July 2010 ~ predi's blog

Pengeblokan website a.k.a situs bisa dilakukan melalui web proxy atau melalui firewall, nah karena belum mengaktifkan web proxy, kali inipenulis melakukan pengeblokan melalui firewall di mikrotik, dengan perintah seperti contoh berikut ;

ip firewall filter add chain=forward dst-address=209.11.168.112/32 action=reject disabled=no

IP 209.11.168.112 , adalah ip situs yang diblok.

dengan pengumpulan ip address berdasakan content

/ip firewall mangle add action=add-dst-to-address-list address-list=youtube

\... address-list-timeout=1m chain=prerouting content=youtube.com disabled=no comment="block youtube"

/ip firewall filter add action=drop chain=forward comment="drop youtube" disabled=no dst-address-list=youtube

Ok silahkan mencoba. ^_^

Keterangan
IP MODEM 1 : 192.168.2.1
IP MODEM 2 : 192.168.3.1
IP LOKAL : 192.168.1.1/24
IP ETHERNET1 ( SPEEDY1 ): 192.168.2.2
IP ETHERNET2 ( SPEEDY2 ): 192.168.3.2
DNS : 203.134.193.74,202.134.0.155

----Konfigurasi Router Mikotik --------

/interface set ether1 name=local
/interface set ether2 name=speedy1
/interface set ether3 name=speedy2

/ip address add address add=192.168.1.1/24 interface=local
/ip address add address add=192.168.2.2/30 interface=speedy1
/ip address add address add=192.168.3.2/30 interface=speedy2

/ip dns set servers=203.134.193.74,202.134.0.155

/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=2 check-gateway=ping

/ip firewall mangle add chain=input in-interface=speedy1 action=mark-connection new-connection-mark=jalur01
/ip firewall mangle add chain=input in-interface=speedy2 action=mark-connection new-connection-mark=jalur02

/ip firewall mangle add chain=output connection-mark=jalur01 action=mark-routing new-routing-mark=ke_jalur02
/ip firewall mangle add chain=output connection-mark=jalur02 action=mark-routing new-routing-mark=ke_jalur03

/ip firewall mangle add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=local
/ip firewall mangle add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=local

/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=jalur01 passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=jalur02 passthrough=yes

/ip firewall mangle add chain=prerouting connection-mark=jalur01 in-interface=local action=mark-routing new-routing-mark=ke_jalur01
/ip firewall mangle add chain=prerouting connection-mark=jalur02 in-interface=local action=mark-routing new-routing-mark=ke_jalur02

/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=ke_jalur01 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=ke_jalur02 check-gateway=ping

/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-ateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=2 check-gateway=ping

/ip firewall nat add chain=srcnat out-interface=speedy1 action=masquerade
/ip firewall nat add chain=srcnat out-interface=speedy2 action=masquerade

------ selesai -----

Jangan lupa untuk Modem 1 di port ethernet 2, Modem 2 di port ethernet 3 dan untuk LAN Lokal di port ethernet 1.

Selamat Mencoba ...mikrotiker ^_^

predi's blog

LINKS

MALWARE WARNING

Nge-Blok Website di Mikrotik

Load Balancing PCC Mikrotik dengan 2 Speedy

Archives

Categories

Popular Posts