Coba default filter policy nya seperti ini bos... iptables -P INPUT DROP iptables -P OUTPUT DROP
#loop back iptables -A INPUT -i lo -s 0/0 -j ACCEPT iptables -A OUTPUT -o lo -d 0/0 -j ACCEPT iptables -A INPUT -i lo -d 0/0 -j ACCEPT iptables -A OUTPUT -o lo -s 0/0 -j ACCEPT -----Original Message----- From: Ferry Kristianto [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 11:02 AM To: tanya-jawab@linux.or.id Subject: [tanya-jawab] nanya iptables, mana yang salah? kalo saya pake script ini, saya tidak bisa konek ke htpps ataupun port2 lain. Harusnya kan forward. kira2 apanya yang salah? PORT_FORWARD='123 443 25 110 995 143 22 21 20 194 5050 6667 3142' # internet port in, local network always allow PORT_IN='123 443 10000 25 110 995 143 22 21 20 5050 6667 3142' # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i $INTERNET2 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i $INTERNET3 -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables -t nat -A POSTROUTING -o $INTERNET1 -j MASQUERADE iptables -t nat -A POSTROUTING -o $INTERNET2 -j MASQUERADE iptables -t nat -A POSTROUTING -o $INTERNET3 -j MASQUERADE iptables -A INPUT -i $LAN_IN -j ACCEPT # FORWARD RULES for PORT in $PORT_FORWARD; do iptables -A FORWARD -i $LAN_IN -p tcp --dport $PORT -j ACCEPT iptables -A FORWARD -i $LAN_IN -p udp --dport $PORT -j ACCEPT done # IN RULES FOR LOCAL #for PORT in $PORT_IN; do # iptables -A INPUT -i $INTERNET -p tcp --sport $PORT -j ACCEPT #done # Allow forward to modem from dserver only, drop others # Allow all output through internet interface iptables -A OUTPUT -o $INTERNET1 -j ACCEPT iptables -A OUTPUT -o $INTERNET2 -j ACCEPT iptables -A OUTPUT -o $INTERNET3 -j ACCEPT # Allow ping from all interfaces iptables -A INPUT -i $LAN_IN -p ICMP -j ACCEPT iptables -A INPUT -i $INTERNET1 -p ICMP -j ACCEPT iptables -A INPUT -i $INTERNET2 -p ICMP -j ACCEPT iptables -A INPUT -i $INTERNET3 -p ICMP -j ACCEPT iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 8080 -j REDIRECT --to-port $SQUID_PORT iptables -A OUTPUT -o $LAN_IN -j ACCEPT -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
