--- "Doni ." <[EMAIL PROTECTED]> wrote:
> teman2, saya punya script iptables, tapi masih > error, > bingung error dimana. gini, rencananya saya akan > memperbolehkan hanya port2 tertentu saja yang bisa > keluar . > skema networknya: > internet--modem--eth1(192.168.1.13)server > eth0(192.168.1.1)--client. > > ini script iptablesnya: > > #!/bin/sh > # Flush > iptables -t nat -F POSTROUTING > iptables -t nat -F PREROUTING > iptables -t nat -F OUTPUT > iptables -F > > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT ACCEPT > > # enable Masquerade and forwarding > iptables -A POSTROUTING -j MASQUERADE -t nat -s > 192.168.1.0/24 -o eth1 > iptables -t nat -p tcp -A PREROUTING -s > 192.168.1.0/24 > -d 0/0 --dport 80 -j REDIRECT --to-ports 3128 > > # Open ports on router for server/services > iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 21 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 110 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 25 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 22 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 143 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 443 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 587 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 995 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 1863 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 3128 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 5050 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 5190 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 8080 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 10000 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 20 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 23 -m > state > --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 119 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 8001 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 8002 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 5100 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 5061 -m > state --state NEW,ESTABLISHED,RELATED > iptables -A INPUT -j ACCEPT -p tcp --dport 5000:5010 > -m state --state NEW,ESTABLISHED,RELATED > > # STATE RELATED for router > iptables -A INPUT -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > tolong yah teman2, butuh n bingung banget nih... > tolong di koreksi yah scriptnya teman2... > > thanks yah... > > -doni- > > > > > > > > _______________________________________________________________________________ > > Apakah Anda Yahoo!? > Kunjungi halaman depan Yahoo! Indonesia yang baru! > http://beta.id.yahoo.com/ > > -- > FAQ milis di > http://wiki.linux.or.id/FAQ_milis_tanya-jawab > Unsubscribe: kirim email ke > [EMAIL PROTECTED] > Arsip dan info milis selengkapnya di > http://linux.or.id/milis > > Coba browse kesini bro http://www.faqs.org/docs/iptables/targets.html Disitu banyak contohnya, SNAT dan DNAT, dll jg ada. Untuk bhs indonesia ada disini http://efnet.linux.or.id/docs/iptables.html __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
