Dalam Hal ini dipakai Fedora Core XX menggunakan 2 ethernet card :
- eth0 : ethernet card dengan ip public (static atau dhcp tergantung provider)
- eth1 : ethernet card Lokal (sebagai gateway utk klien2)
- eth0 : ethernet card dengan ip public (static atau dhcp tergantung provider)
- eth1 : ethernet card Lokal (sebagai gateway utk klien2)
Langkah awal install-lah Fedora XXX sesuaikan dengan keperluan.
login menggunakan root , lalu :
login menggunakan root , lalu :
konfigurasi ip address eth0 , misal xxx.xxx.xxx.xxx (ip public static atau dhcp tergantung provider )
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
konfigurasi ip address eth1 , misal 192.168.10.1 dengan netmask 255.255.255.0 (192.168.10.1/24)
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
konfigurasi ip address diatas dapat juga dilakukan saat menginstall fedora.
(untuk konfigurasi sesuaikan editor dengan kebiasaan anda, disini di contohkan menggunakan vi)
(untuk konfigurasi sesuaikan editor dengan kebiasaan anda, disini di contohkan menggunakan vi)
# vi /etc/sysctl.conf
ubahlah
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 <<<<<< ubah dari 0 menjadi 1.
ubahlah
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 <<<<<< ubah dari 0 menjadi 1.
kemudian kita edit iptables
# vi /etc/sysconfig/iptables
tambahkan NAT
*nat
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE (utk ip address 1 s/d 254)
# vi /etc/sysconfig/iptables
tambahkan NAT
*nat
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE (utk ip address 1 s/d 254)
bila kita menginnginkan tidak semua ip yg dapat terkoneksi ke internet gunakan :
-A POSTROUTING -s 192.168.10.10 -j SNAT –to-source xxx.xxx.xxx.xxx
-A POSTROUTING -s 192.168.10.10 -j SNAT –to-source xxx.xxx.xxx.xxx
Contoh lengkap :
*nat
REROUTING ACCEPT [127173:7033011]
OSTROUTING ACCEPT [31583:2332178]
:OUTPUT ACCEPT [32021:2375633]
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
atau
-A POSTROUTING -s 192.168.10.10 -j SNAT –to-source xxx.xxx.xxx.xxx
(pilih salah satu)
COMMIT
*nat
REROUTING ACCEPT [127173:7033011] OSTROUTING ACCEPT [31583:2332178]:OUTPUT ACCEPT [32021:2375633]
-A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
atau
-A POSTROUTING -s 192.168.10.10 -j SNAT –to-source xxx.xxx.xxx.xxx
(pilih salah satu)
COMMIT
*mangle
REROUTING ACCEPT [444:43563]
:INPUT ACCEPT [444:43563] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [402:144198]
OSTROUTING ACCEPT [402:144198]
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -m tos –tos Minimize-Delay
-A PREROUTING -p tcp –sport ssh -j TOS –set-tos Minimize-Delay
-A OUTPUT -p tcp –dport ssh -j TOS –set-tos Minimize-Delay
COMMIT
REROUTING ACCEPT [444:43563]:INPUT ACCEPT [444:43563] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [402:144198]
OSTROUTING ACCEPT [402:144198]-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -m tos –tos Minimize-Delay
-A PREROUTING -p tcp –sport ssh -j TOS –set-tos Minimize-Delay
-A OUTPUT -p tcp –dport ssh -j TOS –set-tos Minimize-Delay
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:icmp_packets – [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:icmp_packets – [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp –dport 22 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A INPUT -p tcp –dport 22 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -p icmp -j icmp_packets
-A FORWARD -s 10.10.10.0/24 -j ACCEPT
-A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -s 10.10.10.0/24 -j ACCEPT
-A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
-A OUTPUT -p tcp –dport 135 -j DROP
-A OUTPUT -p udp –dport 137 -j DROP
-A OUTPUT -p udp –dport 138 -j DROP
-A OUTPUT -p tcp –dport 139 -j DROP
-A OUTPUT -p tcp –dport 445 -j DROP
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp –dport 137 -j DROP
-A OUTPUT -p udp –dport 138 -j DROP
-A OUTPUT -p tcp –dport 139 -j DROP
-A OUTPUT -p tcp –dport 445 -j DROP
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 0 -j ACCEPT
-A icmp_packets -s 127.0.0.1 -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -s xxx.xxx.xxx.xxx/xx -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -s 192.168.10.0/24 -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp –icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 11 -j ACCEPT
COMMIT
-A icmp_packets -s 127.0.0.1 -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -s xxx.xxx.xxx.xxx/xx -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -s 192.168.10.0/24 -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp –icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 11 -j ACCEPT
COMMIT
Setelah selesai simpan dengan menggunakan esc : wq
Reboot PC Router dan cobalah mengkonfigurasi ip address diklien dengan address :
ip address 192.168.10.10
netmask 255.255.255.0
gateway 192.168.10.1
DNS sesuaikan dengan dns providermu
Silahkan akses internet menggunakan PC klien tadi, selamat anda telah berhasil membuat
Router NAT menggunakan Linux (Fedora)
ip address 192.168.10.10
netmask 255.255.255.0
gateway 192.168.10.1
DNS sesuaikan dengan dns providermu
Silahkan akses internet menggunakan PC klien tadi, selamat anda telah berhasil membuat
Router NAT menggunakan Linux (Fedora)
nice info
BalasHapus