On Mon, 2009-12-21 at 10:10 +0700, "mbah Darmo" wrote: > 2009/12/21 Nyoman [D] <nyo...@royalperspective.com>: > > On Mon, 2009-12-21 at 07:34 +0700, "mbah Darmo" wrote: > >> >> > Nyoman > >> >> > > >> >> @Pak Nyoman, > >> >> sudah saya baca pak...,maaf tadi belum saya paste hasilnya, thanks, > >> >> > >> >> C:\Documents and Settings\hp>ping 125.163.182.189 > >> >> > >> >> Pinging 125.163.182.189 with 32 bytes of data: > >> >> > >> >> Reply from 125.163.182.189: bytes=32 time=6ms TTL=64 > >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64 > >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64 > >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64 > >> >> > >> >> C:\Documents and Settings\hp>tracert google.com > >> >> > >> >> Tracing route to google.com [216.239.61.104] > >> >> over a maximum of 30 hops: > >> >> > >> >> 1 <1 ms <1 ms <1 ms ns1.sctc.local [192.168.0.254] > >> >> 2 * * * Request timed out. > >> >> Trace complete. > >> >> > >> > > >> > Aneh ya... kenapa traceroute tidak melewati IP 125.163.182.189 ? > >> > > >> > Bagaimana topology network bapak? > >> > Apakah seperti ini?? > >> > > >> > 192.168.0.0/24 (LAN)-----|Mesin Linux sekaligus Proxy|---- Internet > >> > > >> > Makin penasaran.. masalahnya di mana ya... > >> > Coba paste hasil traceroute ke IP 125.163.182.189 pak > >> > > >> > Nyoman > >> > > >> > >> @Pak Nyoman, > >> Topologinya betul seperti yang pak Nyoman gambarkan, berikut ini hasil > >> trace route ke 125.163.182.189: > >> > >> C:\Users\Administrator>tracert 125.163.182.189 > >> > >> Tracing route to 189.subnet125-163-182.speedy.telkom.net.id > >> [125.163.182.189] > >> over a maximum of 30 hops: > >> > >> 1 <1 ms <1 ms <1 ms 189.subnet125-163-182.speedy.telkom.net.id > >> [125. > >> 163.182.189] > >> > >> Trace complete. > >> > >> C:\Users\Administrator> > >> > >> FYI: berikut beberapa rule iptables yang saya eksekusi (mohon > >> dikoreksi ya pak...) > >> > >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128 > >> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports 3128 > >> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT --to-ports > >> 3128 > >> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports > >> 3128 > >> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT > >> --to-source 125.163.182.189 > >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > >> --to-ports 3128 > >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT > >> --to-ports 3128 > >> iptables -table nat -A POSTROUTING -o eth0 -j MASQUERADE > >> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT > >> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT --to > >> 192.168.1.1/24 > >> > >> dimana: > >> eth2 192.168.1.1/24 dari internet > >> eth0 192.168.0.0/24 menuju LAN > >> > >> kami tunggu pencerahannya pak...,(maklum bar4u belajar iptables :D ) > >> > >> thanks & Regards, > >> Supriyadi > >> > > > > Silahkan pilih salah satu, > > Hapus no 1 atau no 6 > > Hapus no 4 atau no 7 > > Hapus no 5 dulu, sementara pake yang -j MASQUERADE (no 8) > > Untuk no 10 saya agak bingung... coba deh di hapus atau comment( isi > > tanda # depannya) dulu > > > > Nah ini masalahnya... > > kok eth0 pake IP local ? Saya sebelumnya nebak kalau computer ini pake > > IP public.. > > Berarti topology nya nggak seperti yang saya beri dong > > Tapi kurang lebih spt ini: > > > > LAN|---|eth0___eth2|---|sesuatu yang punya IP public|---Internet > > > > eth0___eth2 adalah mesin/computer yang ada squidnya > > sesuatu yang punya IP public saya tidak tahu > > Apakah seperti ini ??? > > > > Nyoman > > > > rule nmr 5,6,7,10 sementara saya comment pak, > untuk eth0 pake ip local karena menuju ke LAN pak, lalu yang eth2 > terhubung ke adsl modem, namun modemnya hanya sebagai bridge, jadi > yang dial internet servernya (pakai kinternet) kalo misal saya check > keluarnya seperti ini pak: > > server:~ # ip address show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:14:5e:c9:1b:9e brd ff:ff:ff:ff:ff:ff > inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0 > inet 192.168.55.1/24 brd 192.168.55.255 scope global eth0 > inet6 fe80::214:5eff:fec9:1b9e/64 scope link > valid_lft forever preferred_lft forever > 3: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:21:91:91:b1:0a brd ff:ff:ff:ff:ff:ff > inet 192.168.1.2/24 brd 192.168.1.255 scope global eth2 > inet6 fe80::221:91ff:fe91:b10a/64 scope link > valid_lft forever preferred_lft forever > 5: dsl0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 > link/ppp > inet 125.163.182.189 peer 125.163.176.1/32 scope global dsl0 > server:~ # > > thanks, >
Oh.. pppoe ya... kalau gitu berarti command salah pak Coba pake ini... iptables -table nat -A POSTROUTING -o dsl0 -j MASQUERADE atau: iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT --to-source 125.163.182.189 Nyoman
signature.asc
Description: This is a digitally signed message part