Re: [tanya-jawab] redirector untuk server-server internal dari sebuah IP publik

Wed, 06 Aug 2008 01:57:33 -0700 

saya repost kepanjangan kyknya bagan nya
======

 kalau saya sih pake DMZ
 semoga membantu
 ( konsep acak kadul :D:)) )
 --------------------
 -----------------------------------------------------
 eth0 = WAN1 = xxx.xxx.xxx.xxx
 eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER -
 sementara hanya mailserver )
 eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER  )
 ------------------------------------------------------
 # Tukang sapu
 /sbin/iptables --flush
 /sbin/iptables --table nat --flush
 /sbin/iptables --delete-chain
 /sbin/iptables --table nat --delete-chain
 /sbin/iptables -F -t nat

 # Jembatan gantung DMZ <=> LAN
 iptables -A FORWARD -i eth2 -o eth1 -m state --state
 NEW,ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -i eth1 -o eth2 -m state --state
 ESTABLISHED,RELATED -j ACCEPT

 # Jembatan gantung DMZ <=> Mail Server & Webserver
 iptables -A FORWARD -i eth1 -o eth0 -m state --state
 ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -i eth0 -o eth1 -m state --state
 NEW,ESTABLISHED,RELATED -j ACCEPT

 # Jembatan gantung WAN1 <=> LAN
 iptables -A FORWARD -i eth2 -o eth0 -m state --state
 ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -i eth0 -o eth2 -m state --state
 NEW,ESTABLISHED,RELATED -j ACCEPT

 ## Forward port 25 ke mail server
 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport 25
 -j DNAT --to-destination 172.16.0.2

 ## Forward port 80 ke mail server
 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport 80
 -j DNAT --to-destination 172.16.0.2

 ## Forward port 110 ke mail server
 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport
 110 -j DNAT --to-destination 172.16.0.2

 ## Forward port 2810 ke mail server
 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.5.1 --dport
 2810 -j DNAT --to-destination 172.16.0.2
 ---------------========================================================
 keterangan ip saya yang saya tulis bisa dilihat di interface saya dibawah ini
 ----------------
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).

 # The loopback network interface
 auto lo
 iface lo inet loopback

 # The primary network interface
 # NIC ATAS
 auto eth2
 iface eth2 inet static
        address 192.168.222.2
        netmask 255.255.0.0
 #       network 192.168.0.0
 #       broadcast 192.168.255.255
 ####
 # NIC Tengah
 auto eth1
 iface eth1 inet static
        address 172.16.0.1
        netmask 255.255.255.0
        network 172.16.0.0
        broadcast 172.16.255.255


 # NIC BAWAH
 # auto eth0
 auto eth0
 iface eth0 inet static
        address 202.169.5.1
        netmask 255.255.255.240
        #network
        #broadcast 202.169.255.255
        gateway 202.169.5.2
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 202.155.61.80
 --------------------------------------------------------------------------
 lalu di /etc/hosts nya :
 [EMAIL PROTECTED]:/home/mirza# cat /etc/hosts
 127.0.0.1       localhost
 192.168.222.2   simulasi.contoh.com.  simulasi
 172.16.0.2      it.contoh.com.
 --------------------------------------------------------------------------
 install BIND
 lalu
 [EMAIL PROTECTED]:/home/mirza# cat /etc/bind/db.local
 ;
 ; BIND data file for local loopback interface
 ;
 $TTL    604800
 @       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
 ;
 @       IN      NS      localhost.
 @       IN      A
 @       IN      AAAA    ::1
 it.contoh.com.   IN      MX      10      mail.it.contoh.com.
 mail.contoh.com.      IN      CNAME   it.contoh.com.
 it.contoh.com.   IN      A       172.16.0.2
 ===========================================================
 lalu create file /etc/bind/db.contoh.com

 [EMAIL PROTECTED]:/home/mirza# cat /etc/bind/db.it.gpi-g.com
 ;
 ; BIND data file for local loopback interface
 ;
 $TTL    604800
 @       IN      SOA     ns.it.contoh.com. root.contoh.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
 ;
 @       IN      NS      ns.it.contoh.com.
 @       IN      A       172.16.0.2
 @       IN      AAAA    ::1

 =================================
 dengan skema spt berikut


 ..........................................||=====Mail server
 ..........................................||
 ..........................................||======> Web server
 ..........................................||--> eth1
 Internet  >>>> eth0 -- PC ROUTER -- eth2 >>>>>> [ HUB ] >>>>>>>>CLIENT




-- 
-=-=-=-=

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Reply via email to