> nah masalah shorewall, ada yang punya contoh config yang jalan baik gak > saya ada contoh shorewall sebagai linux gateway + transparant proxy berikut contoh nya
aktifkan shorewall di file /etc/shorewall/shorewall.conf STARTUP_ENABLED=Yes file /etc/shorewall/zones #ZONE TYPE OPTIONS IN OUT OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE file /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect loc eth1 detect #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE file /etc/shorewall/policy #SOURCE DEST POLICY LOG LIMIT:BURST LEVEL fw all ACCEPT loc fw ACCEPT loc net DROP info loc all DROP info net fw DROP info net loc DROP info all all DROP #LAST LINE -- DO NOT REMOVE file /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0 eth1 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE file /etc/shorewall/rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP #SECTION ESTABLISHED #SECTION RELATED SECTION NEW ACCEPT net:202.1.2.3 fw REDIRECT loc 3128 tcp www ACCEPT net:202.1.2.3 fw tcp 20,21,22,25,53,80 ACCEPT net:202.1.3.4 fw udp 20,21,22,25,53,80 ACCEPT loc net tcp 20,21,22,25,53,80,443 ACCEPT loc net udp 20,21,22,25,53,80,443 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE membuat bw manager di shoewall enable tc di file /etc/shorewall/shorewall.conf TC_ENABLED=Internal file /etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 512kbit 384kbit #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE file /etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 full*5/10 full 0 eth0 2 full*3/10 full*5/10 1 eth0 3 full*2/10 full*5/10 2 default #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE file /etc/shorewall/tcrules #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 1 0.0.0.0/0 0.0.0.0/0 icmp 1:F 0.0.0.0/0 192.168.1.2 all 2:F 0.0.0.0/0 192.168.1.3 tcp 80,443 3:F 0.0.0.0/0 192.168.1.100 all #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE start atau restart shorewall #shorewall restart check qdisc dan class sbb: #shorewall show tc silahkan dicoba, ini cuma konfigurasi sederhana, shorewall sangat ampuh menjadi firewall, bw management, nat, redirect, atau VPN server. Kurniadi -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
