sebagai tambahan di NF ada workshop internet gateway/internet sharing & firewall dengan shorewall, bandwidth management
jadwal LP3T-NF Mampang Jumat 26 Januari 2007 >> nah masalah shorewall, ada yang punya contoh config yang jalan baik gak >> > saya ada contoh shorewall sebagai linux gateway + transparant proxy > berikut contoh nya > > aktifkan shorewall di file /etc/shorewall/shorewall.conf > > STARTUP_ENABLED=Yes > > file /etc/shorewall/zones > > #ZONE TYPE OPTIONS IN OUT OPTIONS OPTIONS > fw firewall > net ipv4 > loc ipv4 > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > > file /etc/shorewall/interfaces > > #ZONE INTERFACE BROADCAST OPTIONS > net eth0 detect > loc eth1 detect > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > > file /etc/shorewall/policy > > #SOURCE DEST POLICY LOG LIMIT:BURST LEVEL > fw all ACCEPT > loc fw ACCEPT > loc net DROP info > loc all DROP info > net fw DROP info > net loc DROP info > all all DROP > #LAST LINE -- DO NOT REMOVE > > file /etc/shorewall/masq > > #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC > eth0 eth1 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > file /etc/shorewall/rules > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT PORT(S) DEST LIMIT GROUP > #SECTION ESTABLISHED > #SECTION RELATED > SECTION NEW > ACCEPT net:202.1.2.3 fw > REDIRECT loc 3128 tcp www > ACCEPT net:202.1.2.3 fw tcp 20,21,22,25,53,80 > ACCEPT net:202.1.3.4 fw udp 20,21,22,25,53,80 > ACCEPT loc net tcp 20,21,22,25,53,80,443 > ACCEPT loc net udp 20,21,22,25,53,80,443 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > membuat bw manager di shoewall > enable tc di file /etc/shorewall/shorewall.conf > > TC_ENABLED=Internal > > file /etc/shorewall/tcdevices > > #INTERFACE IN-BANDWITH OUT-BANDWIDTH > eth0 512kbit 384kbit > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > file /etc/shorewall/tcclasses > > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > eth0 1 full*5/10 full 0 > eth0 2 full*3/10 full*5/10 1 > eth0 3 full*2/10 full*5/10 2 default > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > file /etc/shorewall/tcrules > > #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST > # PORT(S) > 1 0.0.0.0/0 0.0.0.0/0 icmp > 1:F 0.0.0.0/0 192.168.1.2 all > 2:F 0.0.0.0/0 192.168.1.3 tcp 80,443 > 3:F 0.0.0.0/0 192.168.1.100 all > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > start atau restart shorewall > #shorewall restart > check qdisc dan class sbb: > #shorewall show tc > > silahkan dicoba, ini cuma konfigurasi sederhana, shorewall sangat ampuh > menjadi firewall, bw management, nat, redirect, atau VPN server. > > Kurniadi > > -- > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab > Unsubscribe: kirim email ke [EMAIL PROTECTED] > Arsip dan info milis selengkapnya di http://linux.or.id/milis > > Kurniadi NurulFikri, Margonda Depok Pelopor Training Linux Indonesia -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
