Re: [tanya-jawab] Tanya firewall

Fri, 10 Aug 2007 00:36:05 -0700 

Quoting "artanto, bayu" <[EMAIL PROTECTED]>:

> On 8/10/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Quoting Gatra Wikan <[EMAIL PROTECTED]>:
> >
> > > Pada tanggal 10/08/07, [EMAIL PROTECTED]
> > > <[EMAIL PROTECTED]> menulis:
> > > >
> > > > > coba pastekan isi
> > > > >
> > > > > /etc/squid/squid.conf
> > > > >
> > > > > dan
> > > > >
> > > > > /etc/shorewall/rules
> > > > >
> > > > Dah trace di
> > > > /etc/squid/squid.conf sama /etc/shorewall/rules mungkin ada yang boleh
> > > ngasih
> > > > contoh rules shorewall atau port mana yang mesti dibuka
> > > >
> > > > /etc/shorewall/rules
> > > >
> > > > #Transparent proxy
> > > > REDIRECT                loc             3128            tcp
> www
> > > >       -
> > > > ACCEPT                  $FW             net             tcp
> www
> > > >
> > > > #Accept DNS connections from the firewall to the network
> > > > DNS/ACCEPT              $FW             net
> > > > DNS/ACCEPT              net             $FW
> > > > DNS/ACCEPT              loc             net
> > > > DNS/ACCEPT              $FW             loc
> > > > DNS/ACCEPT              loc             $FW
> > > >
> > > > #Accept SSH connections from local network for administration
> > > > SSH/ACCEPT              loc             $FW
> > > > SSH/ACCEPT              net             $FW
> > > > SSH/ACCEPT              loc             net
> > > > SSH/ACCEPT              $FW             loc
> > > >
> > > > #Allow Ping from local network
> > > > Ping/ACCEPT             loc             $FW
> > > >
> > > > #Reject Ping from "bad" net zone.. and prevent your log from being
> > > flooded..
> > > > #Ping/REJECT             net             $FW
> > > > ACCEPT                  net             $FW
> > > > ACCEPT                  $FW             loc                icmp
> > > > ACCEPT                  $FW             net                icmp
> > > > ACCEPT                  loc             $FW                icmp
> > > > ACCEPT                  loc             net             icmp
> > > >
> > > > #Web
> > > > Web/ACCEPT              loc             net
> > > >
> > > > #Mail
> > > > POP3/ACCEPT             loc             net
> > > > SMTP/ACCEPT             loc             net
> > > > ICQ/ACCEPT              loc             net
> > > >
> > > > #others rules
> > > > ACCEPT                  loc             net                 tcp
> > > 2082,2095
> > > > ACCEPT                  loc             net                 tcp
> 5050
> > > >
> > > >
> > > > /etc/squid/squid.conf
> > > >
> > > > acl our_networks src 192.168.2.0.0.0/24
> > > > http_access allow our_networks
> > > >
> > > > httpd_accel_port 80
> > > > httpd_accel_host virtual
> > > > httpd_accel_with_proxy on
> > > > httpd_accel_uses_host_header on
> > > >
> > > > yang lain masih ikutin default. mohon pencerahan ke suhu semua
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------
> > > > This mail sent through Bina Nusantara Student Webmail Services
> > > > (http://webmail.student.binus.ac.id)
> > > >
> > > >
> > > > --
> > > > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
> > > > Unsubscribe: kirim email ke [EMAIL PROTECTED]
> > > > Arsip dan info milis selengkapnya di http://linux.or.id/milis
> > > >
> > > >
> > >
> > > coba buka port httpsnya soalnya sekarang semua halaman login e-mail pakai
> > > https.
> > > --
> > di squid kan default dah di buka mas apakah di firewall ditambahkan juga
> >
> >
> >
> > --------------------------------------------------------------
> > This mail sent through Bina Nusantara Student Webmail Services
> > (http://webmail.student.binus.ac.id)
> >
> >
> > --
> > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
> > Unsubscribe: kirim email ke [EMAIL PROTECTED]
> > Arsip dan info milis selengkapnya di http://linux.or.id/milis
> >
> >
>
>
> secara default, shorewall sudah bisa untuk ip forward dan trafik loc
> ke net langsung bisa dilakukan tanpa perlu menggunakan rulu khusus
>
> untuk transparent proxy rulenya udah bener, jika ini shorewall + squid
> dalam satu komputer
>
> REDIRECT                loc             3128            tcp             www
>
> untuk fw dimana shorewall terinstall, coba ubah bagian ini
>
> ACCEPT                  $FW             net             tcp             www
>
> ke
>
> ACCEPT                  $FW             net             tcp             all
>
> trus lakukan restart pada shorewallnya, o iya rule lainnya gak usah di
> ubah gpp, emang perlu kan ? kalo gak perlu di hapus aja :D

pas di rubah ke all muncul pesan ini

service shorewall start
Starting shorewall: iptables v1.3.5: invalid TCP port/service `all' specified
Try `iptables -h' or 'iptables --help' for more information.
   ERROR: Command "/sbin/iptables -A fw2net -p tcp --dport all -j ACCEPT" Failed
/sbin/shorewall: line 225:  8649 Terminated              ${VARDIR}/.start
$debugging start
                                                           [FAILED]
aku kembaliin ke www normal



--------------------------------------------------------------
This mail sent through Bina Nusantara Student Webmail Services 
(http://webmail.student.binus.ac.id)


-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Kirim email ke