grabber link rapidshare | download | Trik Download | mp3-college | Lingua | Random Teks | my community | visitor


March 24, 2009

mengamankan jaringan router mikrotik

Filed under: network

Pengamankan router mikrotik dari traffic virus dan excess ping dapat digunakan skrip firewall berikut

Pertama buat address-list "ournetwork" yang berisi alamat IP radio, IP LAN dan IP WAN atau IP lainnya yang dapat dipercaya

Dalam contoh berikut alamat

IP radio adalah = 10.0.0.0/16,

IP LAN = 192.168.2.0/24 dan

IP WAN = 203.89.24.0/21 dan

IP lainnya yang dapat dipercaya = 202.67.33.7

Untuk membuat address-list dapat menggunakan contoh skrip seperti berikut ini tinggal disesuaikan dengan konfigurasi jaringan Anda.

Buat skrtip berikut menggunakan notepad kemudian copy-paste ke console mikrotik

/ ip firewall address-list
add list=ournetwork address=203.89.24.0/21 comment="Datautama Network" disabled=no
add list=ournetwork address=10.0.0.0/16 comment="IP Radio" disabled=no
add list=ournetwork address=192.168.2.0/24 comment="LAN Network" disabled=no

Selanjutnya copy-paste skrip berikut pada console mikrotik

/ ip firewall filter
add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no

add chain=input connection-state=established action=accept comment="Accept established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no


add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no


add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment="FTP" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment="SSH for secure shell" disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment="Telnet" disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment="Web" disabled=no
add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment="winbox" disabled=no


add chain=input protocol=tcp dst-port=1723 action=accept comment="pptp-server" disabled=no
add chain=input src-address-list=ournetwork action=accept comment="From Datautama network" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no

Tags : security mikrotik jaringan mikrotik wireless hotspot mikrotik jaringan warnet bandwidth mikrotik keamanan jaringan server mikrotik wireless access point

Comments »

The URI to TrackBack this entry is: http://curutz.blogsome.com/2009/03/24/mengamankan-jaringan-router-mikrotik/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>



Anti-spam measure: please retype the above text into the box provided.