Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Port forwarding diakses dr LAN (Create game tidak bisa diakses dr LAN)

    Saya buat port forwarding untuk sesi ftp di miktorik 2.9.27 sukses diakses dari internet, tapi kalo diakses dari dalam (LAN) gagal. Begini networknya:


    Mikrotik:
    Lan : 192.168.1.1/24
    Publik: 202.1.2.3/24
    FTP server lokal
    IP : 192.168.1.24

    Code:
    / ip firewall nat
    add chain=srcnat out-interface=public action=masquerade 
    add chain=dstnat in-interface=public dst-address=202.1.2.3 protocol=tcp dst-port=21 action=dst-nat to-addresses=192.168.1.24 to-ports=21
    Kalau diakses dari internet bisa asal sesi ftpnya dibuat active. Kalau diakses dari LAN spt ini:
    ftp 192.168.1.24
    bisa login, tapi kalau pakai akses ke ip publiknya:
    ftp 202.1.2.3
    tidak bisa login, padahal saya sudah tambahkan satu rule lagi dan ditaruh paling atas spt ini:

    Code:
    / ip firewall nat
    add chain=dstnat protocol=tcp dst-port=21 dst-address=202.1.2.3 src-address=192.168.1.0/24 action=dst-nat to-addresses=192.168.1.24 to-ports=21 
    
    /ip firewall nat print
     0   chain=dstnat protocol=tcp dst-port=21 dst-address=202.1.2.3  src-address-list=local action=dst-nat to-addresses=192.168.1.24 to-ports=21 
     1   chain=srcnat out-interface=public src-address-list=local action=masquerade 
     2   chain=dstnat in-interface=public dst-address=202.1.2.3 protocol=tcp dst-port=21 action=dst-nat  to-addresses=192.168.1.24 to-ports=21
    Kalau saya liat log ftp server di pc 192.168.1.24 tercatat ada koneksi dari ip lan, tapi sesi tidak berhasil konek.

    KAsus yg hampir sama terjadi jika salah satu pc di warnet game online create game battlenet/dota, user2 dr internet bisa join ke servernya tp kalau dari dalam (LAN) ndak bisa masuk.

    Ada RR yg bisa membantu ?

    TIA

    Arief

  2. #2
    Status
    Offline
    masQ's Avatar
    Newbie
    Join Date
    Nov 2009
    Location
    Surabaya
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Iya neh bro, gw ngalamin hal yang mirip. Cuma bedanya gw pake buat mail server.

    Udah kesana-kemari cari info, dan dicoba tapi belum bisa juga...

    Salah satu yang katanya berhasil ada di halaman berikut .

    Btw, si boz udah nemu solusinya apa belum ya?? Kalo sudah tolong di share...

    Tksh. Click here to enlarge

  3. #3
    Status
    Offline
    siber's Avatar
    Member Super Senior
    Join Date
    Oct 2009
    Location
    www.hikmah-teknologi.com
    Posts
    616
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    battlenet/dota dan sebangsanya masquradenya jangan menggunakan out-interface=public

    langsung saja :

    chain=srcnat src-address-list=local action=masquerade

    saya juga bingung kenapa jika out-interface di definisikan, sesi connectionya kosong, gak ada paket masuk

    kekurangnnya kalau menggunakan proxy external, src address yang terdetect cuma gatewayny clienntya Click here to enlarge

    barangkali yang di bawah bisa ngasih solusi lain hehe

  4. #4
    Status
    Offline
    nux
    nux's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    268
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    interface (in/out) kosongin aja bos, maksudnya biar semua interface yg di masquerade, kalo yg di masquerade cuma interface public hanya dari luar net anda yg bisa join, dr dalam net memble...Click here to enlarge, coba nat nya ubah...
    /ip firewall nat add src-address=192.168.1.0/24 chain=srcnat action=masquerade
    semoga membantu

  5. #5
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    iya tuh gue juga aneh
    gue jg gk bs pakek out-interface pada srcnat
    kalo pakek out-interface internet malah gk mau connect
    bisanya pakek src-address atau src-address-list


    tp kenapa ya banyak yg menggunakan out-interface ???

  6. #6
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Coba buat aja NAT dari ip local ke ip webserver atau ip mailserver yang jelas tentukan portnya semoga berhasil Click here to enlarge

  7. #7
    Status
    Offline
    masQ's Avatar
    Newbie
    Join Date
    Nov 2009
    Location
    Surabaya
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by nux Click here to enlarge
    interface (in/out) kosongin aja bos, maksudnya biar semua interface yg di masquerade, kalo yg di masquerade cuma interface public hanya dari luar net anda yg bisa join, dr dalam net memble...Click here to enlarge, coba nat nya ubah...


    semoga membantu
    Saya coba dengan NAT seperti ini kok masih gagal ya bro...??
    Padahal kalo dari luar bisa...

    /ip firewall nat

    add action=dst-nat chain=dstnat disabled=yes dst-address=\
    <<IP Public Mail-Server>> src-address=<<IP Local-Network>> dst-port=25 \
    protocol=tcp to-addresses=<<IP Local Mail-Server>> to-ports=25

    add action=masquerade chain=srcnat comment="Masquerade" disabled=no \
    src-address=<<IP Local-Network>>

    add action=dst-nat chain=dstnat comment=HTML disabled=yes dst-address=\
    10.100.1.66 dst-port=80 protocol=tcp to-addresses=192.168.0.24 \
    to-ports=80
    Mohon petunjuknya suhu2 sekalian.... Click here to enlarge
    Last edited by masQ; 03-08-2010 at 11:56.

  8. #8
    Status
    Offline
    clovanzo's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    408
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba ganti
    Code:
    / ip firewall nat
    add chain=srcnat out-interface=public action=masquerade
    dengan
    Code:
    / ip firewall nat
    add chain=srcnat action=src-nat to-addresses=202.1.2.3 src-address=192.168.1.1/24

  9. #9
    Status
    Offline
    antareja's Avatar
    Member
    Join Date
    Jul 2008
    Location
    paris pan japa
    Posts
    179
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by masQ Click here to enlarge
    Saya coba dengan NAT seperti ini kok masih gagal ya bro...??
    Padahal kalo dari luar bisa...



    Mohon petunjuknya suhu2 sekalian.... Click here to enlarge
    Gan, koneksi pake sapidi bukan?
    Sekedar sharing..
    Ane pake sapidi, mikrotik ga pake nat, cuma routing ke modem adsl, jadi nat ada di modem adsl (Modem jadi PPPoE). Remote Desktop Server bisa dari dalam ato dari luar, winbox bisa dari dalam ato dari luar, userman mikrotik sama web ap hotspot bisa diakses dari luar/dalam..

    Code:
    /ip fi fi
    add action=accept chain=input comment="Allow access to Winbox" \ 
    disabled=no dst-port=8291 in-interface=kmodem protocol=tcp
    add action=accept chain=input comment=RDP disabled=no dst-port=3389 \
    in-interface=kmodem protocol=tcp
    add action=accept chain=input comment="User Manager" disabled=no \
    dst-port=801 protocol=tcp
    add action=accept chain=input comment="Allow access to AP" \ 
    disabled=no dst-port=881 in-interface=kmodem protocol=tcp
    ip service www diganti jadi 801 agar ga bentrok dengan proxy internal, dan akses ke web ap pake port 881 sehingga harus pasang di nat:

    Code:
    /ip fi nat
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3389 \
    in-interface=kmodem protocol=tcp to-addresses=192.168.9.X to-ports=3389
    add action=dst-nat chain=dstnat comment="" disabled=no dst-port=881 \
    in-interface=kmodem protocol=tcp to-addresses=192.168.1.XX to-ports=443
    O, yah! web ap dirubah pake https, jadi natnya ke port 443.. Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. forwarding port untuk remote desktop
    By koetoecyber in forum General Networking
    Replies: 6
    Last Post: 11-06-2016, 16:25
  2. mikrotik g bisa diakses
    By redebian in forum Beginner Basics
    Replies: 4
    Last Post: 12-03-2009, 22:24
  3. [Ask]Help donk, address website kantor ga bisa diakses via http
    By starlight in forum General Networking
    Replies: 0
    Last Post: 10-07-2008, 15:44
  4. ip address AP JAHT tidak bisa diakses
    By colak in forum Beginner Basics
    Replies: 1
    Last Post: 23-05-2008, 04:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •