Friday 5 October 2012


/ radius add service=hotspot address=10.5.50.1 secret=azuan1

/ ip hotspot profile set hsprof1 use-radius=yes

/ tool user-manager customer add login="admin" password="azuan1" permissions=owner

/ tool user-manager router add subscriber=admin ip-address=10.5.50.1 shared-secret=azuan1
Posted by at 0 comments
Posted by at 0 comments

Friday 10 August 2012

NAT Lokal ke Publik Mikrotik

Konsep ini sebenarnya ada 2 versi, kebetulan saya ambil yang simple aja de

Misalkan : ip 192.168.10.10 dengan port 88 mau di forward kan ke ip 192.168.100.10 dengan port yang sama

ip firewall
chain : dstnat
dst-address : 192.168.100.10
protocol : tcp
dst-port : 88



action : dst-nat
to-address : 192.168.10.10
to port : 88



Apply ok.


Semoga bermanfaat

Posted by at 0 comments
Labels:

Tuesday 1 May 2012


Instal Ubuntu server 10.10

http://kurniawanadam.wordpress.com/2011/05/08/instalasi-ubuntu-server-10-10/
Posted by at 0 comments

Friday 27 April 2012

Filter Rules Mikrotik

Minggu, 10 Mei 2009blok ip yg coba masuk pake ssh n telnet http://www.forummikrotik.com/beginner-basics/553-ask-blok-ip-yg-coba-masuk-pake-ssh-n-telnet.html

ssh blocker

 / ip firewall filter

Quote:
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \ comment="drop ssh brute forcers" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \ comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \ disabled=no

ftp blocker

/ ip firewall filter

Quote:
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \ comment="drop ftp brute forcers" disabled=no add chain=input protocol=tcp dst-port=21 connection-state=new \ src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \ comment="" disabled=no add chain=input protocol=tcp dst-port=21 connection-state=new \ src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=21 connection-state=new \ src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=21 connection-state=new \ action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment="" \ disabled=no

 telnet blocker

/ ip firewall filter

Quote:
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \ comment="drop telnet brute forcers" disabled=no add chain=input protocol=tcp dst-port=23 connection-state=new \ src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \ comment="" disabled=no add chain=input protocol=tcp dst-port=23 connection-state=new \ src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=23 connection-state=new \ src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \ comment="" disabled=no add chain=input protocol=tcp dst-port=23 connection-state=new \ action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment="" \ disabled=no ---------

--------hemmm gimana klo misalnya dibikin suatu firewall yang hanya memperbolehkan alamat tertentu saja yang boleh mengakses router selain itu di drop. misal untuk yang diperbolehkan untuk mengakses router adalah komputer administrator dengan ip 192.168.0.1 contoh firewall yang akan dibangun :

Code:

 /ip firewall filter add chain=input src-address=192.168.0.1 action=accept/ip firewall filter add chain=input action=drop

contoh diatas hanya memperbolehkan ip 192.168.0.1 saja yang bisa mengakses router silahkan dieksperimen lagi bro
Posted by at 0 comments
Subscribe to: Posts (Atom)