Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 38
  1. #1
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Need help filter mac address...

    permisi buat semuanya...
    minta bantuan dung kk...

    saya punya kasus seperti ini :
    1. mikrotik saya sudah di saya set sedemikian rupa + firewall

    2. saya ingin buat filter untuk mac address agar mac address yang saya daftarkan saja yang bisa akses, diluar itu tidak bisa, harus didaftarkan terlebih dahulu.

    3. saya sudah coba lakukan di firewall/filter berhasil dengan case :
    --- list mac accept
    --- list mac accept
    --- dst...
    --- forward, drop
    --- filter port
    --- filter port
    --- dst...

    4. kasus no 3 tersebut berhasil, namun filter2 di bawah bold akan tidak terlaksana bukan...? nah gimana cara nya agar mac2 yang udah di accept tsb tetap dapat akses dengan menjalankan filter2 di bawahnya?? dan mac yang belum di daftarkan tetap di drop?

    5. apakah selain di firewall/filter kita bisa filter mac addr dengan kasus serupa??

    mohon pencerahan dari kk semua...
    thx be4
    Click here to enlarge

  2. #2
    Status
    Offline
    lucubrb's Avatar
    KocokJaya Team
    Join Date
    Nov 2007
    Location
    localhost - 127.0.0.1
    Posts
    542
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Code:
    /ip firewall filter add chain=forward src-mac-address=!0123456789ab action=drop
    /ip firewall filter add chain=input src-mac-address=!0123456789ab action=drop
    Begitu kah Click here to enlarge

    NB : Paling bawah banget tambahin
    Code:
    /ip firewall filter add chain=input action=drop

  3. #3
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lucubrb Click here to enlarge
    Code:
    /ip firewall filter add chain=forward src-mac-address=!0123456789ab action=drop
    /ip firewall filter add chain=input src-mac-address=!0123456789ab action=drop
    Begitu kah Click here to enlarge

    NB : Paling bawah banget tambahin
    Code:
    /ip firewall filter add chain=input action=drop
    kk lucu...mohon penjelasannya dung yg lengkap heheheh
    maklum newbie
    kok itu di drop semua?? trus kok src-mac-address menggunakan tanda seru gunanya untuk apa ya kk??

    thx bgt ya..

  4. #4
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by lucubrb Click here to enlarge
    Code:
    /ip firewall filter add chain=forward src-mac-address=!0123456789ab action=drop
    /ip firewall filter add chain=input src-mac-address=!0123456789ab action=drop
    boss lucubrb, kalo rule gitu yang mac di rule2 nggak bisa akses deh kayaknya, soalnya udah di drop di rule 1 (cuman bisa untuk 1 MAC aja...CMIIW

    kalo aku keknya gini aja deh (semua di chain forward)

    Code:
    /ip firewall filter add chain=forward src-mac-address=0123456789ab action=accept
    /ip firewall filter add chain=forward src-mac-address=012345678900 action=accept
    /ip firewall filter add chain=forward src-mac-address=012345678911 action=accept
    /ip firewall filter add chain=forward action=drop
    Emang di bawah drop terakhir percuma dikasih rule-rule, jadi kalo mau nambahin rule baru kayak point nomor 3 pertanyaan TS, yang dibawah harus dipindahkan diatas rule drop terakhir (geser pake drag and drop aja bisa).

    Selain di Firewall Filter, anda bisa saja menggunakan Firewall NAT, atau 'the ultimate' Static ARP...
    Last edited by yosanpro; 23-11-2009 at 10:50.

  5. The Following User Says Thank You to yosanpro For This Useful Post:


  6. #5
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yosanpro Click here to enlarge
    boss lucubrb, kalo rule gitu yang mac di rule2 nggak bisa akses deh kayaknya, soalnya udah di drop di rule 1 (cuman bisa untuk 1 MAC aja...CMIIW

    kalo aku keknya gini aja deh (semua di chain forward)

    Code:
    /ip firewall filter add chain=forward src-mac-address=0123456789ab action=accept
    /ip firewall filter add chain=forward src-mac-address=012345678900 action=accept
    /ip firewall filter add chain=forward src-mac-address=012345678911 action=accept
    /ip firewall filter add chain=forward action=drop
    Emang di bawah drop terakhir percuma dikasih rule-rule, jadi kalo mau nambahin rule baru kayak point nomor 3 pertanyaan TS, yang dibawah harus dipindahkan diatas rule drop terakhir (geser pake drag and drop aja bisa).

    Selain di Firewall Filter, anda bisa saja menggunakan Firewall NAT, atau 'the ultimate' Static ARP...
    simple n powerfull Click here to enlarge

  7. #6
    Status
    Offline
    pujo_85's Avatar
    Baru Gabung
    Join Date
    Mar 2008
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hmm.. kalo cuma list MAC di "accept", bukannya ntar ga bisa difilter lagi sesuai keinginan jhobeaston ya Click here to enlarge
    misale dibikin rule jump aja gimana
    /ip firewall filter add action=jump chain=forward comment="mac terdaftar lompat ke filter" disabled=no jump-target=daftar-filter src-mac-address=XX:XX:XX:XX:XX:XX
    trus tinggal bikin filter-filter yang diinginkan di chain daftar-filter
    diakhir rule forward tetep ditambahi
    /ip firewall filter add chain=forward action=drop
    maapkan jika salah Click here to enlarge

  8. #7
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Yup, pake metode gitu juga bisa, tergantung kesukaan aja...

  9. #8
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    oowh pake jump ya pak??
    saia cobain dulu ya pak... Click here to enlarge

    btw thx dulu ya buat semua yg reply
    Click here to enlarge

  10. #9
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pujo_85 Click here to enlarge
    hmm.. kalo cuma list MAC di "accept", bukannya ntar ga bisa difilter lagi sesuai keinginan jhobeaston ya Click here to enlarge
    misale dibikin rule jump aja gimana

    trus tinggal bikin filter-filter yang diinginkan di chain daftar-filter
    diakhir rule forward tetep ditambahi


    maapkan jika salah Click here to enlarge
    oowh...saya baru ngeh
    ternyata chain yg di definisikan Forward, Input, dll itu hanya simbol ya kk??
    jadi bisa kita definisikan sendiri ya...
    tengkyu ya Click here to enlarge

  11. #10
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Untuk chain yang sudah built-in (Input, Forward, Output) itu bukan cuman sekedar symbol tapi juga memiliki arti sendiri:

    There are three predefined chains, which cannot be deleted:

    * input - used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router's addresses. Packets passing through the router are not processed against the rules of the input chain
    * forward - used to process packets passing through the router
    * output - used to process packets originated from the router and leaving it through one of the interfaces. Packets passing through the router are not processed against the rules of the output chain

  12. #11
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yosanpro Click here to enlarge
    Untuk chain yang sudah built-in (Input, Forward, Output) itu bukan cuman sekedar symbol tapi juga memiliki arti sendiri:
    oowh gitu ya kk...
    trus kalo di list firewall saya sudah ada list input, forward, atau output jika saya ingin ubah nama chain tersebut akan berpengaruh tidak??

    hehehe maaf banyak tanya kk

  13. #12
    Status
    Offline
    pujo_85's Avatar
    Baru Gabung
    Join Date
    Mar 2008
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by jhobeaston Click here to enlarge
    oowh gitu ya kk...
    trus kalo di list firewall saya sudah ada list input, forward, atau output jika saya ingin ubah nama chain tersebut akan berpengaruh tidak??

    hehehe maaf banyak tanya kk
    chain input, forward dan output udah default, ga bisa dirubah, misalnya anda merubah nama chain dari input menjadi input2, otomatis akan terbentuk chain baru dengan nama input2 (bukan mengganti chain input yang sudah ada)

  14. #13
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pujo_85 Click here to enlarge
    chain input, forward dan output udah default, ga bisa dirubah, misalnya anda merubah nama chain dari input menjadi input2, otomatis akan terbentuk chain baru dengan nama input2 (bukan mengganti chain input yang sudah ada)
    maaf...maksudnya untuk koneksinya ga berpengaruh kan?? sesuai dengan rule yang kita buat aja kan??
    Click here to enlarge

  15. #14
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Kalau yang anda tanyakan pengaruh di kecepatan koneksi, sangat kecil, kecuali jika anda menaruh rule sangat sangat banyak pada prosesor kecil (semacam routerboard, khususnya yang kelas basic).

  16. #15
    Status
    Offline
    jhobeaston's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    23
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mantaab...akhirnya saya dapat pencerahan Click here to enlarge

    satu lagi dung kk...
    mikrotik saya kan saya set DHCP server.
    trus saya juga ingin buat list mac address yang hanya bisa DHCP ke mikrotik saya bisa ndak ya?? settingannya dimana ya kk..??
    jadi selain list mac address yang sudah dibuat jika DHCP maka ga akan dapat IP
    (kecuali diset manual)

    thx sebelumnya Click here to enlarge

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. BGP Routing Filter buat MT 2.9.27
    By t3rm in forum General Networking
    Replies: 16
    Last Post: 04-05-2010, 16:33
  2. Beda dst-address dan target-address di queue simple
    By awarmanf in forum General Networking
    Replies: 2
    Last Post: 24-04-2009, 13:08
  3. tolong di filter
    By alie in forum General Networking
    Replies: 10
    Last Post: 12-09-2008, 11:53
  4. Replies: 15
    Last Post: 31-07-2008, 02:00
  5. (ask) filter dan blok ip
    By agung in forum Beginner Basics
    Replies: 3
    Last Post: 28-11-2007, 09:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •