contoh: di router II RH 9.0 anda isi iptables -t nat -A POSTROUTING -s 192.168.1.0/26 -d 0.0.0.0/0 -i eth0 -j ACCEPT
dan juga tambahkan routing static di router II # route add -net default gw 192.168.2.1 saya sarankan agar lebih mudah gunakan shorewall dari www.shorewall.org. atau gunakan distro khusus firewall seperti Mandrake Multi Network Firewall MNF 8.2 iso-nya ada di CD infolinux beberapa edisi yang lalu. Web admin interface-nya sangat user friendly dan powerfull. Bisa sekaligus digunakan sebagai proxy dan IDS. ----- Original Message ----- From: "-<<- I.R. Harahap -- Medan ->>-" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 18, 2003 12:24 PM Subject: Re: [tanya-jawab] [ROUTER and FIREWALL di RH9.0] OpEn akses internet -- HeLp :( > =============================================== > > begini, win2000 saya pergunakan di frontend karena modemnya > internal merk connexant, > saya sudah mencoba untuk mempergunakan di Router I RH9 dengan > mengambil drivernya di linuxant,hanya saja modemnya tidak bisa > dijalankan di RH9 tsb. > > kemudian bagaimana caranya mencantumkan destination ke internet dgn > network 0.0.0.0/0 ? > mohon pencerahan lagi : > > =============================================== > On Wednesday 17 December 2003 18:25, Jhonny Cage wrote: > > Desain anda agak aneh, mengapa server win2k berada di frontend? > > bukankah server RH 9.0 di router I dengan menjalankan wvdial sudah cukup? > > > > saya lihat di script iptables anda tidak mencantumkan di interface mana > > NAT tersebut dilakukan, tentu saja ini bermasalah. > > destination ke internet adalah network 0.0.0.0/0 belum termasuk dalam > > script anda. > > > > > > ----- Original Message ----- > > From: "-<<- I.R. Harahap -- Medan ->>-" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, December 16, 2003 10:53 PM > > Subject: [tanya-jawab] [ROUTER and FIREWALL di RH9.0] OpEn akses internet > > -- HeLp :( > > > > > =============================================== > > > Dear all > > > mohon bantuan nih dalam membuat router-statik di RH9. > > > perintah utk iptables sudah dibuat. > > > Hanya saja clientnya masih gak bisa browsing & chat internet. :( > > > Kira2 dimana yach kekurangannya :) > > > sebelumnya saya ucapkan terima kasih > > > =============================================== > > > A. skema jaringan : > > > internet --> win2000 -->router-I -->router-II > > > =============================================== > > > win2000 internet server- dialup > > > eth0 192.168.0.1/255.255.255.0 ke router-I > > > > > > RH9.0 router-I (juga sbg dhcp, gateway, dns) > > > eth0 192.168.0.2/255.255.255.0 ke win2000 > > > eth1 192.168.1.62/255.255.255.192 gateway ke 30 client > > > eth2 192.168.2.1/255.255.255.252 ke router-II > > > > > > RH9.0 router-II > > > eth0 192.168.2.2/255.255.255.252 ke Router-I > > > eth1 192.168.3.62/255.255.255.192 gateway ke 30 client > > > eth2 192.168.4.62/255.255.255.192 gateway ke 30 client > > > =============================================== > > > B.Rules yang telah di entry ke /etc/sysconf/iptables > > > > > > iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\ > > > 192.168.1.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\ > > > 192.168.2.0/255.255.255.252 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\ > > > 192.168.3.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d\ > > > 192.168.4.0/255.255.255.192 -j ACCEPT > > > > > > iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\ > > > 192.168.1.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\ > > > 192.168.2.0/255.255.255.252 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\ > > > 192.168.3.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d\ > > > 192.168.4.0/255.255.255.192 -j ACCEPT > > > > > > iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\ > > > 192.168.1.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\ > > > 192.168.2.0/255.255.255.252 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\ > > > 192.168.3.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d\ > > > 192.168.4.0/255.255.255.192 -j ACCEPT > > > > > > iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\ > > > 192.168.1.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\ > > > 192.168.2.0/255.255.255.252 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\ > > > 192.168.3.0/255.255.255.192 -j ACCEPT > > > iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d\ > > > 192.168.4.0/255.255.255.192 -j ACCEPT > > > > > > iptables -t nat -A POSTROUTING -j SNAT --to 192.168.0.2 > > > > > > /etc/init.d/iptables save > > > =============================================== > > > > > > c.Settingan lainnya. > > > =============================================== > > > # pada /etc/sysctl.conf --> ipv4=1 > > > =============================================== > > > # pada /etc/sysconfig/statik-routes ditambahi > > > any net 192.168.3.0 netmask 255.255.255.192 gw 192.168.2.2 > > > any net 192.168.4.0 netmask 255.255.255.192 gw 192.168.2.2 > > > > tambahkan net 0.0.0.0/0 gw 192.168.2.2 > > dan net 192.168.1.0/26 gw 192.168.2.2 > > net 192.168.0.0/24 gw 192.168.2.2 > > idem> =============================================== > > > > > #lalu > > > echo "1" > /proc/sys/net/ipv4/ip_forward > > > =============================================== > > > # untuk buka port chatting > > > /sbin/modprobe ip_nat_irc \ > > > 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,800 > > >0 /sbin/modprobe ip_conntrack_irc \ > > > 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,800 > > >0 /sbin/modprobe iptable_nat \ > > > 6660,6662,6663,6664,6665,6666,6667,6668,6669,7000,7001,7002,7003,7007,800 > > >0 =============================================== > > > > > > > > > > > > > > > -- > > > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > > > Arsip dan info di http://linux.or.id/milis.php > > > FAQ milis http://linux.or.id/faq.php > > > > -- > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > Arsip dan info di http://linux.or.id/milis.php > FAQ milis http://linux.or.id/faq.php > -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php FAQ milis http://linux.or.id/faq.php
