Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [B]Load Balance tuk blok ip supaya tidak bisa buka website[/B]

    bro ogut punya setingan mikrotik dengan Load balance 3 line speedy, versi 2.927 pengen blok website tertentu misalnya dan make web proxy, setingan web proxy nyontek di script bro adhielesmana dan berhasil, pertama kali di coba ga bisa masuk tetapi setelah di refresh bisa masuk, kira2 apanya yang kurang ya bro.
    berikut setingannya :
    / ip address
    add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Local comment="" disabled=no
    add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=modem1 comment="" disabled=no
    add address=192.168.20.2/24 network=192.168.20.0 broadcast=192.168.20.255 interface=modem2 comment="" disabled=no
    add address=192.168.30.2/24 network=192.168.30.0 broadcast=192.168.30.255 interface=modem3 comment="" disabled=no

    / ip firewall mangle
    add chain=prerouting in-interface=Local connection-state=new nth=2,1,0 \
    action=mark-connection new-connection-mark=odd passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=Local connection-state=new nth=2,1,1 \
    action=mark-connection new-connection-mark=even passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment="" disabled=no

    add chain=prerouting in-interface=Local connection-state=new nth=2,1,2 \
    action=mark-connection new-connection-mark=ind passthrough=yes comment="" disabled=no
    add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=ind passthrough=no comment="" disabled=no

    / ip firewall nat
    add chain=srcnat connection-mark=odd action=src-nat to-addresses=192.168.10.2 action=masquerade comment="" disabled=no
    add chain=srcnat connection-mark=odd action=src-nat to-addresses=192.168.20.2 action=masquerade comment="" disabled=no
    add chain=srcnat connection-mark=even action=src-nat to-addresses=192.168.30.2 action=masquerade comment="" disabled=no

    / ip route
    add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 routing-mark=odd comment="" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.20.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.30.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no
    add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 comment="" disabled=no
    add chain = dstnat protocol = (6) tcp dst-port = 80 in-interface-ether1 connection mark= even Routing mark = even Action = redirect
    to ports : 3128 ( port WebProxy )

    dan seting web proxy ogut make port 3128

    kira2 ada yang salah ga setingan ogut bro? dan gimana caranya ngebatasin ip tertentu saja yang bisa buka website? Mohon bantuan dan penjelasannya, terima kasih

  2. #2
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    maap sebelumnya gan, tapi setingan ente muncrat kemana-mana gitu.
    rule NAT kok kopasnya di route !? iseng aja sih nanya... Click here to enlarge

    klo pertanyaannya, gimana ngeblok situs tertentu, misalnya pesbuk, karena ente dah pake proxy, ya masupin aja ke bagian proxy-nya, dan actionnya deny.
    atau klo gak mau masupin ke proxy, masukin kumpulkan ip dari pesbuk ke filter aja.
    klo pertanyaannya gimana caranya ngebatesin ip yang boleh maenan internet, daftarkan ip yang boleh maenan ke address-list di firewall, kemudian masukin nama daftarnya tadi di bagian NAT.

    kayaknya 2 pertanyaan diatas (klo emang itu yang ente kamsud) udah pernah ada deh yow Click here to enlarge

  3. #3
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    klo pertanyaannya gimana caranya ngebatesin ip yang boleh maenan internet, daftarkan ip yang boleh maenan ke address-list di firewall, kemudian masukin nama daftarnya tadi di bagian NAT.
    ada scriptnya ga bro? cara masukin di daftarnya di bagian NAT gimana? tq

  4. #4
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arovah Click here to enlarge
    klo pertanyaannya gimana caranya ngebatesin ip yang boleh maenan internet, daftarkan ip yang boleh maenan ke address-list di firewall, kemudian masukin nama daftarnya tadi di bagian NAT.
    ada scriptnya ga bro? cara masukin di daftarnya di bagian NAT gimana? tq
    misalnya gini gan :

    ip yang boleh maenan : 192.168.1.1, 5,6,8,10
    kucikannya :

    /ip firewall address-list
    add list=Yang-boleh address=192.168.1.1
    add list=Yang-boleh address=192.168.1.5
    add list=Yang-boleh address=192.168.1.6
    add list=Yang-boleh address=192.168.1.8
    add list=Yang-boleh address=192.168.1.10

    coba intip di bagian IP - Firewall - Address List, ada gak list name "Yang-boleh" disono, yang isinya 5 ip tersebut.

    kemudian, masukin di nat :

    /ip firewall nat
    add chain=srcnat out-interface="nama port wan" src-address-list=Yang-boleh action=masquerade

    klo ente pake proxy

    /ip firewall nat
    add chain=dstnat protocol=tcp dst-ports=80 in-interface="nama port lokal" src-address-list=Yang-boleh action=redirect to-ports=3128
    add chain=srcnat out-interface="nama port wan" src-address-list=Yang-boleh action=masquerade

    sebenarnya sih, untuk load balance ente, coba cek lagi ritual para sepuhers di bagian tutorial tentang load balance.
    Last edited by ripmanis; 03-07-2009 at 11:45.

  5. #5
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wuss mantebs nih boss, oghut coba dulu ilmunya nih, load balancenya salah di mana ya bro? maklum oghut masih newbie ni,
    di Nat, routing, Mangle, Nth ato apanya ya? tks alot

  6. #6
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    oh ya satu lagi bro, kalo misalnya ogut mau nambahin rule untuk ip yang bisa conect internet tapi hanya 1 ato 2 website tertentu aja, gimana caranya bro?, sama rule yang ga boleh akses internetnya gimana bro?? tks
    Last edited by arovah; 06-07-2009 at 09:56.

  7. #7
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by arovah Click here to enlarge
    wuss mantebs nih boss, oghut coba dulu ilmunya nih, load balancenya salah di mana ya bro? maklum oghut masih newbie ni,
    di Nat, routing, Mangle, Nth ato apanya ya? tks alot
    nyam.. untuk load balance, coba info update di bagian tutorial.. Click here to enlarge

  8. #8
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    boss kalo misalnya ada ip yang gw set untuk bisa buka website gmail aja, dan website laen ga bisa, gimana caranya ya?

  9. #9
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ko belum ada jawaban ya,......pleaze para master soalnya boss udah nanyain mulu nih. tksClick here to enlarge

  10. #10
    Status
    Offline
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Wahh Seru juga ya.. Pengen Blok Port 80, tapi ingin Membuka Port 80 untuk Gmail aja... wahh berpikir logika nehh....pusinggg.... Click here to enlarge Click here to enlarge ..kalo logikanya di browser misalnya panggilan ke ( port 81 ) di translatekan ke 80 untuk panggilan keluar , berarti maen di NAT ya ? atau dimana ya ? Binun juga.. Click here to enlarge, atau di firewallnya untuk IP Gmail di allow aja Click here to enlarge yee... Click here to enlarge

  11. #11
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sorry fren bukan gmail, tapi google talk

  12. #12
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    please suhu, help meClick here to enlarge

  13. #13
    Status
    Offline
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kata om google gini :

    Required ports to use Google Talk
    Print
    If you're having trouble connecting to Google Talk through your firewall or proxy, it may be because some necessary ports are blocked.

    In order to connect to Google Talk and start sending IMs, you'll need to enable TCP connections to talk.google.com on port 5222, or on port 443.

    If you'd like to make calls or transfer files through Google Talk, you need to:

    * Enable UDP connections to anywhere on any port; or
    * Enable TCP connections to anywhere on port 443.

    If you're behind a public or corporate network that is blocking these ports or protocols, please contact your local network administrator for further instructions.

    Google talk bermain di port 5222 ya udehh blok aja browsing nyaa port 80-nya khan yg di pake port 5222 ntuh ama si Google talknya Click here to enlarge CMIIW semoga membantu gan...

  14. #14
    Status
    Offline
    arovah's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    101
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by spymedan Click here to enlarge
    kata om google gini :

    Required ports to use Google Talk
    Print
    If you're having trouble connecting to Google Talk through your firewall or proxy, it may be because some necessary ports are blocked.

    In order to connect to Google Talk and start sending IMs, you'll need to enable TCP connections to talk.google.com on port 5222, or on port 443.

    If you'd like to make calls or transfer files through Google Talk, you need to:

    * Enable UDP connections to anywhere on any port; or
    * Enable TCP connections to anywhere on port 443.

    If you're behind a public or corporate network that is blocking these ports or protocols, please contact your local network administrator for further instructions.

    Google talk bermain di port 5222 ya udehh blok aja browsing nyaa port 80-nya khan yg di pake port 5222 ntuh ama si Google talknya Click here to enlarge CMIIW semoga membantu gan...
    ok tq gan,ogut coba dulu

  15. #15
    Status
    Offline
    adiel.nopria's Avatar
    Calon Member
    Join Date
    Sep 2007
    Posts
    85
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Bro sekalian mau tanya maaf ya klo agak newbie....

    klo pake web-proxy kan system Mikrotik ngambil default route, sedangkan klo LB kan konsepnya membagi beban. Apakah klo pake LB dan webproxy internal beban bisa terbagi dengan rata ?? apa hanya melewati satu jalur yg aktif saja?? thks ya

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. (ask) Web modem tidak bisa di buka
    By happiers07 in forum Beginner Basics
    Replies: 14
    Last Post: 30-05-2009, 15:39
  2. Web Proxy Untuk Load Balance di User tidak jalan
    By arovah in forum General Networking
    Replies: 9
    Last Post: 24-03-2009, 13:09
  3. Replies: 7
    Last Post: 24-10-2008, 09:42
  4. help cara blok ip/mac adrees supaya anngota aja yg bisa akses
    By oxs_juragan in forum Beginner Basics
    Replies: 7
    Last Post: 03-02-2008, 09:41
  5. blok IP supaya gak bisa browsing....
    By bdu4punk in forum Beginner Basics
    Replies: 5
    Last Post: 15-08-2007, 21:10

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •