konfigurasi rules banyak sekali........... saya tambahkan di kolom interfaces untuk options,
kalau menggunakan speedy atau ISP yg lain di eth0 net biasanya pake optins dhcp untuk lebih jelasnya mungkin bisa simak artikel ini http://linux2.arinet.org dengan artikel Download Panduan Praktis dan Lengkap Membuat Gateway Internet Arinet catatan: konfigurasi rules berkaitan dengan policy, kalau di policy di ijinkan masuk sebenarnya di rules gak perlu di setting ACCEPT lagi paket yg akan didaftafkan biar file konfigurasi lebih ringkas salam, ikatlah ilmu pengetahuan dengan menulis <[EMAIL PROTECTED]> wrote on 27 Rajab 1428, 05:24 PM: Subject: Re: [tanya-jawab] Tanya firewall >/etc/shorewall/rules >#Transparent proxy >REDIRECT loc 3128 tcp www - >ACCEPT $FW net tcp www > >#Accept DNS connections from the firewall to the network >DNS/ACCEPT $FW net >DNS/ACCEPT net $FW >DNS/ACCEPT loc net >DNS/ACCEPT $FW loc >DNS/ACCEPT loc $FW > > >#Accept SSH connections from local network for administration >SSH/ACCEPT loc $FW >SSH/ACCEPT net $FW >SSH/ACCEPT loc net >SSH/ACCEPT $FW loc > >#Allow Ping from local network >Ping/ACCEPT loc $FW > >#Reject Ping from "bad" net zone.. and prevent your log from being >flooded.. >#Ping/REJECT net $FW >ACCEPT $FW loc icmp >ACCEPT $FW net icmp >ACCEPT loc $FW icmp > >#Web >Web/ACCEPT loc net > >#Mail >POP3/ACCEPT loc net >SMTP/ACCEPT loc net >ICQ/ACCEPT loc net > >#others rules >ACCEPT loc net tcp >2082,2095 >ACCEPT loc net tcp 5050 >ACCEPT loc net udp 5050 >ACCEPT loc net tcp 5010 >ACCEPT loc $FW tcp 25 >ACCEPT net $FW tcp 443 >ACCEPT net $FW udp 6277 >ACCEPT loc $FW tcp 5050 >ACCEPT $FW loc tcp 5050 >ACCEPT loc $FW udp 5050 >ACCEPT fw loc udp 5050 > >/etc/shorewall/interfaces > >#ZONE INTERFACE BROADCAST OPTIONS >net eth0 detect >loc eth1 detect net eth0 detect dhcp,tcpflag,routefilter loc eth1 detect >#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > >/etc/shorewall/zones >#ZONE TYPE OPTIONS IN OUT ># OPTIONS OPTIONS >fw firewall >net ipv4 >loc ipv4 >#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > >/etc/shorewall/masq >#INTERFACE SOURCE ADDRESS PROTO PORT(S) >IPSEC >eth0 eth1 >#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > >-------------------------------------------------------------- >This mail sent through Bina Nusantara Student Webmail Services >(http://webmail.student.binus.ac.id) > > >-- >FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab >Unsubscribe: kirim email ke [EMAIL PROTECTED] >Arsip dan info milis selengkapnya di http://linux.or.id/milis > > --------------------------------------------- Free POP3 Email from www.Gawab.com Sign up NOW and get your account @gawab.com!! -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
