thanks mas aris, tapi router kedua-duanya pake cisco 1700, bagaimana merubah rule di router cisco dgn perintah iptables?. firewall nya pake iptables.
thanks Jays -----Original Message----- From: arisg_ml [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 1:18 AM To: [EMAIL PROTECTED] Subject: Re: [tanya-jawab] iptables 2 lokasi router 2 wic Jays wrote: >dear all, >(sorry posting pertama nya gambar acak2an).. :) > >saya punya kondisi network sbb: > > ISP > | > | 64 Kbps > 64 Kbps | >Router (11.0.0.1)----------------------Router (202.x.x.1) > | 2 WIC (ISP,Lok A) > | | > | | > | Firewall > | (202.x.x.2) = eth0 > | (10.x.x.5) = eth1 > | | > | | > Lokasi A Lokasi B > ip 11.x.x.0/24 ip 10.x.x.0/24 > > > >- dilokasi B ada mail server, ftp server dan intranet server. >- di Lokasi A semua client email memakai pop3 dan SMTP ke mail server di >Lokasi B (belum ada cluster mail server) > > echo "1" > /proc/sys/net/ipv4/ip_forward dirouter 202.x.x.1 iptables -A forward -s 11.xx.0/24 -d ip_nya_email -j ACCEPT >- Dari Lokasi A bisa semua request service ke Lokasi B >(smtp,ftp,http,netbios,nfs,icmp,dll) > > dirouter 202.x.x.1 dan firewall iptables -A forward -s 11.xx.0/24 -d 10.x.x.0/24 -j ACCEPT >- Dari ISP hanya boleh (smtp,http,DNS) ke server mail (202.x.x.2 & >10.x.x.11), webmail server (202.x.x.4 & 10.x.x.253 ) dan DNS server >(202.x.x.4 & 10.x.x.253). > > dirouter 202.x.x.1 iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.2 --destination-port 25 -j ACCEPT iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.2 --destination-port 110 -j ACCEPT iptables -A forward -p tcp -s 0.0.0.0 -d 202.x.x.4 --destination-port 53 -j ACCEPT iptables -A forward -p udp -s 0.0.0.0 -d 202.x.x.4 --destination-port 53 -j ACCEPT iptables -A forward -s 0.0.0.0 -d 0.0.0.0 -j DROP >Saya sudah mempelajari tutorial IPTables dari >http://iptables-tutorial.frozentux.net/iptables-tutorial.html, tapi masih >njlimet. kira2 rule yg harus saya set spt apa.... > >pls help me..... > > >Salam, >Jays > > > > > > -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php