Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 15 of 15
  1. #1
    Status
    Offline
    andysha's Avatar
    Newbie
    Join Date
    Feb 2008
    Posts
    21
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    hanya allow ym di mikrotik

    dear all,

    bagaimana konfigurasi firewall agar ym saja yang di allow sedangkan internet nya diblok, di akhir konfigurasi firewall sy menggunakan input drop all.

    best regard's

    andi

  2. #2
    Status
    Offline
    udhi's Avatar
    Calon Member
    Join Date
    Feb 2009
    Location
    pontianak, kal-bar
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by andysha Click here to enlarge
    dear all,

    bagaimana konfigurasi firewall agar ym saja yang di allow sedangkan internet nya diblok, di akhir konfigurasi firewall sy menggunakan input drop all.

    best regard's

    andi
    coba destination port nya tambahkan !443
    pentungnya jgn lupa
    semoga membantu

  3. #3
    Status
    Offline
    andysha's Avatar
    Newbie
    Join Date
    Feb 2008
    Posts
    21
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    masih nggak bisa om udhi Click here to enlarge
    btw tanda ! itu fungsi nya buat apa yah di mikrotik
    berikut urutan firewall saya :
    allow eshtablished
    allow related
    drop invalid
    ;;; xx.xx.xx.xx(ip2 yang di allow akses internet)

    ;;; Accept established
    chain=input action=accept connection-state=established

    ;;; Accept related
    chain=input action=accept connection-state=related

    ;;; drop invalid
    chain=forward action=drop

    ;;; UDP
    chain=forward action=accept

    ;;; allow limited pings
    chain=input action=accept protocol=icmp limit=50,5

    ;;; Drop Excess Ping
    chain=input action=drop protocol=icmp


    ;;; blok lokal
    chain=forward action=drop src-address=10.0.3.0/24

    chain=forward action=drop dst-address=10.0.3.0/24


    ;;; drop everything else
    chain=input action=drop

    mohon pencerahannya guys

  4. #4
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by andysha Click here to enlarge
    dear all,

    bagaimana konfigurasi firewall agar ym saja yang di allow sedangkan internet nya diblok, di akhir konfigurasi firewall sy menggunakan input drop all.

    best regard's

    andi
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\\xc0\\x80\r\\n"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]

  5. The Following 2 Users Say Thank You to xeon For This Useful Post:


  6. #5
    Status
    Offline
    udhi's Avatar
    Calon Member
    Join Date
    Feb 2009
    Location
    pontianak, kal-bar
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\\xc0\\x80\r\\n"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]
    asyik dptilmu dr master Xeon, tp kang yg utk ver 3 kebawah kan lum ada layer 7 nya

    @andysha
    tanda pentung itu maksudnya selain jadi !443 selain port 443 di filter addresnya, tp maaf kelupaan yg make port 443 bukan cuma YM, coba mainkan di src-address-list nya aja, masukkan addressnya YM kemudian tutup port 80 utk blok browsing, mohon koreksinya Gan Xeon

  7. #6
    Status
    Offline
    BatavianX's Avatar
    Member Senior
    Join Date
    Dec 2007
    Location
    x-Region
    Posts
    485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Yahoo Messenger itu pake port2 sbb:
    Login
    TCP Port 80
    TCP Port 443
    Chat & Messenger
    TCP Port 5050
    Insider/Room Lists
    TCP Port 80
    File Transfer
    TCP Port 80
    Voice Chat
    UDP 5000-5010
    TCP 5000-5001
    WebCam
    TCP Port 5100
    P2P Instant Messages
    TCP Port 5101

    Untuk blokir Yahoo Messenger cara Bos Xeon bisa untuk diterapkan, tapi untuk kebalikannya gak akan bisa, karna untuk Login beda regex yang dihasilkan...CMiIW...!

  8. The Following 2 Users Say Thank You to BatavianX For This Useful Post:


  9. #7
    Status
    Offline
    udhi's Avatar
    Calon Member
    Join Date
    Feb 2009
    Location
    pontianak, kal-bar
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dapet elmu lagi
    jadi utk login YM pake port 80 yach, jadi kalo port 80 nya ditutup ngga login2 dong, mohon pencerahan Gan BatavianX nh, kalo ip nya YM dinamis ngga Gan?, bisa ngga yah dengan jalan daftarin address nya YM di dst-address-list selain address YM diblok bisa ngga Gan
    thx

  10. #8
    Status
    Offline
    hardi's Avatar
    Newbie
    Join Date
    Nov 2007
    Posts
    55
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\\xc0\\x80\r\\n"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]
    wah ga mempan tuh, malahan ym nya ga bisa masuk...
    yang firewall baris kedua ga jalan...

  11. #9
    Status
    Offline
    andysha's Avatar
    Newbie
    Join Date
    Feb 2008
    Posts
    21
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Udhie :

    iya port 80 untuk pertama kali login ym kalo 80 ikut di blok ym nggak bisa login, ip ym udah aku daftarin berikut daftar server ym :

    Basic Connection:

    Protocol: TCP or HTTP

    Servers:

    scs.msg.yahoo.com
    scsa.msg.yahoo.com
    scsb.msg.yahoo.com
    scsc.msg.yahoo.com

    Port: 20, 23, 25, 80, 119, 5050, 8001, 8002

    tp setelah sy input masih tetep ym nggak jalan Click here to enlarge, apakah karna sy menggunakan :

    chain=forward action=drop src-address=10.0.3.0/24

    chain=forward action=drop dst-address=10.0.3.0/24

    makanya nggak jalan kalo perintah tsb sy disable nanti client lain bisa konek ke internet Click here to enlarge

    mohon dibantu yah Click here to enlarge

  12. #10
    Status
    Offline
    xeon's Avatar
    Verified Account - Partner
    Join Date
    Mar 2008
    Location
    DKI Jakarta
    Posts
    1,539
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by hardi Click here to enlarge
    wah ga mempan tuh, malahan ym nya ga bisa masuk...
    yang firewall baris kedua ga jalan...
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\xc0\x80"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]

    Kalau begitu pakai yang ini, saya udah test jalan pakai reg yang ini.

    Minimum YM versi 8.

    Click here to enlarge Originally Posted by BatavianX Click here to enlarge
    Untuk blokir Yahoo Messenger cara Bos Xeon bisa untuk diterapkan, tapi untuk kebalikannya gak akan bisa, karna untuk Login beda regex yang dihasilkan...CMiIW...!
    Bisa sih bro, kebetulan salah satu kantor saya cuma meng-allow YM dan email aja untuk staff.

  13. The Following User Says Thank You to xeon For This Useful Post:


  14. #11
    Status
    Offline
    hardi's Avatar
    Newbie
    Join Date
    Nov 2007
    Posts
    55
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\xc0\x80"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]

    Kalau begitu pakai yang ini, saya udah test jalan pakai reg yang ini.

    Minimum YM versi 8.



    Bisa sih bro, kebetulan salah satu kantor saya cuma meng-allow YM dan email aja untuk staff.
    masih tetep sama kk xeon, ga bisa..

  15. #12
    Status
    Offline
    dencow's Avatar
    Forum Guru
    Join Date
    Jan 2008
    Posts
    1,728
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by hardi Click here to enlarge
    masih tetep sama kk xeon, ga bisa..
    coba paste setingan yang udah dilakukan situ kemari

  16. #13
    Status
    Offline
    udhi's Avatar
    Calon Member
    Join Date
    Feb 2009
    Location
    pontianak, kal-bar
    Posts
    72
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by andysha Click here to enlarge
    Udhie :

    iya port 80 untuk pertama kali login ym kalo 80 ikut di blok ym nggak bisa login, ip ym udah aku daftarin berikut daftar server ym :

    Basic Connection:

    Protocol: TCP or HTTP

    Servers:

    scs.msg.yahoo.com
    scsa.msg.yahoo.com
    scsb.msg.yahoo.com
    scsc.msg.yahoo.com


    Port: 20, 23, 25, 80, 119, 5050, 8001, 8002

    tp setelah sy input masih tetep ym nggak jalan Click here to enlarge, apakah karna sy menggunakan :

    chain=forward action=drop src-address=10.0.3.0/24

    chain=forward action=drop dst-address=10.0.3.0/24

    makanya nggak jalan kalo perintah tsb sy disable nanti client lain bisa konek ke internet Click here to enlarge

    mohon dibantu yah Click here to enlarge
    karena saya juga masih belajar jd berfikir yang simpel2 aja
    berdasarkan address ke-4 ip server diatas, daftarkan ip address ke address-list
    / ip firewall address-list
    add list=ym address=76.13.15.31
    add list=ym address=76.13.15.32
    add list=ym address=76.13.15.33
    add list=ym address=76.13.15.34
    add list=ym address=76.13.15.35
    add list=ym address=76.13.15.36
    add list=ym address=76.13.15.37
    add list=ym address=68.180.217.6
    add list=ym address=68.180.217.7
    add list=ym address=68.180.217.8
    add list=ym address=76.13.15.45
    add list=ym address=76.13.15.46
    add list=ym address=68.180.217.15
    add list=ym address=68.180.217.16
    add list=ym address=68.180.217.17
    add list=ym address=68.180.217.18
    add list=ym address=68.180.217.19
    add list=ym address=68.180.217.20
    add list=ym address=68.180.217.21
    add list=ym address=68.180.217.22
    add list=ym address=68.180.217.23
    add list=ym address=76.13.15.38
    add list=ym address=76.13.15.39
    add list=ym address=76.13.15.40
    add list=ym address=76.13.15.41
    add list=ym address=76.13.15.42
    add list=ym address=76.13.15.43
    add list=ym address=76.13.15.44
    add list=ym address=216.155.193.185
    add list=ym address=216.155.193.186
    add list=ym address=216.155.193.187
    add list=ym address=216.155.193.128
    add list=ym address=216.155.193.129
    add list=ym address=216.155.193.130
    add list=ym address=216.155.193.131
    add list=ym address=216.155.193.132
    add list=ym address=216.155.193.133
    add list=ym address=216.155.193.134
    add list=ym address=216.155.193.135
    add list=ym address=216.155.193.136
    add list=ym address=216.155.193.137
    add list=ym address=216.155.193.138
    add list=ym address=216.155.193.139
    add list=ym address=216.155.193.140
    add list=ym address=216.155.193.141
    add list=ym address=216.155.193.142
    add list=ym address=216.155.193.143
    add list=ym address=216.155.193.144
    add list=ym address=216.155.193.145
    add list=ym address=216.155.193.146
    add list=ym address=216.155.193.147
    add list=ym address=216.155.193.148
    add list=ym address=216.155.193.149
    add list=ym address=216.155.193.150
    add list=ym address=216.155.193.151
    add list=ym address=216.155.193.152
    add list=ym address=216.155.193.153
    add list=ym address=68.180.217.26
    add list=ym address=68.180.217.27
    add list=ym address=68.180.217.28
    add list=ym address=68.180.217.29
    add list=ym address=68.180.217.30
    add list=ym address=68.180.217.31
    add list=ym address=68.180.217.32
    add list=ym address=76.13.15.47
    add list=ym address=76.13.15.48
    add list=ym address=76.13.15.49
    add list=ym address=76.13.15.50
    add list=ym address=76.13.15.51
    add list=ym address=76.13.15.52
    add list=ym address=76.13.15.53
    add list=ym address=76.13.15.54
    add list=ym address=76.13.15.55
    add list=ym address=68.180.217.24
    add list=ym address=68.180.217.25

    trus yang difilternya kasi rule
    / ip firewall filter
    add chain=forward action=accept dst-address-list=!ym
    nb: kalo ip server YM nya dinamis setting ini ngga bisa dipake
    semoga membantu

  17. The Following User Says Thank You to udhi For This Useful Post:


  18. #14
    Status
    Offline
    flix's Avatar
    Newbie
    Join Date
    Sep 2008
    Posts
    32
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by xeon Click here to enlarge
    /ip firewall layer7-protocol add name=YM regexp="^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\xc0\x80"
    /ip firewall filter add action=accept chain=forward disabled=no in-interface=[NAMA INTERFACE LAN] layer7-protocol=YM
    /ip firewall filter add action=drop chain=forward disable=no in-interface=[NAMA INTERFACE LAN]

    Kalau begitu pakai yang ini, saya udah test jalan pakai reg yang ini.

    Minimum YM versi 8.



    Bisa sih bro, kebetulan salah satu kantor saya cuma meng-allow YM dan email aja untuk staff.
    Ditempat ane jalan.

    Ane blokir PC kasir ditempat ane, tapi tidak memakai IP. konci MAC ADDRESS Click here to enlarge

  19. #15
    Status
    Offline
    blankcode403's Avatar
    Baru Gabung
    Join Date
    Jul 2008
    Location
    Jakarta
    Posts
    14
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    bikin Address list dinamis aja

    Click here to enlarge Originally Posted by udhi Click here to enlarge
    karena saya juga masih belajar jd berfikir yang simpel2 aja
    berdasarkan address ke-4 ip server diatas, daftarkan ip address ke address-list
    / ip firewall address-list
    add list=ym address=76.13.15.31
    add list=ym address=76.13.15.32
    add list=ym address=76.13.15.33
    add list=ym address=76.13.15.34
    add list=ym address=76.13.15.35
    add list=ym address=76.13.15.36
    add list=ym address=76.13.15.37
    add list=ym address=68.180.217.6
    add list=ym address=68.180.217.7
    add list=ym address=68.180.217.8
    add list=ym address=76.13.15.45
    add list=ym address=76.13.15.46
    add list=ym address=68.180.217.15
    add list=ym address=68.180.217.16
    add list=ym address=68.180.217.17
    add list=ym address=68.180.217.18
    add list=ym address=68.180.217.19
    add list=ym address=68.180.217.20
    add list=ym address=68.180.217.21
    add list=ym address=68.180.217.22
    add list=ym address=68.180.217.23
    add list=ym address=76.13.15.38
    add list=ym address=76.13.15.39
    add list=ym address=76.13.15.40
    add list=ym address=76.13.15.41
    add list=ym address=76.13.15.42
    add list=ym address=76.13.15.43
    add list=ym address=76.13.15.44
    add list=ym address=216.155.193.185
    add list=ym address=216.155.193.186
    add list=ym address=216.155.193.187
    add list=ym address=216.155.193.128
    add list=ym address=216.155.193.129
    add list=ym address=216.155.193.130
    add list=ym address=216.155.193.131
    add list=ym address=216.155.193.132
    add list=ym address=216.155.193.133
    add list=ym address=216.155.193.134
    add list=ym address=216.155.193.135
    add list=ym address=216.155.193.136
    add list=ym address=216.155.193.137
    add list=ym address=216.155.193.138
    add list=ym address=216.155.193.139
    add list=ym address=216.155.193.140
    add list=ym address=216.155.193.141
    add list=ym address=216.155.193.142
    add list=ym address=216.155.193.143
    add list=ym address=216.155.193.144
    add list=ym address=216.155.193.145
    add list=ym address=216.155.193.146
    add list=ym address=216.155.193.147
    add list=ym address=216.155.193.148
    add list=ym address=216.155.193.149
    add list=ym address=216.155.193.150
    add list=ym address=216.155.193.151
    add list=ym address=216.155.193.152
    add list=ym address=216.155.193.153
    add list=ym address=68.180.217.26
    add list=ym address=68.180.217.27
    add list=ym address=68.180.217.28
    add list=ym address=68.180.217.29
    add list=ym address=68.180.217.30
    add list=ym address=68.180.217.31
    add list=ym address=68.180.217.32
    add list=ym address=76.13.15.47
    add list=ym address=76.13.15.48
    add list=ym address=76.13.15.49
    add list=ym address=76.13.15.50
    add list=ym address=76.13.15.51
    add list=ym address=76.13.15.52
    add list=ym address=76.13.15.53
    add list=ym address=76.13.15.54
    add list=ym address=76.13.15.55
    add list=ym address=68.180.217.24
    add list=ym address=68.180.217.25

    trus yang difilternya kasi rule
    / ip firewall filter
    add chain=forward action=accept dst-address-list=!ym
    nb: kalo ip server YM nya dinamis setting ini ngga bisa dipake
    semoga membantu
    klo gw ngelist address list gn caranya
    /ip firewall filter
    chain=forward action=add-dst-to-address-list protocol=tcp address-list=YM
    address-list-timeout=0s dst-port=5050

    gw pake port 5050 karena YM centdrung pake ntu port Click here to enlarge

    /ip firewall filter
    chain=forward action=accept dst-address-list=YM
    Click here to enlarge Click here to enlarge selesai deh

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Outdoor Unit MikroTik RB411R/ CPE Hanya Rp 800.000
    By edccomp in forum Others Hardware
    Replies: 76
    Last Post: 05-03-2010, 12:59
  2. Outdoor Unit MikroTik RB411R/ CPE Hanya Rp980.000
    By edccomp in forum MikroTik Products
    Replies: 51
    Last Post: 04-11-2009, 19:40
  3. [Jual] Voucer MUM (MikroTik User Meeting) Hanya Rp 200.000
    By edccomp in forum MikroTik Products
    Replies: 49
    Last Post: 03-11-2009, 12:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •