Re: [tanya-jawab] [ROUTER and FIREWALL di RH9.0] OpEn akses internet -- HeLp :(

Jhonny Cage Wed, 17 Dec 2003 04:26:19 -0800

Desain anda agak aneh, mengapa server win2k berada di frontend?
bukankah server RH 9.0 di router I dengan menjalankan wvdial sudah cukup?


saya lihat di script iptables anda tidak mencantumkan di interface mana
NAT tersebut dilakukan, tentu saja ini bermasalah.
destination ke internet adalah network 0.0.0.0/0 belum termasuk dalam
script anda.


----- Original Message -----
From: "-<<- I.R. Harahap -- Medan ->>-" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 16, 2003 10:53 PM
Subject: [tanya-jawab] [ROUTER and FIREWALL di RH9.0] OpEn akses internet --
HeLp :(


> ===============================================
> Dear all
> mohon bantuan nih dalam membuat router-statik di RH9.
> perintah utk iptables sudah dibuat.
> Hanya saja clientnya masih gak bisa browsing & chat internet. :(
> Kira2 dimana yach kekurangannya :)
> sebelumnya saya ucapkan terima kasih
> ===============================================
> A. skema jaringan :
> internet --> win2000 -->router-I -->router-II
> ===============================================
> win2000 internet server- dialup
> eth0 192.168.0.1/255.255.255.0 ke router-I
>
> RH9.0 router-I (juga sbg dhcp, gateway, dns)
> eth0 192.168.0.2/255.255.255.0 ke win2000
> eth1 192.168.1.62/255.255.255.192 gateway ke 30 client
> eth2 192.168.2.1/255.255.255.252 ke router-II
>
> RH9.0 router-II
> eth0 192.168.2.2/255.255.255.252 ke Router-I
> eth1 192.168.3.62/255.255.255.192 gateway ke 30 client
> eth2 192.168.4.62/255.255.255.192 gateway ke 30 client
> ===============================================
> B.Rules yang telah di entry ke /etc/sysconf/iptables
>
> iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\
>  192.168.1.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\
>  192.168.2.0/255.255.255.252 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\
>  192.168.3.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\
>  192.168.4.0/255.255.255.192 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\
>  192.168.1.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\
>  192.168.2.0/255.255.255.252 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\
>  192.168.3.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\
>  192.168.4.0/255.255.255.192 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\
>  192.168.1.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\
>  192.168.2.0/255.255.255.252 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\
>  192.168.3.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\
>  192.168.4.0/255.255.255.192 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\
>  192.168.1.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\
>  192.168.2.0/255.255.255.252 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\
>  192.168.3.0/255.255.255.192 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\
>  192.168.4.0/255.255.255.192 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -j SNAT --to 192.168.0.2
>
> /etc/init.d/iptables save
> ===============================================
>
> c.Settingan lainnya.
> ===============================================
> # pada /etc/sysctl.conf --> ipv4=1
> ===============================================
> # pada /etc/sysconfig/statik-routes ditambahi
> any net 192.168.3.0 netmask 255.255.255.192 gw 192.168.2.2
> any net 192.168.4.0 netmask 255.255.255.192 gw 192.168.2.2
tambahkan  net 0.0.0.0/0 gw 192.168.2.2
dan            net 192.168.1.0/26 gw 192.168.2.2
                  net 192.168.0.0/24 gw 192.168.2.2
 idem> ===============================================
> #lalu
> echo "1" > /proc/sys/net/ipv4/ip_forward
> ===============================================
> # untuk buka port chatting
> /sbin/modprobe ip_nat_irc \
> 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,8000
> /sbin/modprobe ip_conntrack_irc \
> 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,8000
> /sbin/modprobe iptable_nat \
> 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,8000
> ===============================================
>
>
>
>
> --
> Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
> Arsip dan info di http://linux.or.id/milis.php
> FAQ milis http://linux.or.id/faq.php
>
>



-- 
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php
FAQ milis http://linux.or.id/faq.php

Re: [tanya-jawab] [ROUTER and FIREWALL di RH9.0] OpEn akses internet -- HeLp :(

Kirim email ke