kalau saya sih pake DMZ
semoga membantu
( konsep acak kadul :D:)) )
--------------------
-----------------------------------------------------
eth0 = WAN1 = xxx.xxx.xxx.xxx
eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER -
sementara hanya mailserver )
eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER )
------------------------------------------------------
# Tukang sapu
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables -F -t nat
# Jembatan gantung DMZ <=> LAN
iptables -A FORWARD -i eth2 -o eth1 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -m state --state
ESTABLISHED,RELATED -j ACCEPT
# Jembatan gantung DMZ <=> Mail Server & Webserver
iptables -A FORWARD -i eth1 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
# Jembatan gantung WAN1 <=> LAN
iptables -A FORWARD -i eth2 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
## Forward port 25 ke mail server
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport 25
-j DNAT --to-destination 172.16.0.2
## Forward port 80 ke mail server
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport 80
-j DNAT --to-destination 172.16.0.2
## Forward port 110 ke mail server
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport
110 -j DNAT --to-destination 172.16.0.2
## Forward port 2810 ke mail server
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport
2810 -j DNAT --to-destination 172.16.0.2
---------------========================================================
keterangan ip saya yang saya tulis bisa dilihat di interface saya dibawah ini
----------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
# NIC ATAS
auto eth2
iface eth2 inet static
address 192.168.222.2
netmask 255.255.0.0
# network 192.168.0.0
# broadcast 192.168.255.255
####
# NIC Tengah
auto eth1
iface eth1 inet static
address 172.16.0.1
netmask 255.255.255.0
network 172.16.0.0
broadcast 172.16.255.255
# NIC BAWAH
# auto eth0
auto eth0
iface eth0 inet static
address 202.169.5.1
netmask 255.255.255.240
#network
#broadcast 202.169.255.255
gateway 202.169.5.2
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 202.155.61.80
--------------------------------------------------------------------------
lalu di /etc/hosts nya :
[EMAIL PROTECTED]:/home/mirza# cat /etc/hosts
127.0.0.1 localhost
192.168.222.2 simulasi.contoh.com. simulasi
172.16.0.2 it.contoh.com.
--------------------------------------------------------------------------
install BIND
lalu
[EMAIL PROTECTED]:/home/mirza# cat /etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A
@ IN AAAA ::1
it.contoh.com. IN MX 10 mail.it.contoh.com.
mail.contoh.com. IN CNAME it.contoh.com.
it.contoh.com. IN A 172.16.0.2
===========================================================
lalu create file /etc/bind/db.contoh.com
[EMAIL PROTECTED]:/home/mirza# cat /etc/bind/db.it.gpi-g.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.it.contoh.com. root.contoh.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.it.contoh.com.
@ IN A 172.16.0.2
@ IN AAAA ::1
=================================
dengan skema spt berikut
...............................................................
.................................................................||=====Mail
server
.................................................................||
.................................................................||======
Web server
.................................................................||------------------------------------------------------------>
eth1
Internet ======= eth0 ======> PC ROUTER === eth2 === [ HUB ] ========= CLIENT
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
