rule - rule iptables-nya di-save dulu mas... pake : /etc/init.d/iptables save active rule yg tersimpan bisa diliat di /etc/sysconfig/iptables ( RH, Fedora & sejenisnya ) ato di /var/lib/iptables/active ( Debian )
IWY ----- Original Message ----- From: "Chris Bianco" <[EMAIL PROTECTED]> To: "Tanya-Jawab Linux" <[email protected]> Sent: Wednesday, March 02, 2005 11:33 AM Subject: [tanya-jawab] IPTables for squid > Dear Linuxer's > > Network tempat saya saat ini sbb : > > ISP > | > V > Router -------> 202.155.1. 30 > | > V > Firewall Box (bukan linux)--> 202.155.1.31 dan 10.1.1.9 (sbg gateway juga) > | > V > Switch > | > V > Squid ------> 202.155.1.32 dan 10.1.1.7 > > Network tempat saya 10.1.1.0 dgn subnet 255.255.255.0 (netmask saya samakan > dgn subnet di kantor pusat) > > Karena IP 202.155.1.32 sudah di konfigure di Firewall box-nya menjadi IP > 10.1.1.7, maka di Squid hanya ada 1 network card saja yaitu 10.1.1.7 yg > langsung colok ke switch. > Jadi dari firewall konfigurasinya menjadi : > fw box ---------> switch ---------------> squid dgn memakai IP private > 10.1.1.7 saja. > IP di eth0 squid sudah saya isi 10.1.1.7 dan di network gateway sudah saya > isi 10.1.1.9 > > Sebelumnya di mesin ini Squid sudah pernah saya install dgn konfigurasi ini > berjalan, dan karena mesinnya restart dan saya lupa save konfigurasi > IPTables-nya, maka konfigurasinya hilang. > > Saya sudah coba iptables sbb : > > [EMAIL PROTECTED] root]# iptables -t nat -A POSTROUTING -s > 10.101.101.0/255.255.255.0 -d 0/0 -j SNAT --to 10.101.101.9 > atau > [EMAIL PROTECTED] root]# iptables -t nat -A POSTROUTING -s > 10.101.101.0/255.255.255.0 -d 0/0 -j SNAT --to 10.101.101.7 > > [EMAIL PROTECTED] root]# service network restart > Shutting down interface eth0: [ OK ] > Shutting down loopback interface: [ OK ] > Disabling IPv4 packet forwarding: [ OK ] > Setting network parameters: [ OK ] > Bringing up loopback interface: [ OK ] > Bringing up interface eth0: [ OK ] > [EMAIL PROTECTED] root]# /etc/init.d/iptables restart > [EMAIL PROTECTED] root]# /etc/init.d/iptables status > Table: nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- 10.101.101.0/24 anywhere to:10.101.101.9 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > salam > Chris > > > > > > > > -- > Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] > Arsip, FAQ, dan info milis di http://linux.or.id/milis > Tidak bisa posting? Baca: > http://linux.or.id/problemmilis > http://linux.or.id/tatatertibmilis > > > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.300 / Virus Database: 266.5.7 - Release Date: 01/03/2005 > > -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.7 - Release Date: 01/03/2005 -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis Tidak bisa posting? Baca: http://linux.or.id/problemmilis http://linux.or.id/tatatertibmilis
