 |
| Ilustration |
ini adalah load balance, tapi bisa juga di sebut sebagai policy routing, jadi kalau ada 1 link ingin di ambil link lokalnya saja, bisa di lempar ke link 1, contoh kasus aku ada 3 wisp, tapi aku ingin ambil 3 line inter-nya dari ke 3 line ini, tapi lokalnya aku lempar ke wisp 1 saja,
==============================
1. pastikan ip2nya sudah siap ya
------------------------------
/ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 3.3.3.8/27 3.3.3.0 ns
1 13.13.13.1/27 13.13.13.0 ether3
2 1xx.1xx.6x.10x/27 1xx.1xx.xx.xxx ns
3 172.10.1.1/30 172.10.1.0 monitoring
4 100.100.100.17/27 100.100.100.0 ns
5 10.10.10.26/24 10.10.10.0 ns
==============================
2. lalu import dahulu nice dari web _http://mikrotik.co.id/
---------------
3. kita langsung ke mangle, ingat kuncinya di sini...
------------------------------
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-connection new-connection-mark=con-iix
passthrough=yes dst-address-list=nice
1 chain=prerouting action=mark-routing new-routing-mark=routing-iix
passthrough=yes in-interface=ether3 connection-mark=con-iix
2 chain=prerouting action=mark-connection new-connection-mark=salak m
passthrough=yes connection-state=new dst-address-list=!nice
connection-mark=!con-iix nth=3,3
3 chain=prerouting action=mark-routing new-routing-mark=salak m passthrough=n>
in-interface=ether3 connection-mark=salak m
4 chain=prerouting action=mark-connection new-connection-mark=salak 71
passthrough=yes connection-state=new dst-address-list=!nice
connection-mark=!con-iix nth=3,2
5 chain=prerouting action=mark-routing new-routing-mark=salak 71
passthrough=no in-interface=ether3 connection-mark=salak 71
6 chain=prerouting action=mark-connection new-connection-mark=jagakarsa
passthrough=yes connection-state=new dst-address-list=!nice
connection-mark=!con-iix nth=3,1
7 chain=prerouting action=mark-routing new-routing-mark=jagakarsa
passthrough=no in-interface=ether3 connection-mark=jagakarsa
8 chain=prerouting action=mark-packet new-packet-mark=packet-iix
passthrough=no connection-mark=con-iix
9 chain=output action=mark-packet new-packet-mark=packet-iix passthrough=no
connection-mark=con-iix
10 chain=prerouting action=mark-packet new-packet-mark=packet-int
passthrough=no
11 chain=output action=mark-packet new-packet-mark=packet-int passthrough=no
=============
4. kita ke ip route..
======
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=3.3.3.1
gateway-status=3.3.3.1 reachable bridge1 distance=1 scope=30
target-scope=10 routing-mark=routing-iix
1 A S dst-address=0.0.0.0/0 gateway=10.10.10.1
gateway-status=10.10.10.1 reachable bridge1 distance=1 scope=30
target-scope=10 routing-mark=salak m
2 A S dst-address=0.0.0.0/0 gateway=3.3.3.1
gateway-status=3.3.3.1 reachable bridge1 distance=1 scope=30
target-scope=10 routing-mark=salak 71
3 A S dst-address=0.0.0.0/0 gateway=100.100.100.1
gateway-status=100.100.100.1 reachable bridge1 distance=1 scope=30
target-scope=10 routing-mark=jagakarsa
4 ADC dst-address=3.3.3.0/27 pref-src=3.3.3.8 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
5 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.26 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
6 ADC dst-address=13.13.13.0/27 pref-src=13.13.13.1 gateway=ether3
gateway-status=ether3 reachable distance=0 scope=10
7 ADC dst-address=100.100.100.0/27 pref-src=100.100.100.17 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
8 ADC dst-address=115.124.68.96/27 pref-src=115.124.68.108 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
9 ADC dst-address=172.10.1.0/30 pref-src=172.10.1.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
=========
5. nat nya
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=alat 1
1 chain=srcnat action=masquerade out-interface=alat 2
3 chain=srcnat action=masquerade out-interface=alat 3
dalam nat sebenernya alat itu bisa di kategorikan sebagai modem 1 2 3. dalam praktek saya ini hanyya menngunakan 1 cpe tapi narik 3 line sekaligus
dalam praktek ini bisa saja punya 3 line speedy, 1 speedy ingin di pakai link lokalnya saja, sedangkan 2 line lagi di ambil 22 nya inter maupun lokal,
mohon maav kalau ada salah2 nulis
membuka arcive jaman masih pake speedy.. mudah2an bermanfaat
Memang tak bisa di pungkiri port SSH pada mikrotik sering di jadikan sasaran empuk para cracking buat menyelinap di router, hal itu bisa di atasi dengan cara membuat aturan di firewall, jika gagal login 10 kali maka IP nya akan di blokir 10 hari.. oke langsung saja amati gambar ini dan pahami sendiri
Untuk mengatasi nya buka terminal mikrotik anda, dan copy paste script berikut :
ip firewall filter
add action=drop chain=input comment="SECURITY - BRUTEFORCE BLOCKING" disabled=no dst-port=22 protocol=tcp \
src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp
 |
| Penampakan Cracking menyerang dengan Bruteforce |
ip firewall filter
add action=drop chain=input comment="SECURITY - BRUTEFORCE BLOCKING" disabled=no dst-port=22 protocol=tcp \
src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new \
disabled=no dst-port=22 protocol=tcp
 |
| Hasil Copas nya bisa di liat IP>Firewall>Filter Rule |
Langganan:
Postingan (Atom)
Tulisan Terbaru...
-
Berjumpa lagi dengan saya Een Pahlefi. Kali ini saya akan share link download program aplikasi desktop yaitu delphi versi lama dan versi ter... -
Bertemu lagi dengan saya Een Pahlefi. Kali ini kita akan membahas tentang " Tutorial Redirect Port 80 ke Proxy External". Bahasa s... -
Download Nitro Pro 9.0.2.37 Final (x86-x64) - SceneDL (PimpRG) Spesial By Google Drive Tutorial Cracks Install Notes: 1] Install The App 2] ... -
Bertemu lagi dengan saya Een Pahlefi. Kali ini saya akan sharing kumpulan link download mikrotik full version dari berbagai versi. Link yang... -
Error Capta Jumpa lagi dengan saya Een Pahlefi..Pernahkah anda menemukan error seperti ini? ini karna ip publik nya 1 disharing rame - rame?... -
Siklus Hidup Sistem (System Life Cycle) SLC adalah proses evolusioner yang diikuti dalam menerapkan sistem atau sub-sistem informasi berbas...
-
/ip address add address=192.168.1.1/24 disabled=no interface=ether3 network=192.168.1.0 add address=192.168.2.2/24 disabled=no interface=Mod... -
Scripting Kata Pengantar Terkadang kita membutuhkan sebuah atau beberapa rule yang bisa kita jalankan pada kondisi tertentu, jiak berdasarka...
-
# Sebelumnya replace dulu smartstarter.exe client dengan file ini http://eenpahlefi-bjm.blogspot.com/2014/02/tutorial-no-autoupdate-smartbil...
-
2.1 Metode Load Balancing PCC Load Balancing dengan metode PCC dilakukan dengan mengambil sejumlah field tertentu dari heade...
