2009/12/21 Nyoman [D] <[email protected]>:
> On Mon, 2009-12-21 at 11:23 +0700, "mbah Darmo" wrote:
>> >> >>
>> >> >> @Pak Nyoman,
>> >> >> Topologinya betul seperti yang pak Nyoman gambarkan, berikut ini hasil
>> >> >> trace route ke 125.163.182.189:
>> >> >>
>> >> >> C:\Users\Administrator>tracert 125.163.182.189
>> >> >>
>> >> >> Tracing route to 189.subnet125-163-182.speedy.telkom.net.id
>> >> >> [125.163.182.189]
>> >> >> over a maximum of 30 hops:
>> >> >>
>> >> >> 1 <1 ms <1 ms <1 ms
>> >> >> 189.subnet125-163-182.speedy.telkom.net.id [125.
>> >> >> 163.182.189]
>> >> >>
>> >> >> Trace complete.
>> >> >>
>> >> >> C:\Users\Administrator>
>> >> >>
>> >> >> FYI: berikut beberapa rule iptables yang saya eksekusi (mohon
>> >> >> dikoreksi ya pak...)
>> >> >>
>> >> >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports
>> >> >> 3128
>> >> >> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports
>> >> >> 3128
>> >> >> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT
>> >> >> --to-ports 3128
>> >> >> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT
>> >> >> --to-ports 3128
>> >> >> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT
>> >> >> --to-source 125.163.182.189
>> >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> >> >> --to-ports 3128
>> >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
>> >> >> --to-ports 3128
>> >> >> iptables -table nat -A POSTROUTING -o eth0 -j MASQUERADE
>> >> >> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
>> >> >> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT --to
>> >> >> 192.168.1.1/24
>> >> >>
>> >> >> dimana:
>> >> >> eth2 192.168.1.1/24 dari internet
>> >> >> eth0 192.168.0.0/24 menuju LAN
>> >> >>
>> >> >> kami tunggu pencerahannya pak...,(maklum bar4u belajar iptables :D )
>> >> >>
>> >> >> thanks & Regards,
>> >> >> Supriyadi
>> >> >>
>> >> >
>> >> > Silahkan pilih salah satu,
>> >> > Hapus no 1 atau no 6
>> >> > Hapus no 4 atau no 7
>> >> > Hapus no 5 dulu, sementara pake yang -j MASQUERADE (no 8)
>> >> > Untuk no 10 saya agak bingung... coba deh di hapus atau comment( isi
>> >> > tanda # depannya) dulu
>> >> >
>> >> > Nah ini masalahnya...
>> >> > kok eth0 pake IP local ? Saya sebelumnya nebak kalau computer ini pake
>> >> > IP public..
>> >> > Berarti topology nya nggak seperti yang saya beri dong
>> >> > Tapi kurang lebih spt ini:
>> >> >
>> >> > LAN|---|eth0___eth2|---|sesuatu yang punya IP public|---Internet
>> >> >
>> >> > eth0___eth2 adalah mesin/computer yang ada squidnya
>> >> > sesuatu yang punya IP public saya tidak tahu
>> >> > Apakah seperti ini ???
>> >> >
>> >> > Nyoman
>> >> >
>> >>
>> >> rule nmr 5,6,7,10 sementara saya comment pak,
>> >> untuk eth0 pake ip local karena menuju ke LAN pak, lalu yang eth2
>> >> terhubung ke adsl modem, namun modemnya hanya sebagai bridge, jadi
>> >> yang dial internet servernya (pakai kinternet) kalo misal saya check
>> >> keluarnya seperti ini pak:
>> >>
>> >> server:~ # ip address show
>> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> >> inet 127.0.0.1/8 scope host lo
>> >> inet6 ::1/128 scope host
>> >> valid_lft forever preferred_lft forever
>> >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>> >> link/ether 00:14:5e:c9:1b:9e brd ff:ff:ff:ff:ff:ff
>> >> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
>> >> inet 192.168.55.1/24 brd 192.168.55.255 scope global eth0
>> >> inet6 fe80::214:5eff:fec9:1b9e/64 scope link
>> >> valid_lft forever preferred_lft forever
>> >> 3: sit0: <NOARP> mtu 1480 qdisc noop
>> >> link/sit 0.0.0.0 brd 0.0.0.0
>> >> 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>> >> link/ether 00:21:91:91:b1:0a brd ff:ff:ff:ff:ff:ff
>> >> inet 192.168.1.2/24 brd 192.168.1.255 scope global eth2
>> >> inet6 fe80::221:91ff:fe91:b10a/64 scope link
>> >> valid_lft forever preferred_lft forever
>> >> 5: dsl0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
>> >> link/ppp
>> >> inet 125.163.182.189 peer 125.163.176.1/32 scope global dsl0
>> >> server:~ #
>> >>
>> >> thanks,
>> >>
>> >
>> > Oh.. pppoe ya...
>> > kalau gitu berarti command salah pak
>> >
>> > Coba pake ini...
>> > iptables -table nat -A POSTROUTING -o dsl0 -j MASQUERADE
>> > atau:
>> > iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT
>> > --to-source 125.163.182.189
>> >
>> > Nyoman
>> >
>>
>> sudah saya coba pak,sekarang rule nya tinggal ini:
>> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
>> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports 3128
>> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT --to-ports 3128
>> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
>> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
>> iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT
>>
>> apabila saya check:
>>
>> server:~ # iptables -t nat -nvL
>> Chain PREROUTING (policy ACCEPT 14094 packets, 1012K bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 0 0 REDIRECT tcp -- * * 0.0.0.0/0
>> 0.0.0.0/0 tcp dpt:80 redir ports 3128
>> 0 0 REDIRECT tcp -- * * 0.0.0.0/0
>> 0.0.0.0/0 tcp dpt:81 redir ports 3128
>> 0 0 REDIRECT tcp -- * * 0.0.0.0/0
>> 0.0.0.0/0 tcp dpt:3124 redir ports 3128
>> 0 0 REDIRECT tcp -- * * 0.0.0.0/0
>> 0.0.0.0/0 tcp dpt:443 redir ports 3128
>>
>> Chain POSTROUTING (policy ACCEPT 21157 packets, 1414K bytes)
>> pkts bytes target prot opt in out source
>> destination
>>
>> Chain OUTPUT (policy ACCEPT 20663 packets, 1400K bytes)
>> pkts bytes target prot opt in out source
>> destination
>> server:~ #
>>
>> ternyata juga masih belum bisa pak..,thanks...
>>
>> regards,
>> supriyadi
>>
>
>
> ehmmm Chain POSTROUTING kok kosong ya....
> Oh ya... command no 6 kok cuma sampai -j SNAT saja ??
>
> itu harusnya ada sambungan sampai --to-source 125.163.182.189
> Coba ketik perintah itu saja di shell langsung, jangan reboot
> computernya.
> dan lihat hasil iptables -nL -t nat, apakah chain POSTROUTING ada
> isinya ?
>
> Nyoman
>
>
sekarang sudah muncul pak, berikut hasilnya:
server:~ # iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 15548 packets, 1121K bytes)
pkts bytes target prot opt in out source destination
26 1280 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:81 redir ports 3128
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3124 redir ports 3128
28 1452 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 redir ports 3128
Chain POSTROUTING (policy ACCEPT 23177 packets, 1546K bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * dsl0 192.168.1.0/24
0.0.0.0/0 to:125.163.182.189
Chain OUTPUT (policy ACCEPT 22607 packets, 1527K bytes)
pkts bytes target prot opt in out source destination
server:~ #
ternyata juga belum bisa,apakh tiap selesai memasukkan rule iptables
perlu direstart pak?
thanks,
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [email protected]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
