Untuk skenario ini, di misalkan network LAN adalah 192.168.1.0/24
ip address mikrotik 192.168.1.1
ip address mikrotik 192.168.1.1
mari kita mulai:
1. Seting DNS cache
klik IP > DNS
klik tombol Seting
isi Primary dan Secondary DNS dengan ip address DNS server anda atau DNS server ISP anda. dan klik pada “Allow Remote Requests”
klik tombol Apply
1. Seting DNS cache
klik IP > DNS
klik tombol Seting
isi Primary dan Secondary DNS dengan ip address DNS server anda atau DNS server ISP anda. dan klik pada “Allow Remote Requests”
klik tombol Apply
2. Mengarahkan request DNS dari pc klien menuju router mikrotik kita.
tambahkan rule dibawah pada terminal di mikrotik
tambahkan rule dibawah pada terminal di mikrotik
/ip firewall nat add chain=dstnat src-address=192.168.1.0/24 protocol=udp dst-port=53 action=dst-nat to-addresses=192.168.1.1 to-ports=53
/ip firewall nat add chain=dstnat src-address=192.168.1.0/24 protocol=tcp
dst-port=53 action=dst-nat to-addresses=192.168.1.1 to-ports=533. Buat script untuk membaca DNS-cache dan menulis address-list frienster
klik System > Scripts
Create Script, isi Name : “friendster-script”
klik System > Scripts
Create Script, isi Name : “friendster-script”
isi Source nya:
:foreach x in=[/ip dns cache find] do={
:local newaddress "true";
:local cachename [/ip dns cache all get $x name];
:if ( [:find $cachename "friendster"]=0 || [:find $cachename "www.friendster"]=0 ) do={
:local tmpaddress [/ip dns cache get $x address];
:if ( [/ip firewall address-list find ] = "" ) do={
:log info ("menambahkan " . [/ip dns cache get $x name] . " IP " . $tmpaddress);
/ip firewall address-list add address=$tmpaddress list=friendster disabled=no;
} else={
:foreach y in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $y address] = "$tmpaddress" && [/ip firewall address-list get $y list] = "friendster") do={
:set newaddress "false" ;
}
}
:if ( $newaddress = "true" ) do={
:log info ("menambahkan " . [/ip dns cache get $x name] . " IP " . $tmpaddress);
/ip firewall address-list add address=$tmpaddress list=friendster disabled=no;
}
}
}
}4. Buat schedule
klik System > Scheduler
create shedule baru, jalankan setiap 30detik.
klik System > Scheduler
create shedule baru, jalankan setiap 30detik.
5. Buat rule firewall untuk memblok akses dari pc klient ke situs tujuan
/ip firewall filter add chain=forward src-address=192.168.1.0/24 protocol=tcp dst-port=80 dst-address-list=friendster content=friendster.com action=drop
0 komentar:
Posting Komentar