Aku Bisa Lebih Baik

October 24, 2005

Rancangan iptables-1.2.4-2

Filed under: General

Iptables ini saya dapatkan dari grape-info
Konfigurasi script iptables
#Konfigurasi buat Masquerade(NAT) dan Firewall

# !bin/bash
# /usr/local/sbin/setiptables.bash

# Port yang di Accept(diterima)
APORTS=”20 21 22 25 53 80 110 143 8080″
EX_ETH=eth0 #LANcard keluar
IN_ETH=eth1 #LANcard masuk(local)

# Menghentikan semua iptables
/etc/init.d/iptables stop

# iptables –flush
# iptables –delete-chain


#Masquerade
iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE

# Konfigurasi iptables.
# INPUT Chain
for AP in $APORTS
do
iptables -A INPUT -i $EX_ETH -p tcp –dport $AP -j ACCEPT
iptables -A INPUT -i $EX_ETH -p udp –dport $AP -j ACCEPT
done

# Any other packets must be dropped.
iptables -A INPUT -i $EX_ETH -m state –state NEW,INVALID -j DROP

# FORWARD Chain
iptables -A FORWARD -i $EX_ETH -m state –state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Konfigurasi buat Masquerade(NAT), Firewall dan Transparan Proxy
#!/bin/bash
# /usr/local/sbin/setiptables.bash

# Acceptable ports
APORTS=”20 21 22 25 53 80 110 143 8080″
# Reject ports Kazaa(1214), Gnnutella (6346 6347)
RPORTS=”1214 6346 6347″

EX_ETH=eth0 # External Interface
IN_ETH=eth1 # Local Interface
LOCAL_IP=192.168.0.2 # Local Host IP
LOCAL_NET=192.168.0.0/24 # Local Network
EXTERNAL_NET=202.144.158.192/28 # External Network
PROXY_IP=192.168.0.2 # IP Proxy Server (Transparent Proxy)
PROXY_PORT=8080 # Proxy Server Port No

# Menghentikan semua iptables
/etc/init.d/iptables stop

iptables –flush
iptables –delete-chain

# Masquerade
iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE

# Transparent Proxy
iptables -t nat -A PREROUTING -i $IN_ETH \
-p tcp –dport 80 -j REDIRECT –to-port $PROXY_PORT

# Transparent Proxy (to a Remote Box)
# iptables -t nat -A PREROUTING -i $IN_ETH -s ! $LOCAL_IP -p tcp \
# –dport 80 -j DNAT –to $PROXY_IP:$PROXY_PORT
# iptables -t nat -A POSTROUTING -o eth0 -s $LOCAL_NET -d $PROXY_IP \
# -j SNAT –to $LOCAL_IP
# iptables -A FORWARD -s $LOCAL_NET -d $PROXY_IP -i $IN_ETH -o $EX_ETH \
# -p tcp –dport $PROXY_PORT -j ACCEPT

# Accept
for AP in $APORTS
do
iptables -A INPUT -i $EX_ETH -p tcp –dport $AP -j ACCEPT
iptables -A INPUT -i $EX_ETH -p udp –dport $AP -j ACCEPT
done

# Reject
for RP in $RPORTS
do
iptables -A INPUT -p tcp –dport $RP -j REJECT
iptables -A INPUT -p udp –dport $RP -j REJECT
done

# Beberapa paket yang dimatikan.
iptables -A INPUT -i $EX_ETH -m state –state NEW,INVALID -j DROP

# FORWARD Chain
iptables -A FORWARD -i $EX_ETH -m state –state NEW,INVALID -j DROP

# Menghidupkan IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Jika menggunakan Squid maka anda harus memberikan ini pada /etc/squid/squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Jika anda menggunakan Squid 3(tested by squid-beta-3.0-236), Opsi ini tidak tersedia. Gunakan opsi dibawah ini (19 Nov 2004 by SuSE 9.1)

http_port 8080 transparent

1 Comment »

The URI to TrackBack this entry is: http://erfatah.blogsome.com/2005/10/24/rancangan-iptables-124-2/trackback/

  1. Wakakakak…good.

    Comment by tthedark — March 30, 2008 @ 11:51 pm

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>


Get free blog up and running in minutes with Blogsome
Theme designed by Ian Main