here to enlarge

    tapi yang masih dipertanyakan bisa ga yach beda interface tapi masih 1 range IP .. belum pernah nyoba seh ... biasa nya dapat IP radio aja ... terus interface yang Arah Client IP Public jadi sisa memecahkan IP tersebut dan melewatkan nya berdasarkan Filter Click here to enlarge CMIIW

    Kalo salah akan saya hapus aja Postingan saya ini Click here to enlarge
    Last edited by zainalk29; 27-01-2009 at 13:26.

  9. #9
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by zainalk29 Click here to enlarge
    Kalau hanya menggunakan 1 Router, Mungkin bisa di akalin seperti ini juragan :

    Router A -- 118.104.180.105/29
    ....|
    ....|
    Switch
    ....| PC A -- 118.104.180.106/29
    ....| PC B -- 118.104.180.107/29
    ....| PC C -- 118.104.180.108/29
    ....| PC D -- 118.104.180.109/29
    ....| PC E -- 118.104.180.110/29

    disini tidak menggunakan NAT tetapi menggunakan Filter Allow IP ... kalau menggunakan NAT (Masquerade) hanya akan terbaca 1 IP :

    /ip firewall filter
    add action=accept chain=allowed_ip comment="Allow Related Connection" connection-state=related disabled=no
    add action=accept chain=allowed_ip comment="Office" disabled=no src-address=118.104.180.106
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.107
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.108
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.109
    add action=accept chain=allowed_ip comment="" disabled=no src-address=118.104.180.110
    add action=drop chain=allowed_ip comment="" disabled=no out-interface="(interface yang keluar)"

    CMIIW Click here to enlarge

    tapi yang masih dipertanyakan bisa ga yach beda interface tapi masih 1 range IP .. belum pernah nyoba seh ... biasa nya dapat IP radio aja ... terus interface yang Arah Client IP Public jadi sisa memecahkan IP tersebut dan melewatkan nya berdasarkan Filter Click here to enlarge CMIIW

    Kalo salah akan saya hapus aja Postingan saya ini Click here to enlarge
    Om Mikrotiknya dimana ?? Cara limit setiap IP Publicnya gimana ??
    Click here to enlarge

  10. #10
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Kalau cara seperti ini sih Mikrotiknya yang jadi Router A -- 118.104.180.105/29.
    Jadi dari ISP, ip bloknya langsung diarahkan ke mikrotik, jadi nggak lewat router tersendiri

  11. #11
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by hakeem Click here to enlarge
    Om Mikrotiknya dimana ?? Cara limit setiap IP Publicnya gimana ??
    Click here to enlarge
    MikroTik nya Adalah Router A itu bos ... salah ketik saya... maksud nya Router A itu adalah MikroTik .. jadi seperti ini bos :

    MikrotiTik -- 118.104.180.105/29
    ....|
    ....|
    Switch
    ....| PC A -- 118.104.180.106/29
    ....| PC B -- 118.104.180.107/29
    ....| PC C -- 118.104.180.108/29
    ....| PC D -- 118.104.180.109/29
    ....| PC E -- 118.104.180.110/29

    Kalau dengan config diatas bisa jalan. maka untuk membuat Queue nya saya biasa menggunakan Queue Tree dengan membuat rule pada mangle seperti ini :

    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="106_Upload" disabled=no new-packet-mark=106Upload passthrough=no src-address=118.104.180.106

    add action=mark-packet chain=prerouting comment="" disabled=no dst-address=118.104.180.106 new-packet-mark=106_download passthrough=no

    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Bandwidth-total-download" packet-mark="" parent=global-in priority=8 queue=default

    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name="106_upload" packet-mark=106_upload parent=Bandwidth-total-upload priority=8 queue=default

    add burst-limit=192000 burst-threshold=56000 burst-time=5s disabled=no limit-at=48000 max-limit=64000 name="106_download" packet-mark=106_download parent=Bandwidth-total-download priority=8 queue=default

    dan seterus nya Click here to enlarge Click here to enlarge

  12. #12
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Kalo' itu mah tau ....Click here to enlargeClick here to enlarge
    Topologinya jadi seperti ini :
    Code:
    Internet
    ....|
    ....|
    eth0: IP Peering
    MikroTik 
    eth1: 118.104.180.105/29
    ....|
    ....|
    Switch
    ....| PC A -- 118.104.180.106/29
    ....| PC B -- 118.104.180.107/29
    ....| PC C -- 118.104.180.108/29
    ....| PC D -- 118.104.180.109/29
    ....| PC E -- 118.104.180.110/29
    Pertanyaannya kalo' IP 106-110 itu disisi client dan ingin memanfaatkan IP Publicnya tersebut di PC workstation. Nah untuk melimit melimit setiap workstation yang punya gateway langsung mengarah ke ISP itu gimana ?? Click here to enlarge
    Bukan melimit di Mikrotik yg di 105 (wilayah merah) yah, tapi dibawahnya (wilayah biru)...
    Last edited by hakeem; 28-01-2009 at 04:10.

  13. #13
    Status
    Offline
    Xerophie's Avatar
    Calon Member
    Join Date
    Sep 2007
    Location
    Recycle Bin
    Posts
    84
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    Smile Hmm,,,

    sedikit salah pengertian, Click here to enlarge


    .......[ISP] ----------------------------------------- [Warnet]
    118.104.180.105...........(((wireless)))..............118.104.180.106-110


    ip 118.104.180.105 tentu saja dipakai oleh ISP sebrang sana,
    sedang di router adalah ip 118.104.180.106-110 sekaligus menjadi ip public nya.

    kmrn dulu gw pernah lihat konfigurasi seperti pertanyaan saya diatas sm pada salah
    satu isp yg dipakai warnet tempat sy kerja, karena kmrn dulu gw blm mengenal mikrotik
    lupa deh bentuk nya kyk apa Click here to enlarge
    Last edited by Xerophie; 28-01-2009 at 19:58.

  14. #14
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Karena jumlah kompi melebihi IP publik, jadi musti pake NAT, mungkin bisa dibuat address list komputer 1-4 = group-1, 5-8 = group-2, dan seterusnya...
    Trus dibikin NAT kayak gini:

    Code:
    /ip firewall nat add chain=srcnat src-address-list="group-1" action=src-nat to-addresses=118.104.180.106 to-ports=0-65535
    /ip firewall nat add chain=srcnat src-address-list="group-2" action=src-nat to-addresses=118.104.180.107 to-ports=0-65535
    
    ... dan seterusnya
    Correct Me If I'm Wrong...

  15. The Following 2 Users Say Thank You to yosanpro For This Useful Post:


  16. #15
    Status
    Offline
    Xerophie's Avatar
    Calon Member
    Join Date
    Sep 2007
    Location
    Recycle Bin
    Posts
    84
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    Lightbulb [problem Solved]

    Click here to enlarge Originally Posted by yosanpro Click here to enlarge

    Code:
    /ip firewall nat add chain=srcnat src-address-list="group-1" action=src-nat to-addresses=118.104.180.106 to-ports=0-65535
    /ip firewall nat add chain=srcnat src-address-list="group-2" action=src-nat to-addresses=118.104.180.107 to-ports=0-65535
    
    ... dan seterusnya
    yaak benar sekali mas yosanpro Click here to enlarge makaci Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 19-09-2011, 13:00
  2. (Ask) Cara Routing IP public by nat di mikro??
    By Cloudly in forum Beginner Basics
    Replies: 16
    Last Post: 21-06-2010, 16:46
  3. [HELP] Cara Install + pakai WINBOX
    By thecapt in forum Beginner Basics
    Replies: 11
    Last Post: 17-12-2008, 09:01
  4. [ASK]cara menutup IP PUBLIC pada Mikrotik
    By i486dx in forum Beginner Basics
    Replies: 4
    Last Post: 13-12-2008, 09:35
  5. [ASK]IP public ga bisa di ping dari luar jaringan
    By 4hn in forum Beginner Basics
    Replies: 6
    Last Post: 04-07-2008, 20:40

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •