2009/12/21 Nyoman [D] <nyo...@royalperspective.com>: > On Mon, 2009-12-21 at 11:46 +0700, "mbah Darmo" wrote: >> 2009/12/21 Nyoman [D] <nyo...@royalperspective.com>: >> > On Mon, 2009-12-21 at 11:23 +0700, "mbah Darmo" wrote: >> >> >> >> >> >> >> >> @Pak Nyoman, >> >> >> >> Topologinya betul seperti yang pak Nyoman gambarkan, berikut ini >> >> >> >> hasil >> >> >> >> trace route ke 125.163.182.189: >> >> >> >> >> >> >> >> C:\Users\Administrator>tracert 125.163.182.189 >> >> >> >> >> >> >> >> Tracing route to 189.subnet125-163-182.speedy.telkom.net.id >> >> >> >> [125.163.182.189] >> >> >> >> over a maximum of 30 hops: >> >> >> >> >> >> >> >> 1 <1 ms <1 ms <1 ms >> >> >> >> 189.subnet125-163-182.speedy.telkom.net.id [125. >> >> >> >> 163.182.189] >> >> >> >> >> >> >> >> Trace complete. >> >> >> >> >> >> >> >> C:\Users\Administrator> >> >> >> >> >> >> >> >> FYI: berikut beberapa rule iptables yang saya eksekusi (mohon >> >> >> >> dikoreksi ya pak...) >> >> >> >> >> >> >> >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT >> >> >> >> --to-source 125.163.182.189 >> >> >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT >> >> >> >> --to-ports 3128 >> >> >> >> iptables -table nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> >> >> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT >> >> >> >> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT >> >> >> >> --to >> >> >> >> 192.168.1.1/24 >> >> >> >> >> >> >> >> dimana: >> >> >> >> eth2 192.168.1.1/24 dari internet >> >> >> >> eth0 192.168.0.0/24 menuju LAN >> >> >> >> >> >> >> >> kami tunggu pencerahannya pak...,(maklum bar4u belajar iptables :D >> >> >> >> ) >> >> >> >> >> >> >> >> thanks & Regards, >> >> >> >> Supriyadi >> >> >> >> >> >> >> > >> >> >> > Silahkan pilih salah satu, >> >> >> > Hapus no 1 atau no 6 >> >> >> > Hapus no 4 atau no 7 >> >> >> > Hapus no 5 dulu, sementara pake yang -j MASQUERADE (no 8) >> >> >> > Untuk no 10 saya agak bingung... coba deh di hapus atau comment( isi >> >> >> > tanda # depannya) dulu >> >> >> > >> >> >> > Nah ini masalahnya... >> >> >> > kok eth0 pake IP local ? Saya sebelumnya nebak kalau computer ini >> >> >> > pake >> >> >> > IP public.. >> >> >> > Berarti topology nya nggak seperti yang saya beri dong >> >> >> > Tapi kurang lebih spt ini: >> >> >> > >> >> >> > LAN|---|eth0___eth2|---|sesuatu yang punya IP public|---Internet >> >> >> > >> >> >> > eth0___eth2 adalah mesin/computer yang ada squidnya >> >> >> > sesuatu yang punya IP public saya tidak tahu >> >> >> > Apakah seperti ini ??? >> >> >> > >> >> >> > Nyoman >> >> >> > >> >> >> >> >> >> rule nmr 5,6,7,10 sementara saya comment pak, >> >> >> untuk eth0 pake ip local karena menuju ke LAN pak, lalu yang eth2 >> >> >> terhubung ke adsl modem, namun modemnya hanya sebagai bridge, jadi >> >> >> yang dial internet servernya (pakai kinternet) kalo misal saya check >> >> >> keluarnya seperti ini pak: >> >> >> >> >> >> server:~ # ip address show >> >> >> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue >> >> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> >> >> inet 127.0.0.1/8 scope host lo >> >> >> inet6 ::1/128 scope host >> >> >> valid_lft forever preferred_lft forever >> >> >> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 >> >> >> link/ether 00:14:5e:c9:1b:9e brd ff:ff:ff:ff:ff:ff >> >> >> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0 >> >> >> inet 192.168.55.1/24 brd 192.168.55.255 scope global eth0 >> >> >> inet6 fe80::214:5eff:fec9:1b9e/64 scope link >> >> >> valid_lft forever preferred_lft forever >> >> >> 3: sit0: <NOARP> mtu 1480 qdisc noop >> >> >> link/sit 0.0.0.0 brd 0.0.0.0 >> >> >> 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 >> >> >> link/ether 00:21:91:91:b1:0a brd ff:ff:ff:ff:ff:ff >> >> >> inet 192.168.1.2/24 brd 192.168.1.255 scope global eth2 >> >> >> inet6 fe80::221:91ff:fe91:b10a/64 scope link >> >> >> valid_lft forever preferred_lft forever >> >> >> 5: dsl0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast >> >> >> qlen 3 >> >> >> link/ppp >> >> >> inet 125.163.182.189 peer 125.163.176.1/32 scope global dsl0 >> >> >> server:~ # >> >> >> >> >> >> thanks, >> >> >> >> >> > >> >> > Oh.. pppoe ya... >> >> > kalau gitu berarti command salah pak >> >> > >> >> > Coba pake ini... >> >> > iptables -table nat -A POSTROUTING -o dsl0 -j MASQUERADE >> >> > atau: >> >> > iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT >> >> > --to-source 125.163.182.189 >> >> > >> >> > Nyoman >> >> > >> >> >> >> sudah saya coba pak,sekarang rule nya tinggal ini: >> >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports >> >> 3128 >> >> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports >> >> 3128 >> >> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT --to-ports >> >> 3128 >> >> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports >> >> 3128 >> >> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT >> >> iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT >> >> >> >> apabila saya check: >> >> >> >> server:~ # iptables -t nat -nvL >> >> Chain PREROUTING (policy ACCEPT 14094 packets, 1012K bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> >> 0.0.0.0/0 tcp dpt:80 redir ports 3128 >> >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> >> 0.0.0.0/0 tcp dpt:81 redir ports 3128 >> >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> >> 0.0.0.0/0 tcp dpt:3124 redir ports 3128 >> >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> >> 0.0.0.0/0 tcp dpt:443 redir ports 3128 >> >> >> >> Chain POSTROUTING (policy ACCEPT 21157 packets, 1414K bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> >> >> Chain OUTPUT (policy ACCEPT 20663 packets, 1400K bytes) >> >> pkts bytes target prot opt in out source >> >> destination >> >> server:~ # >> >> >> >> ternyata juga masih belum bisa pak..,thanks... >> >> >> >> regards, >> >> supriyadi >> >> >> > >> > >> > ehmmm Chain POSTROUTING kok kosong ya.... >> > Oh ya... command no 6 kok cuma sampai -j SNAT saja ?? >> > >> > itu harusnya ada sambungan sampai --to-source 125.163.182.189 >> > Coba ketik perintah itu saja di shell langsung, jangan reboot >> > computernya. >> > dan lihat hasil iptables -nL -t nat, apakah chain POSTROUTING ada >> > isinya ? >> > >> > Nyoman >> > >> > >> >> sekarang sudah muncul pak, berikut hasilnya: >> >> server:~ # iptables -t nat -nvL >> Chain PREROUTING (policy ACCEPT 15548 packets, 1121K bytes) >> pkts bytes target prot opt in out source >> destination >> 26 1280 REDIRECT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 redir ports 3128 >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:81 redir ports 3128 >> 0 0 REDIRECT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:3124 redir ports 3128 >> 28 1452 REDIRECT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:443 redir ports 3128 >> >> Chain POSTROUTING (policy ACCEPT 23177 packets, 1546K bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 SNAT all -- * dsl0 192.168.1.0/24 >> 0.0.0.0/0 to:125.163.182.189 >> >> Chain OUTPUT (policy ACCEPT 22607 packets, 1527K bytes) >> pkts bytes target prot opt in out source >> destination >> server:~ # >> >> ternyata juga belum bisa,apakh tiap selesai memasukkan rule iptables >> perlu direstart pak? >> thanks, >> > > Nggak perlu restart pak... belum bisa apanya? > akses https apa traceroute ke IP google ? > Coba skr ditraceroute dari computer LAN ke IP google pak > > Bapak bisa hubungi saya di YM: nyoman76 kalau mau chat.. jadi bisa lebih > cepat jawabnya > > Nyoman > Terima kasih sekali Pak Nyoman...,atas bimbingannya...semoga yang kuasa membalas budi baik Pak Nyoman,
Regards, Supriyadi -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
