Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 12 of 12
  1. #1
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Help Tidak bisa login ke facebook...

    salam agan2 semuanya....

    mau tanya, dijaringan hotspot yang saya buat kenapa yah tidak bisa login ke facebook.....Click here to enlarge

    padahal di jaringan lokal bisa....

    hotspot menggunakan ap bullet m2 hp + omni sebagai pemancar...

    Mikrotik menggunakan PC dengan 3 eth
    eth1 --- modem
    eth2 --- switch local 192.168.10.254/24
    eth3 --- bullet m2 hp 192.168.15.254/24 (dhcp)

    pada bullet saya aktifkan fitur filter macc address...

    firewal filter mikrotik

    chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop

    26 chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list
    address-list=ssh_blacklist address-list-timeout=1w3d

    27 chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list
    address-list=ssh_stage3 address-list-timeout=1m

    28 chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list
    address-list=ssh_stage2 address-list-timeout=1m

    29 chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1
    address-list-timeout=1m

    30 ;;; Port Scanners to list
    chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    31 chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list
    address-list=port scanners address-list-timeout=2w

    32 chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    33 chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    34 chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list
    address-list=port scanners address-list-timeout=2w

    35 chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=port scanners
    address-list-timeout=2w

    36 chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list
    address-list=port scanners address-list-timeout=2w

    37 chain=input src-address-list=port scanners action=drop

    38 ;;; Filter FTP to Box
    chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop

    39 chain=output protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m action=accept

    40 chain=output protocol=tcp content=530 Login incorrect action=add-dst-to-address-list address-list=ftp_blacklist
    address-list-timeout=3h

    41 ;;; Separate Protocol into Chains
    chain=forward protocol=tcp action=jump jump-target=tcp

    42 chain=forward protocol=udp action=jump jump-target=udp

    43 chain=forward protocol=icmp action=jump jump-target=icmp

    44 ;;; Blocking UDP Packet
    chain=udp protocol=udp dst-port=69 action=drop

    45 chain=udp protocol=udp dst-port=111 action=drop

    46 chain=udp protocol=udp dst-port=135 action=drop

    47 chain=udp protocol=udp dst-port=137-139 action=drop

    48 chain=udp protocol=udp dst-port=2049 action=drop

    49 chain=udp protocol=udp dst-port=3133 action=drop

    50 ;;; Bloking TCP Packet
    chain=tcp protocol=tcp dst-port=69 action=drop

    51 chain=tcp protocol=tcp dst-port=111 action=drop

    52 chain=tcp protocol=tcp dst-port=119 action=drop

    53 chain=tcp protocol=tcp dst-port=135 action=drop

    54 chain=tcp protocol=tcp dst-port=137-139 action=drop

    55 chain=tcp protocol=tcp dst-port=445 action=drop

    56 chain=tcp protocol=tcp dst-port=2049 action=drop

    57 chain=tcp protocol=tcp dst-port=12345-12346 action=drop

    58 chain=tcp protocol=tcp dst-port=20034 action=drop

    59 chain=tcp protocol=tcp dst-port=3133 action=drop

    60 chain=tcp protocol=tcp dst-port=67-68 action=drop

    61 ;;; Limited Ping Flood
    chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept

    62 chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept

    63 chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept

    64 chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept

    65 chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept

    66 chain=icmp protocol=icmp action=drop

    67 ;;; Allow Broadcast Traffic
    chain=input dst-address-type=broadcast action=accept

    68 ;;; Connection State
    chain=input connection-state=established action=accept

    69 chain=input connection-state=related action=accept

    70 chain=input connection-state=invalid action=drop

    71 ;;; Drop Ip
    chain=forward src-mac-address=00:24:2C:4C:31:65 action=drop

    72 ;;; Allow semua akses internet to client
    chain=forward in-interface=publik out-interface=lokal dst-address=192.168.10.0/24 action=accept

    73 ;;; Allow Remote winbox dari Publik
    chain=input in-interface=publik protocol=tcp dst-port=8291 action=accept

    74 ;;; Allow NTP Traffic
    chain=input in-interface=publik protocol=udp src-port=123 action=accept

    75 ;;; Allow DNS Traffic
    chain=input in-interface=publik protocol=udp src-port=53 action=accept

    76 ;;; Allow Ping Traceroute Traffic
    chain=input in-interface=publik protocol=icmp action=accept

    77 ;;; Log Ip Yang Di Tolak
    chain=input in-interface=publik connection-state=new action=add-src-to-address-list address-list=spam
    address-list-timeout=30m

    78 ;;; Drop Semua Akses yang tidak di ijinkan
    chain=input in-interface=publik action=drop

    79 chain=forward in-interface=wan src-address=!192.168.33.196 src-mac-address=!1C:4BClick here to enlarge6:C1:0B:41 action=drop

    80 chain=forward in-interface=wan src-address=!192.168.20.238 src-mac-address=!00:17:C4:9D:59:2F action=drop

    81 chain=input protocol=icmp action=drop

    82 ;;; Reject if in the 24-hour-list
    chain=forward src-address-list=24-hour-list action=reject reject-with=icmp-network-unreachable

    83 ;;; Check if dest is an open customer
    chain=forward dst-address-list=open-customers action=jump jump-target=open-customers

    84 ;;; Check Known Bad Hosts
    chain=forward action=jump jump-target=bad-hosts

    85 ;;; Reject if in the 24-hour-list
    chain=forward src-address-list=24-hour-list action=reject reject-with=icmp-network-unreachable

    86 ;;; Take no action on bogons
    chain=bad-host-detection src-address-list=bogons action=return

    87 ;;; Add to the 30 second list
    chain=bad-host-detection action=add-src-to-address-list address-list=30-second-list address-list-timeout=30s

    88 chain=bad-host-detection action=return

    89 ;;; jump to the bad-host-detection chain
    chain=forward src-address-list=!our-networks action=jump jump-target=bad-host-detection

    90 ;;; jump to the bad-host-detection chain
    chain=forward src-address-list=!our-networks action=jump jump-target=bad-host-detection

    91 ;;; log and reject the rest
    chain=forward action=log log-prefix=""

    92 chain=forward action=reject reject-with=icmp-network-unreachable
    please help....Click here to enlargeClick here to enlargeClick here to enlarge
    Last edited by iyou; 02-09-2010 at 21:52.

  2. #2
    Status
    Offline
    dencow's Avatar
    Forum Guru
    Join Date
    Jan 2008
    Posts
    1,728
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    kalau ga ngerti fungsi masing masing baris di firewallnya, mendingan hapus saja

  3. #3
    Status
    Offline
    akank's Avatar
    Newbie
    Join Date
    Oct 2009
    Location
    pekanbaru
    Posts
    27
    Reviews
    Read 0 Reviews
    Downloads
    8
    Uploads
    0
    Feedback Score
    0
    ijin nyimak gan Click here to enlarge

  4. #4
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dencow Click here to enlarge
    kalau ga ngerti fungsi masing masing baris di firewallnya, mendingan hapus saja
    ok... jujur gwe kagak ngerti isi barisan dari firewall tersebut....
    makanya gwe mau belajar sama akang....Click here to enlarge

  5. #5
    Status
    Offline
    dylavig's Avatar
    Member Super Senior
    Join Date
    Jun 2008
    Location
    Medan
    Posts
    537
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba di disabled semua firewall itu dulu.. lalu coba. apa bisa jalan ?

  6. #6
    Status
    Offline
    tawa's Avatar
    Member
    Join Date
    Jul 2008
    Location
    www.wifi-bengkulu.blogspot.com
    Posts
    141
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    coba disable semua
    trs enable kan atu2

    nanti pasti tahu dmn letak salah ny... Click here to enlarge

  7. #7
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Emang susah belajarnya cuma Copy paste doank kayak gw, kadang firewall rulle rubah2 meluluClick here to enlarge

  8. #8
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dylavig Click here to enlarge
    coba di disabled semua firewall itu dulu.. lalu coba. apa bisa jalan ?
    tanpa di disabled pun, facebook bisa jalan gan tapi hanya di lokal....
    kalo di hotspot kagak bisa jalan....

    masalahnya, kalo firewall tersebut didisabled nanti routerku mudah diserang oaleh virus dan tangan2 jahil....

    mungkin masih ada saran....Click here to enlarge

  9. #9
    Status
    Offline
    tnt
    tnt's Avatar
    Member Senior
    Join Date
    Aug 2009
    Location
    Jember, Indonesia
    Posts
    416
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    apa mungkin ada settingan firewall yang memblok akses fesbuk ke interface/IP address yg menuju ke hotspot??? Click here to enlarge

  10. #10
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Saya coba analisa ya :

    No : 26-29 : tidak jelas awalnya, jadi tidak pasti. Kayaknya soal blacklist
    No. 30 - 37 : Untuk blok port scanner
    No. 38 - 40 : untuk menghindari penggunaan port FTP
    No. 41 - 43 : Jelas maunya tapi nggak jelas konteksnya dengan bagian mana
    No. 44 - 49 : Untuk menutup sebagian port UDP
    No. 50 - 60 : Untuk blok sebagian port TCP, masalahnya memang tidak ada yang blok port 80, cuma interface inputnya juga tidak diberikan sehingga beresiko salah baca

    No. 61 - 66 : Sudah jelas, blok ping flood
    No. 68 - 72 : jelas maunya tapi tidak jelas tujuannya/manfaatnya

    No. 73 - 76 : Sudah jelas
    No. 77 - 81 : juga sudah jelas tapi nggak jelas tujuan/manfaatnya

    Nah, paling tidak hanya sisa sedikit yang tidak jelas dan masih bisa dianalisa lebih dalam. Saya lelah... Click here to enlarge

    Click here to enlarge Originally Posted by iyou Click here to enlarge
    firewal filter mikrotik


    82 ;;; Reject if in the 24-hour-list
    chain=forward src-address-list=24-hour-list action=reject reject-with=icmp-network-unreachable

    83 ;;; Check if dest is an open customer
    chain=forward dst-address-list=open-customers action=jump jump-target=open-customers

    84 ;;; Check Known Bad Hosts
    chain=forward action=jump jump-target=bad-hosts

    85 ;;; Reject if in the 24-hour-list
    chain=forward src-address-list=24-hour-list action=reject reject-with=icmp-network-unreachable

    86 ;;; Take no action on bogons
    chain=bad-host-detection src-address-list=bogons action=return

    87 ;;; Add to the 30 second list
    chain=bad-host-detection action=add-src-to-address-list address-list=30-second-list address-list-timeout=30s

    88 chain=bad-host-detection action=return

    89 ;;; jump to the bad-host-detection chain
    chain=forward src-address-list=!our-networks action=jump jump-target=bad-host-detection

    90 ;;; jump to the bad-host-detection chain
    chain=forward src-address-list=!our-networks action=jump jump-target=bad-host-detection

    91 ;;; log and reject the rest
    chain=forward action=log log-prefix=""

    92 chain=forward action=reject reject-with=icmp-network-unreachable

  11. The Following User Says Thank You to rahwana For This Useful Post:


  12. #11
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rahwana Click here to enlarge
    Saya coba analisa ya :

    No : 26-29 : tidak jelas awalnya, jadi tidak pasti. Kayaknya soal blacklist
    No. 30 - 37 : Untuk blok port scanner
    No. 38 - 40 : untuk menghindari penggunaan port FTP
    No. 41 - 43 : Jelas maunya tapi nggak jelas konteksnya dengan bagian mana
    No. 44 - 49 : Untuk menutup sebagian port UDP
    No. 50 - 60 : Untuk blok sebagian port TCP, masalahnya memang tidak ada yang blok port 80, cuma interface inputnya juga tidak diberikan sehingga beresiko salah baca

    No. 61 - 66 : Sudah jelas, blok ping flood
    No. 68 - 72 : jelas maunya tapi tidak jelas tujuannya/manfaatnya

    No. 73 - 76 : Sudah jelas
    No. 77 - 81 : juga sudah jelas tapi nggak jelas tujuan/manfaatnya

    Nah, paling tidak hanya sisa sedikit yang tidak jelas dan masih bisa dianalisa lebih dalam. Saya lelah... Click here to enlarge
    woww....very2 nice nih entar gwe kasi THANKS, karena udah ngejelasin satu/satu, meskipun masih ada yang belum heheheh....
    setidaknya gwe bisa dapat ilmu yang berharga dari agan rahwanaClick here to enlarge

  13. #12
    Status
    Offline
    putra_maiwa's Avatar
    Forum Guru
    Join Date
    Sep 2009
    Posts
    1,298
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    alangkah lebih bagus klo rule nya di coba 1 per 1...
    jadi tiap rule yg terkait di coba buka FB, bila sukses coba rule lain lagi..

    klo copas keseluruhan ribet juga liat nya yg mana error nyaClick here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] Facebook ga bisa login
    By tukangkabel in forum General Networking
    Replies: 12
    Last Post: 19-06-2011, 16:07
  2. Tidak Bisa Login
    By emansuherman in forum Beginner Basics
    Replies: 5
    Last Post: 04-04-2010, 23:29
  3. Client Ga bisa login Facebook
    By rielove in forum General Networking
    Replies: 37
    Last Post: 04-12-2009, 06:57
  4. [Help] Tidak logout tidak bisa Login lagi ...
    By nunukan in forum Beginner Basics
    Replies: 3
    Last Post: 21-02-2009, 18:33
  5. tidak bisa login
    By ariesbw in forum Beginner Basics
    Replies: 6
    Last Post: 03-02-2009, 13:29

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •