Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    azteric's Avatar
    Baru Gabung
    Join Date
    Oct 2009
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Settingan ini ada yang salah gak ya,

    Tolong para master2, msh awam scripting mikrotik,...
    dibawah ini script setingan,ktnya standar banget,...tolong d checkan apakah ada yang salah ataukan tidak, terimakasih,..

    IP ADDRESS_______________
    ip address add interface=internet address=192.168.1.1
    ip address add interface=intranet address=192.168.0.1/27

    DASAR_______________
    system identity set name=ClaoNet
    user set admin password=190571

    ethernet____________________
    interface ethernet enable ether1
    interface ethernet enable ether2
    interface Ethernet set ether1 name=intranet
    interface Ethernet set ether2 name=internet

    dns___________
    ip dns set primary-dns=203.130.206.250 secondary-dns=202.134.0.155

    nat & filter firewall standar_______________
    ip firewall nat add action=masquerade chain=srcnat
    ip firewall filter add chain=input connection-state=invalid action=drop
    ip firewall filter add chain=input protocol=udp action=accept
    ip firewall filter add chain=input protocol=icmp action=accept
    ip firewall filter add chain=input in-interface=intranet action=accept
    ip firewall filter add chain=input in-interface=internet action=accept

    dhcp server______________________________________
    ip dhcp-server setup
    dhcp server interface: intranet24
    gateway for dhcp network: 192.168.0.1
    addresses to give out: 192.168.0.3-192.168.0.30
    dns servers: 203.130.206.250,192.168.0.1
    Lease time: 1d

    web proxy_________________________
    /ip web-proxy
    set enabled=yes
    set src-address=0.0.0.0
    set port=8080
    set hostname=ClaoNet
    set transparent-proxy=yes
    set parent-proxy=0.0.0.0:0
    set cache-administrator=…..@...com
    set max-object-size=4096KiB
    set cache-drive=system
    set max-cache-size=unlimited
    set max-ram-cache-size=unlimited

    bikinredirect port ke transparant proxy__________________________
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

    PCQ ________________________
    /ip firewall mangle add chain=forward src-address=192.168.0.0/27 action=mark-connection new-connection-mark=client1-cm
    /ip firewall mangle add connection-mark=client1-cm action=mark-packet new-packet-mark=client1-pm chain=forward
    /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
    /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
    /queue tree add parent=intranet queue=downsteam-pcq packet-mark=client1-pm
    /queue tree add parent=internet queue=upstream-pcq packet-mark=client1-pm

    simpel queue______________________________
    queue simple add name=oppel2 target-addresses=192.168.0.2
    queue simple add name=oppel3 target-addresses=192.168.0.3
    queue simple add name=oppel4 target-addresses=192.168.0.4
    queue simple add name=oppel5 target-addresses=192.168.0.5
    queue simple add name=oppel6 target-addresses=192.168.0.6
    queue simple add name=oppel7 target-addresses=192.168.0.7
    queue simple add name=oppel8 target-addresses=192.168.0.8
    queue simple add name=oppel9 target-addresses=192.168.0.9
    queue simple add name=oppel10 target-addresses=192.168.0.10
    queue simple add name=oppel11 target-addresses=192.168.0.11
    queue simple add name=oppel12 target-addresses=192.168.0.12
    queue simple add name=oppel13 target-addresses=192.168.0.13
    queue simple add name=oppel14 target-addresses=192.168.0.14
    queue simple add name=oppel15 target-addresses=192.168.0.15
    queue simple add name=oppel16 target-addresses=192.168.0.16
    queue simple add name=oppel17 target-addresses=192.168.0.17
    queue simple add name=oppel18 target-addresses=192.168.0.18
    queue simple add name=oppel19 target-addresses=192.168.0.19
    queue simple add name=oppel20 target-addresses=192.168.0.20
    queue simple add name=oppel21 target-addresses=192.168.0.21
    queue simple add name=oppel22 target-addresses=192.168.0.22
    queue simple add name=oppel23 target-addresses=192.168.0.23
    queue simple add name=oppel24 target-addresses=192.168.0.24
    queue simple add name=oppel25 target-addresses=192.168.0.25
    queue simple add name=oppel26 target-addresses=192.168.0.26
    queue simple add name=oppel27 target-addresses=192.168.0.27
    queue simple add name=oppel28 target-addresses=192.168.0.28
    queue simple add name=oppel29 target-addresses=192.168.0.29
    queue simple add name=oppel30 target-addresses=192.168.0.30

    BLOX SPAM____________________________
    /ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
    /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
    /ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=096 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=05-09 protocol=udp action=drop
    /ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
    /ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

    /ip web-proxy access
    add url="ds.eyeblaster.com" action=deny comment="" disabled=no
    add url="duolaimi.net" action=deny comment="" disabled=no
    add url="dutch-sex.com" action=deny comment="" disabled=no
    add url="dvdbank.org" action=deny comment="" disabled=no
    add url="eager-sex.com" action=deny comment=”” disabled=no
    add url="eases.net" action=deny comment="" disabled=no
    add url="easyantispy.com" action=deny comment="" disabled=no
    add url="easycategories.com" action=deny comment="" disabled=no
    add url="easy-search.net" action=deny comment="" disabled=no
    add url="ecosrioplatenses.org" action=deny comment="" disabled=no
    add url="ecstasyporn.net" action=deny comment="" disabled=no
    add url="ehg-bestbuy.hitbox.com" action=deny comment="" disabled=no
    add url="ehg-dig.hitbox.com" action=deny comment="" disabled=no
    add url="ehg-espn.hitbox.com" action=deny comment="" disabled=no
    add url="ehg-intel.hitbox.com" action=deny comment="" disabled=no
    add url="ehg-macromedia.hitbox.com" action=deny comment="" disabled=no


    / ip firewall filter
    add chain=input connection-state=invalid action=drop comment="Drop Invalid connections" disabled=no
    add chain=input src-address=!192.168.0.1/24 protocol=tcp src-port=1024-65535 dst-port=8080 action=drop comment="Block to Proxy" disabled=no
    add chain=input protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
    add chain=input protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no
    add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no
    add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
    add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
    add chain=input src-address=192.168.0.0/27 action=accept comment="Allow access to router from known network" disabled=no
    add chain=input action=drop comment="Drop anything else" disabled=no
    add chain=forward protocol=tcp connection-state=invalid action=drop comment="drop invalid connections" disabled=no
    add chain=forward connection-state=established action=accept comment="allow already established connections" disabled=no
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
    add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
    add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
    add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
    add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
    add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
    add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
    add chain=forward protocol=tcp action=jump jump-target=tcp comment="" disabled=no
    add chain=forward protocol=udp action=jump jump-target=udp comment="" disabled=no
    add chain=forward protocol=icmp action=jump jump-target=icmp comment="" disabled=no
    add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" disabled=no
    add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC portmapper" disabled=no
    add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC portmapper" disabled=no
    add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" disabled=no
    add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" disabled=no
    add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" disabled=no
    add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny NetBus" disabled=no
    add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" disabled=no
    add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no
    add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" disabled=no
    add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" disabled=no
    add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper" disabled=no
    add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC portmapper" disabled=no
    add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" disabled=no
    add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" disabled=no
    add chain=udp protocol=udp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan" disabled=no
    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan" disabled=no
    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan" disabled=no
    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan" disabled=no
    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan" disabled=no
    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan" disabled=no
    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
    add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop invalid connections" disabled=no
    add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow established connections" disabled=no
    add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow already established connections" disabled=no
    add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow source quench" disabled=no
    add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow echo request" disabled=no
    add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow time exceed" disabled=no
    add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow parameter bad" disabled=no
    add chain=icmp action=drop comment="deny all other types" disabled=no
    add chain=tcp protocol=tcp dst-port=25 action=reject reject-with=icmp-network-unreachable comment="Smtp" disabled=no
    add chain=tcp protocol=udp dst-port=25 action=reject reject-with=icmp-network-unreachable comment="Smtp" disabled=no
    add chain=tcp protocol=tcp dst-port=110 action=reject reject-with=icmp-network-unreachable comment="Smtp" disabled=no
    add chain=tcp protocol=udp dst-port=110 action=reject reject-with=icmp-network-unreachable comment="Smtp" disabled=no
    add chain=tcp protocol=udp dst-port=110 action=reject reject-with=icmp-network-unreachable comment="Smtp" disabled=no
    add chain=forward dst-address=208.65.153.251/32 action=drop disabled=no
    add chain=forward dst-address=208.65.153.253/32 action=drop disabled=no

    Sebelumnya terima kasih,.....

  2. #2
    Status
    Offline
    ardi85's Avatar
    Calon Member
    Join Date
    Nov 2007
    Posts
    74
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    udah di coba kan

    masalahnya apa om ?

  3. #3
    Status
    Offline
    budakbaheula's Avatar
    Member Senior
    Join Date
    Jan 2010
    Location
    Sukabumi-Bandung
    Posts
    482
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ardi85 Click here to enlarge
    udah di coba kan

    masalahnya apa om ?
    y dah dicoba apa blum???btw standar 1 ato 2 nih??Click here to enlarge

  4. #4
    Status
    Offline
    azteric's Avatar
    Baru Gabung
    Join Date
    Oct 2009
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by budakbaheula Click here to enlarge
    y dah dicoba apa blum???btw standar 1 ato 2 nih??Click here to enlarge
    Click here to enlarge udah sih,...bisa konek juga, tapi ada salahs atu komputer sudah diberi IP DHCP tetep saja gak konek, padahal komputer laen lancar saja,..Click here to enlarge ,..... ada saran untuk pembenahan?.

  5. #5
    Status
    Offline
    clovanzo's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    408
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sampe ke user passwordnya di paste kesini, sama ga tuh dengan password FM nya ___________________Click here to enlarge

  6. #6
    Status
    Offline
    pesonk's Avatar
    Member
    Join Date
    Jul 2009
    Posts
    176
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mmm.. IP Publiknya blom di paste dimari... jelas masalah Click here to enlarge

  7. #7
    Status
    Offline
    Aray Suck's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    11
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Walah.. ga kebayang deh klo ip public di publish disini.. Click here to enlarge

  8. #8
    Status
    Offline
    erunix_unix's Avatar
    Newbie
    Join Date
    Feb 2008
    Location
    Indonesia
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by azteric Click here to enlarge
    Click here to enlarge udah sih,...bisa konek juga, tapi ada salahs atu komputer sudah diberi IP DHCP tetep saja gak konek, padahal komputer laen lancar saja,..Click here to enlarge ,..... ada saran untuk pembenahan?.
    klo di client yg laen nya bs jalan DHCP dengan baik,ya router anda kondisi na wokehh aja tuh , udah coba cek pc client yg ngga bs itu, apa karena sistem operasi nya atau lan card yg d pake rada errorr Click here to enlarge
    Click here to enlarge

  9. #9
    Status
    Offline
    buyungsandy's Avatar
    Member
    Join Date
    Dec 2009
    Location
    FirlyNET SAMARINDA
    Posts
    214
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    emang tsnya ngerasa ada yg gak beres gak???
    klo ok ok aja y gak apa Click here to enlarge

    rasain aja pelan2 Click here to enlarge

  10. #10
    Status
    Offline
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by buyungsandy Click here to enlarge
    emang tsnya ngerasa ada yg gak beres gak???
    klo ok ok aja y gak apa Click here to enlarge

    rasain aja pelan2 Click here to enlarge
    Orang mau merasakan tambah kenceng koq malah pelan2 Click here to enlargeClick here to enlarge TS @ coba pake kabel lain yang udah konak bagus gan... colok ke komputer yan tidak mau konek ntuh....kalo gak mau konak juga ntuh komputer..lancardnya kale masalah

    CMIIW... Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 3 users browsing this thread. (0 members and 3 guests)

Similar Threads

  1. Replies: 1
    Last Post: 21-03-2011, 04:15
  2. GIMANA SETTINGAN YANG BENER,,,Help Me please...:-(
    By godexs_zone in forum Beginner Basics
    Replies: 2
    Last Post: 07-02-2010, 11:45
  3. nanya settingan mikrotik os dan ap yang benar
    By Androxz in forum Beginner Basics
    Replies: 2
    Last Post: 26-10-2009, 09:28
  4. [ask] setingan queue tree nya apa ada yang salah ?
    By botakedan in forum General Networking
    Replies: 13
    Last Post: 23-08-2008, 17:40

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •