RE: [tanya-jawab] iptables 2 lokasi router 2 wic

Tue, 09 Dec 2003 20:39:48 -0800 

thanks mas aris,

tapi router kedua-duanya pake cisco 1700, bagaimana merubah rule di router
cisco dgn perintah iptables?. firewall nya pake iptables.

thanks
Jays


-----Original Message-----
From: arisg_ml [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 1:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [tanya-jawab] iptables 2 lokasi router 2 wic


Jays wrote:

>dear all,
>(sorry posting pertama nya gambar acak2an).. :)
>
>saya punya kondisi network sbb:
>
>                                              ISP
>                                               |
>                                               | 64 Kbps
>                       64 Kbps                 |
>Router (11.0.0.1)----------------------Router (202.x.x.1)
>         |                              2 WIC (ISP,Lok A)
>         |                                     |
>         |                                     |
>         |                                  Firewall
>         |                             (202.x.x.2) = eth0
>         |                             (10.x.x.5) = eth1
>         |                                     |
>         |                                     |
>     Lokasi A                               Lokasi B
> ip 11.x.x.0/24                         ip 10.x.x.0/24
>
>
>
>- dilokasi B ada mail server, ftp server dan intranet server.
>- di Lokasi A semua client email memakai pop3 dan SMTP ke mail server di
>Lokasi B (belum ada cluster mail server)
>
>
echo "1" > /proc/sys/net/ipv4/ip_forward

dirouter 202.x.x.1
iptables -A forward -s 11.xx.0/24 -d ip_nya_email -j ACCEPT

>- Dari Lokasi A bisa semua request service ke Lokasi B
>(smtp,ftp,http,netbios,nfs,icmp,dll)
>
>
dirouter 202.x.x.1 dan firewall
iptables -A forward -s 11.xx.0/24 -d 10.x.x.0/24 -j ACCEPT

>- Dari ISP hanya boleh (smtp,http,DNS) ke server mail (202.x.x.2 &
>10.x.x.11), webmail server (202.x.x.4 & 10.x.x.253 ) dan DNS server
>(202.x.x.4 & 10.x.x.253).
>
>
dirouter 202.x.x.1
iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.2 --destination-port
25  -j ACCEPT
iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.2 --destination-port
110  -j ACCEPT

iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.4 --destination-port
53  -j ACCEPT
iptables -A forward -p udp -s 0.0.0.0 -d 202.x.x.4 --destination-port
53  -j ACCEPT

iptables -A forward -s 0.0.0.0 -d 0.0.0.0 -j DROP

>Saya sudah mempelajari tutorial IPTables dari
>http://iptables-tutorial.frozentux.net/iptables-tutorial.html, tapi masih
>njlimet. kira2 rule yg harus saya set spt apa....
>
>pls help me.....
>
>
>Salam,
>Jays
>
>
>
>
>
>




--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php



-- 
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php

Kirim email ke