Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 11 of 11
  1. #1
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Unhappy mail client tidak bisa connect

    Dear All,

    minta bantuan dong, begini saya ada 2 interface yaitu ether 1 dan 2 dimana ether 1 yaitu = 131.10.0.10 dan ether 2 = 192.168.1.1. koneksi internet menggunakan adsl centrin melalui ether 1 dan utk client menggunakan ether 2. Nah ada beberapa user yang hanya bisa akses aplikasi web dan email(menggunakan mail client), untuk rule mengakses aplikasi web sudah bisa tetapi yang utk mail client jika rulenya di terapkan maka tidak mail client tidak bisa connect. Settinganya seperti ini :
    utk set koneksi ke address ini saja :
    Code:
    add chain=forward dst-address=202.146.225.83 action=accept
    add chain=forward dst-address=67.228.114.144 action=accept
    utk koneksi ke pop3 dan smtp :
    Code:
    add chain=forward protocol=tcp dst-port=25 in-interface=ether2 action=accept
    add chain=forward protocol=tcp dst-port=110 in-interface=ether2 action=accept
    nah utk blok agar user tidak browsing ke tempat lain dengan rule ini :
    Code:
    add chain=forward src-address list=Local action=drop
    apakah karena rule yang terakhir ini jadinya tidak bisa connect ke pop3 dan smtp?? soale di web hostingnya pakai cpanel yang memungkin kan utk banyak web dengan 1 ip public apakah ada pengaruhnya ?

    lalu saya cek dengan torch lalu memodifikasi rule dengan seperti ini :
    Code:
    add chain=forward protocol=tcp dst-port=25 dst-address=67.228.114.144 in-interface=ether2 src-address list=Local action=accept
    add chain=forward protocol=tcp dst-port=110 dst-address=67.228.114.144 in-interface=ether2 src-address list=Local action=accept
    tetapi tetap tidak bisa juga, kenapa yach ??

    nb: address list local utk user2 yang hanya bisa buka aplikasi web dan mail client

  2. #2
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sori, aku nggak mudeng.. infonya gak lengkap..
    kalo gak keberatan, copas aja setingan firewall dan nat disini.. gimanaaa..

  3. #3
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    perhatikan juga urutan rulenya gan !!
    yang ini urutan pertama :
    Code:
    add chain=forward dst-address=202.146.225.83 action=accept
    add chain=forward dst-address=67.228.114.144 action=accept
    lalu, yang kedua :
    Code:
    add chain=forward protocol=tcp dst-port=25 dst-address=67.228.114.144 in-interface=ether2 src-address list=Local action=accept
    add chain=forward protocol=tcp dst-port=110 dst-address=67.228.114.144 in-interface=ether2 src-address list=Local action=accept
    baru yang terakhir
    Code:
    add chain=forward src-address list=Local action=drop
    jika ternyata yang sekarang memang kayak diatas urutannya dan masih gak sesuai dengan yang dimau coba pake mangle aja,

    intinya tetap sama hanya membolehkan paket dari klien yang mengarah ke server tujuan aja dan sisanya didrop

  4. #4
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @ripmanis,

    bagaimana yach cara na copas settinganya hee.. maklum baru belajar dan implementasi mikrotik.

  5. #5
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sshhh... pedasnya lombok ijho..

    gini, di new terminal winbox (klo pake winbox)..ketik ginian

    ip firewall filter print detail (untuk print filter)
    ip fire nat pr detail (untuk print NAT)

    trus copy dan pastekan kesini hasilnya..

    (lanjut lagi gan makan baksonya..)

  6. #6
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ripmanis Click here to enlarge
    sshhh... pedasnya lombok ijho..

    gini, di new terminal winbox (klo pake winbox)..ketik ginian

    ip firewall filter print detail (untuk print filter)
    ip fire nat pr detail (untuk print NAT)

    trus copy dan pastekan kesini hasilnya..

    (lanjut lagi gan makan baksonya..)
    @ripmanis, berikut settinganya :
    utk firewall :
    Code:
    [admin@z0nes] > ip firewall filter print detail
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=input action=drop connection-state=invalid
    
     1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>
    
     2 X chain=forward action=drop dst-address=203.190.241.43
         src-address-list=Local
    
     3 X chain=forward action=drop dst-address=203.190.241.201
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=input action=drop connection-state=invalid
    
     1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>
    
     2 X chain=forward action=drop dst-address=203.190.241.43
         src-address-list=Local
    
     3 X chain=forward action=drop dst-address=203.190.241.201
         src-address-list=Local
    
     4   chain=forward action=accept dst-address=202.146.225.83
         src-address-list=Local
    
     5 X chain=forward action=drop dst-address=72.14.203.139
    
     6   chain=forward action=drop protocol=tcp src-address-list=Local dst-port=80
    
     7   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         src-address-list=Local dst-port=80
    
     8   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         in-interface=ether3 dst-port=110
    
     9   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         in-interface=ether3 dst-port=25
    
    10 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
         in-interface=ether2 src-port=110
    
    11 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
         in-interface=ether2 src-port=25
    utk NAT :
    Code:
    [admin@z0n3s] > ip fire nat print detail
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=srcnat action=masquerade out-interface=ether2
    
     1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp
         in-interface=ether3 dst-port=80

  7. #7
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ripmanis Click here to enlarge
    sshhh... pedasnya lombok ijho..

    gini, di new terminal winbox (klo pake winbox)..ketik ginian

    ip firewall filter print detail (untuk print filter)
    ip fire nat pr detail (untuk print NAT)

    trus copy dan pastekan kesini hasilnya..

    (lanjut lagi gan makan baksonya..)
    Dear @ripmanis

    ini settiingan na :
    utk firewall :
    Code:
    [admin@z0nes] > ip firewall filter print detail
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=input action=drop connection-state=invalid
    
     1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>
    
     2 X chain=forward action=drop dst-address=203.190.241.43
         src-address-list=Local
    
     3 X chain=forward action=drop dst-address=203.190.241.201
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=input action=drop connection-state=invalid
    
     1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>
    
     2 X chain=forward action=drop dst-address=203.190.241.43
         src-address-list=Local
    
     3 X chain=forward action=drop dst-address=203.190.241.201
         src-address-list=Local
    
     4   chain=forward action=accept dst-address=202.146.225.83
         src-address-list=Local
    
     5 X chain=forward action=drop dst-address=72.14.203.139
    
     6   chain=forward action=drop protocol=tcp src-address-list=Local dst-port=80
    
     7   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         src-address-list=Local dst-port=80
    
     8   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         in-interface=ether3 dst-port=110
    
     9   chain=forward action=accept protocol=tcp dst-address=67.228.114.144
         in-interface=ether3 dst-port=25
    
    10 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
         in-interface=ether2 src-port=110
    
    11 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
         in-interface=ether2 src-port=25
    dan ini utk Nat nya :
    Code:
    [admin@z0n3s] > ip fire nat print detail
    Flags: X - disabled, I - invalid, D - dynamic
     0   chain=srcnat action=masquerade out-interface=ether2
    
     1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp
         in-interface=ether3 dst-port=80

  8. #8
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    setingan bro zones nih, atas problem yang dialaminya... hayo dibongkaarrr..



    [admin@z0nes] > ip firewall filter print detail
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=input action=drop connection-state=invalid

    1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>

    2 X chain=forward action=drop dst-address=203.190.241.43
    src-address-list=Local

    3 X chain=forward action=drop dst-address=203.190.241.201
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=input action=drop connection-state=invalid

    1 X chain=forward action=drop dst-address=202.158.66.92 src-address-list=Loca>

    2 X chain=forward action=drop dst-address=203.190.241.43
    src-address-list=Local

    3 X chain=forward action=drop dst-address=203.190.241.201
    src-address-list=Local

    4 chain=forward action=accept dst-address=202.146.225.83
    src-address-list=Local

    5 X chain=forward action=drop dst-address=72.14.203.139

    6 chain=forward action=drop protocol=tcp src-address-list=Local dst-port=80

    7 chain=forward action=accept protocol=tcp dst-address=67.228.114.144
    src-address-list=Local dst-port=80

    8 chain=forward action=accept protocol=tcp dst-address=67.228.114.144
    in-interface=ether3 dst-port=110

    9 chain=forward action=accept protocol=tcp dst-address=67.228.114.144
    in-interface=ether3 dst-port=25

    10 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
    in-interface=ether2 src-port=110

    11 X chain=forward action=accept protocol=tcp src-address=67.228.114.144
    in-interface=ether2 src-port=25

    Code:

    [admin@z0n3s] > ip fire nat print detail
    Flags: X - disabled, I - invalid, D - dynamic
    0 chain=srcnat action=masquerade out-interface=ether2

    1 X chain=dstnat action=redirect to-ports=3128 protocol=tcp
    in-interface=ether3 dst-port=80

  9. #9
    Status
    Offline
    ripmanis's Avatar
    VIP Member
    Join Date
    Dec 2008
    Location
    Balikpapan as Balikpapaners
    Posts
    774
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    teteeeep aja aku masih bingung... topologinya piye ini ? trus yang dimau gimana ya !? Click here to enlarge

  10. #10
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @ripmanis, makasih sebelumnya atas bantuannya Click here to enlarge.

    1. begini dari yang NAT dahulu yach, itu kan ada 2 tetapi yang di pakai hanya rules yang 0 yang rules 1 itu utk proxy tetapi saya tidak jadi pasang karena utk blok user tidak bisa menggunakan address list seperti yang di firewall.

    2. utk rules firewall begini :
    rules 0 : 0 chain=input action=drop connection-state=invalid ==> digunakan utk memblok koneksi yang invalid

    rules 1-3 dan 5: di ignore saja karena itu test utk blok web detik.com

    rules 4 dan 7: digunakan agar user2 yang ada di dalam address list bisa mengakses ip tersebut.

    rules 6 : 6 chain=forward action=drop protocol=tcp src-address-list=Local dst-port=80 => digunakan agar user yang ada dalam address list tidak browsing ke web lain.

    rules 8 dan 9 : digunakan agar bisa menerima email dengan mail client dgn port 110 dan 25

    rules 10 dan 11 : sebenarnya hampir sama dengan rules 8 dan 9 tetapi tidak digunakan karena rules 8 dan 9 sdh bisa.

    berikut penjelasan saya, jika acak2an atau tidak di mengerti tolong di bantu dan di tanya kan. Soale cara2 diatas hasil dari searching postingan yang lama disini jadina campur aduk dech... Click here to enlarge

  11. #11
    Status
    Offline
    zones's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ripmanis Click here to enlarge
    teteeeep aja aku masih bingung... topologinya piye ini ? trus yang dimau gimana ya !? Click here to enlarge
    @ripmanis, makasih sebelumnya atas bantuannya Click here to enlarge.

    1. begini dari yang NAT dahulu yach, itu kan ada 2 tetapi yang di pakai hanya rules yang 0 yang rules 1 itu utk proxy tetapi saya tidak jadi pasang karena utk blok user tidak bisa menggunakan address list seperti yang di firewall.

    2. utk rules firewall begini :
    rules 0 : 0 chain=input action=drop connection-state=invalid ==> digunakan utk memblok koneksi yang invalid

    rules 1-3 dan 5: di ignore saja karena itu test utk blok web detik.com

    rules 4 dan 7: digunakan agar user2 yang ada di dalam address list bisa mengakses ip tersebut.

    rules 6 : 6 chain=forward action=drop protocol=tcp src-address-list=Local dst-port=80 => digunakan agar user yang ada dalam address list tidak browsing ke web lain.

    rules 8 dan 9 : digunakan agar bisa menerima email dengan mail client dgn port 110 dan 25

    rules 10 dan 11 : sebenarnya hampir sama dengan rules 8 dan 9 tetapi tidak digunakan karena rules 8 dan 9 sdh bisa.

    berikut penjelasan saya, jika acak2an atau tidak di mengerti tolong di bantu dan di tanya kan. Soale cara2 diatas hasil dari searching postingan yang lama disini jadina campur aduk dech... Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. hotspot mikrotik..bisa connect tapi rx tidak aktif
    By router_cisco83 in forum Wireless Networking
    Replies: 10
    Last Post: 27-03-2012, 01:38
  2. Mail yg tidak bisa masuk ke mail Server
    By ghostonk in forum Beginner Basics
    Replies: 3
    Last Post: 26-05-2009, 10:32
  3. tidak bisa connect dengan winbox
    By rey1024 in forum Beginner Basics
    Replies: 7
    Last Post: 30-12-2008, 11:39
  4. [ask]kenapa client gak bisa connect ke internet
    By elco46uf in forum General Networking
    Replies: 4
    Last Post: 19-10-2008, 19:51
  5. mail.yahoo tidak bisa di buka
    By k1j0r in forum General Networking
    Replies: 2
    Last Post: 09-02-2008, 08:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •