untuk Firewal langsung aja seting di IP tables
" /etc/iptables.active "
konfigurasi:
############################## FILTER/FORWARD #######################
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:CLIENT-BEBAS - [0:0]
:CLIENT-BLOK - [0:0]
:TUJUAN-BEBAS - [0:0]
:TUJUAN-BLOK - [0:0]
######################################################
#########################udp
-A INPUT -p gre -j ACCEPT
-A FORWARD -p 47 -j ACCEPT
-A FORWARD -o eth0 -p udp -m multiport --dports 20,21,25,35,80,81,110,137,139,389 -j ACCEPT
-A FORWARD -o eth1 -p udp -m multiport --dports 20,21,25,35,80,81,110,137,139,389 -j ACCEPT
-A FORWARD -o eth0 -p udp -m multiport --dports 20,21,25,35,80,81,110,137,139,1723 -j ACCEPT
-A FORWARD -o eth0 -p udp -m multiport --dports 587,5938 -j ACCEPT
-A FORWARD -o eth1 -p udp -m multiport --dports 587,5938 -j ACCEPT
-A FORWARD -o eth0 -p udp -m multiport --dports 143,399,443,445,465,515,631,3389,8291,5190,5222 -j ACCEPT
-A FORWARD -o eth0 -p udp -m multiport --dports 5000,6900,1194 -j ACCEPT
# DROP anything else
-A FORWARD -p tcp -m tcp --dport 137:139 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 445 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 39445 -j DROP
############################ Log All Traffic #########################
#-A FORWARD -p ! icmp -m state --state NEW,RELATED -j LOG --log-prefix "[ROUTER-ANDY] : " --log-level info
#################### Port TCP Allow #####################################
-A FORWARD -o eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -p tcp -m multiport --ports 5050,110,domain,www,https,4899,3389,2121,8000,9191,21,995,5100,1863 -j ACCEPT
-A FORWARD -o eth0 -p tcp -m multiport --ports 5190,5222,42000,42001,42002,42003,42004,42005,42006,42007,42008,42009,42010,25,465 -j ACCEPT
-A FORWARD -o eth0 -p tcp -m multiport --ports 137,139,80,1723,42011,42012,42013,42014,42015,1194,587,5938 -j ACCEPT
-A FORWARD -o eth1 -p tcp -m multiport --ports 587,5938 -j ACCEPT
##################### CLIENT BEBAS #######################################
-A CLIENT-BEBAS -d 192.168.2.14 -j ACCEPT
-A CLIENT-BEBAS -s 192.168.2.14 -j ACCEPT
#################### ICMP Protocol #######################################
-A FORWARD -o eth0 -p icmp -j ACCEPT
-A FORWARD -d 10.1.1.242 -p icmp -j ACCEPT
-A FORWARD -p 47 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
################## Drop All ###############################################
-A FORWARD -o eth0 -j DROP
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.3.1/24 -o eth0 -j SNAT --to-source 192.168.2.1
###################TRANSPARENT PROXY#####################
-A PREROUTING -s 192.168.3.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
############### Remote to Internal Server ##################################
############ Encapculation to External ###################################
:OUTPUT ACCEPT [0:0]
COMMIT
############################## MANGLE ##############################
*mangle
REROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
COMMIT
##########################
#Catatan :
# kita tinggak set port TCP / UDP yg diijinkan atau di tutup... [ada dalam keterangan]
###########################
Setelah sudah di set konfigurasi diatas jangan lupa restore konfigurasi IPTABLESNYA dengan cara
" iptables-restore </etc/iptables.active "
Setelah itu Server sudah bisa dipakai.jangan lupa di rc.local dan resolv.conf dikofigurasi jg.
SATU LAGI YANG GA KALAH PENTING Jangan Lupa Taro jg di
"/etc/network/interfaces "
agar kalo PC Klo mati atau restare IP Tables tetap terbaca dengan menambahkan
"pre-up iptables-restore < /etc/iptables.active"
################################
PLEASE HELP US SHARE THIS ARTICLE
About the Author
0Awesome Comments!