Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [Ask] Script biar Client cuman bisa browse IIX aja

    nah di tutorial kan sudah ada cara misahin bandwidth IIX en IX, yg sekarang gue tanya nih...

    biar client misalnya client A,C,E cuman bisa IIX doang en klient laen boleh IX en IIX gimana yah??? buat para master tolongin dong gue

  2. #2
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    kan ditutorial (yang BGP) kan dijelaskan klo untuk routing IIX dan IX melewati interface yg berbeda...

    nah klo gitu gampang ajah bro....tinggal bikin rule di firewall :

    1. Forward -> src-address= (IP address A/C/E) out-interface=IX action=drop

    kayanya sih begitu....yang lain bagaimana masukkannya ?


  3. #3
    Status
    Offline
    mikrotik's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    132
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Emangnya bisa pake / ? contohnya gmn bro ?

  4. #4
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by [a] Click here to enlarge
    kan ditutorial (yang BGP) kan dijelaskan klo untuk routing IIX dan IX melewati interface yg berbeda...

    nah klo gitu gampang ajah bro....tinggal bikin rule di firewall :

    1. Forward -> src-address= (IP address A/C/E) out-interface=IX action=drop

    kayanya sih begitu....yang lain bagaimana masukkannya ?
    heh maksut gue tutorial yg satunya, yg koneksinya jadi satu IIX sama IX so bandwidth managementnya udah dipisah lwt mikrotik, jadi interface cuman 2 satu ke WAN satu lagi ke LAN.

    ini gue udah coba berhasil. jadi client di kantor gue kuota bandwidth IIX sama IX udah berhasil dipisahin lewat router. nah kl udah berhasil di mangle knp ga coba sekalian client-nya cuman bisa IIX access doang

    edit:
    ini gue di rumah skrg, gue liat settingan mikrotik di firewall rule ada packet-marknya coba ah... besok gue kasi rule drop di packet-intl nya bisa jalan apa engga Click here to enlarge thanks for sharing.
    Last edited by okto_2005; 05-07-2007 at 22:02.

  5. #5
    Status
    Offline
    steve_luck_boy's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    39
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Talking share dikit

    1. u mesti dah masukin data2 bgp iix nice

    nih linknya :

    2 bikin lagi script ini

    misalnya cuman kompi yg ipnya 192.168.100.10, 192.168.100.11, ama 192.168.100.12
    bikin deh firewall rulenya :

    /ip firewall filter add chain=forward src-address=192.168.100.10 protocol=tcp dst-port=80 dst-address-list=nice action=accept
    /ip firewall filter add chain=forward src-address=192.168.100.11 protocol=tcp dst-port=80 dst-address-list=nice action=accept
    /ip firewall filter add chain=forward src-address=192.168.100.12 protocol=tcp dst-port=80 dst-address-list=nice action=accept
    /ip firewall filter add chain=forward src-address=192.168.100.10 protocol=tcp dst-port=80 action=drop
    /ip firewall filter add chain=forward src-address=192.168.100.11 protocol=tcp dst-port=80 action=drop
    /ip firewall filter add chain=forward src-address=192.168.100.12 protocol=tcp dst-port=80 action=drop

    nah gitu broo jadi ip 192.168.100.11 ampe 12 cuma bisa browsing iix aja broo Click here to enlarge selamat mencoba :P, oh iya jangan lupa yang action = drop mesti di urutan bawah yah klo diatas ntar jadinya ngga bisa browsing semua Click here to enlarge

  6. The Following 3 Users Say Thank You to steve_luck_boy For This Useful Post:


  7. #6
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    blok dari routing table..

    setelah di masukin nice.rsc jangan lupa di tambahin

    /ip firewall filter chain=forward src-address=<ip atau net yang mau di blok ke internasionalnya> packet-mark=overseas
    connection-mark=mark-con-overseas action=drop



    semoga membantu

  8. The Following User Says Thank You to d3v4 For This Useful Post:

    [a]

  9. #7
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    script berjalan dengan sukses,..... tapi dengan catatan web-proxy tidak diaktifkan. kalo web-proxy diaktifkan rule firewall di bypass Click here to enlarge

  10. #8
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    /ip firewall filter chain=forward src-address=<ip atau net yang mau di blok ke internasionalnya> packet-mark=overseas
    connection-mark=mark-con-overseas action=drop
    script ini klo pake proxy masih lewat ?
    coba paste mangle yang di buat di sini bos, biar bisa sama2 di analisa

  11. #9
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    MANGLE:
    ;;; packet marking-mangle iix and int routing
    chain=prerouting in-interface=local dst-address-list=nice
    action=mark-connection new-connection-mark=conn-iix passthrough=yes

    chain=prerouting connection-mark=conn-iix action=mark-packet
    new-packet-mark=packet-iix passthrough=no

    chain=output connection-mark=conn-iix action=mark-packet
    new-packet-mark=packet-iix passthrough=no

    chain=prerouting action=mark-packet new-packet-mark=packet-itl
    passthrough=no

    chain=output action=mark-packet new-packet-mark=packet-itl passthrough=no

    NAT nya gue:
    chain=srcnat out-interface=wan action=masquerade

    ;;; transparant web
    chain=dstnat in-interface=local protocol=tcp dst-port=80
    src-address-list=iplist action=redirect to-ports=8080

    di nat nya ada src-address-list (isinya daftar ip client) ini karena udah gue ceritain di tut disini firewall rule ga berlaku kalo ip client yg tidak terdaftar (di forward) mengisi gateway & dns mikrotik dengan keadaan web-proxy aktif

    /ip web-proxy dalam keadaan aktif dan running
    [admin@mikrotik] ip web-proxy> pr
    enabled: yes
    src-address: 0.0.0.0
    port: 8080
    hostname: "proxy"
    transparent-proxy: yes
    parent-proxy: 0.0.0.0:0
    cache-administrator: "webmaster"
    max-object-size: 4096KiB
    cache-drive: system
    max-cache-size: 131072KiB
    max-ram-cache-size: unlimited
    status: running
    reserved-for-cache: 131072KiB
    reserved-for-ram-cache: 27648KiB

    /ip proxy juga dalam keadaan aktif dan running
    [admin@mikrotik] ip proxy> pr
    enabled: yes
    port: 3128
    parent-proxy: 0.0.0.0:1
    maximal-client-connecions: 1000
    maximal-server-connectons: 1000

  12. #10
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah.. pertanyaan gw ada yang kurang... coba firewall filternya juga Click here to enlarge

    ini proxy nya ya ??
    [admin@mikrotik] ip web-proxy> pr
    enabled: yes
    src-address: 0.0.0.0
    port: 8080
    hostname: "proxy"
    transparent-proxy: yes
    parent-proxy: 0.0.0.0:0
    cache-administrator: "webmaster"
    max-object-size: 4096KiB
    cache-drive: system
    max-cache-size: 131072KiB
    max-ram-cache-size: unlimited
    status: running
    reserved-for-cache: 131072KiB
    reserved-for-ram-cache: 27648KiB
    ini seriusan ??
    src-address: 0.0.0.0

    ip nya dong brooo biar kita bisa nebeng rame rameeeeeee.................. Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge
    Last edited by d3v4; 08-07-2007 at 01:37.

  13. #11
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    ^^hahahhaa....

    bahaya nih..bahaya.... Click here to enlarge


  14. #12
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    huehuehu ga isa bro.... proxynya udah gue set rule firewallnya biar yg luar ga isa masuk ^^.

  15. #13
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gimana bro problem nya ? udah solve ?
    klo belum coba post /ip firewall filter pr di sini

  16. #14
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Thumbs up

    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    gimana bro problem nya ? udah solve ?
    klo belum coba post /ip firewall filter pr di sini
    hehehe firewall filternya berlapis lapis banyak banget,untuk block port virus semua, kalo ada yg mau ambil aja gratis kok ^^
    nih hasil exportnya:

    / ip firewall filter
    add chain=input in-interface=local src-address=!192.111.111.121 protocol=icmp \
    dst-port=21 action=reject reject-with=icmp-host-unreachable comment="block \
    ping from local" disabled=no
    add chain=input in-interface=wan protocol=tcp dst-port=21 action=drop \
    comment="block ftp from wan" disabled=no
    add chain=input in-interface=wan protocol=tcp dst-port=3128 action=drop \
    comment="block webproxy from wan" disabled=no
    add chain=input in-interface=wan protocol=tcp dst-port=8080 action=drop \
    comment="block webproxy from wan" disabled=no

    add chain=forward protocol=tcp dst-port=135 action=drop comment="blaster and \
    sasser" disabled=no
    add chain=forward protocol=udp dst-port=135 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=139 action=drop comment="" disabled=no
    add chain=forward protocol=udp dst-port=139 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=1434 action=drop comment="port block \
    warning" disabled=no
    add chain=Virus protocol=udp dst-port=1434 action=drop comment="" disabled=no
    add chain=Virus protocol=udp dst-port=2745 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=6344-6381 action=drop comment="" \
    disabled=no
    add chain=Virus protocol=udp dst-port=6344-6381 action=drop comment="" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1080 action=drop comment="MyDoom" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1214 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=593 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=1024-1030 action=drop comment="" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1364 action=drop comment="ndm server" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1368 action=drop comment="screen cast" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1377 action=drop comment="cichlid" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=2235 action=drop comment="Drop Beagle" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=8866 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop \
    MyDoom" disabled=no
    add chain=Virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor \
    OptixPro" disabled=no
    add chain=Virus protocol=tcp dst-port=4444 action=drop comment="Worm" \
    disabled=no
    add chain=Virus protocol=udp dst-port=4444 action=drop comment="" disabled=no
    add chain=Virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=9898 action=drop comment="Drop \
    Dabber.A-B" disabled=no
    add chain=Virus protocol=tcp dst-port=10000 action=drop comment="Drop \
    Dumaru.Y" disabled=no
    add chain=Virus protocol=tcp dst-port=10080 action=drop comment="Drop \
    MyDoom.B" disabled=no
    add chain=Virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" \
    disabled=no
    add chain=Virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, \
    Agobot, Gaobot" disabled=no
    add chain=Virus protocol=tcp dst-port=27374 action=drop comment="Drop \
    SubSeven" disabled=no
    add chain=forward dst-address=192.111.111.73 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.73 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.21 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.21 src-address-list="" action=accept \
    comment="" disabled=no
    add chain=forward dst-address=192.111.111.120 action=accept \
    comment="" disabled=no
    add chain=forward src-address=192.111.111.120 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.121 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.121 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.114 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.114 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.133 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.133 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.118 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.118 src-address-list="" \
    action=accept comment="" disabled=no
    add chain=forward dst-address=192.111.111.137 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.137 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.129 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.129 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.122 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.122 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.111 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.111 action=accept comment="" \
    disabled=no
    add chain=forward p2p=all-p2p action=drop comment="p2p" disabled=no
    add chain=input p2p=all-p2p action=drop comment="" disabled=no
    add chain=forward dst-address=192.111.111.25 action=accept comment="" \
    disabled=yes
    add chain=forward src-address=192.111.111.25 action=accept comment="" \
    disabled=yes
    add chain=forward dst-address=192.111.111.71 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.71 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.99 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.99 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.223 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.223 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.90 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.90 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.226 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.226 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.230 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.230 src-address-list="" \
    action=accept comment="" disabled=no
    add chain=forward dst-address=192.111.111.126 action=accept comment="" \
    disabled=no
    add chain=forward src-address=192.111.111.126 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.252 action=accept \
    comment="harryanto" disabled=no
    add chain=forward src-address=192.111.111.252 action=accept comment="" \
    disabled=no
    add chain=forward dst-address=192.111.111.2 action=accept comment="" \
    disabled=yes
    add chain=forward src-address=192.111.111.2 action=accept comment="" \
    disabled=yes
    add chain=forward action=drop comment="drop all connection" disabled=no

  17. #15
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    setelah coba ubek2 dan eksperimen sendiri, ketemu pemecahannya Click here to enlarge

    aku kasi rule nat sebelum webproxy, dengan mencantumkan packaet-marx iix dan address-list client yg hanya boleh akses iix.

    iplistiix = ip client yg hanya boleh akses iix saja
    iplist = ip client boleh pake iix en ix.

    add chain=dstnat in-interface=local protocol=tcp dst-port=80 \
    packet-mark=packet-iix src-address-list=iplistiix action=redirect \
    to-ports=8080 comment="transparant web iix" disabled=no
    add chain=dstnat in-interface=local protocol=tcp dst-port=80 \
    src-address-list=iplist action=redirect to-ports=8080 comment="transparant web" disabled=no


    Thanks to all yg sudah mau urun rembug Click here to enlarge , satu lagi pengalaman buat kita hihihihi....

  18. The Following 2 Users Say Thank You to okto_2005 For This Useful Post:


 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •