Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Firewall

    Încărcat de

    pongelkeren
    35 vizualizări4 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    35 vizualizări4 pagini

    Firewall

    Încărcat de

    pongelkeren

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    Berikut saya akan menjelaskan beberapa konfigurasi linux # Membuat IP Permanen vi /etc/sysconfig/network/ifcfg-eth0 >klik tombol insert >Ubah seperti

    ini BOOTPROTO='static' BROADCAST='192.168.10.254' ETHTOOL_OPTIONS='' IPADDR='192.168.10.1' MTU='' NAME='AMD PCnet - Fast 79C971' NETMASK='255.255.255.0' NETWORK='' REMOTE_IPADDR='' STARTMODE='auto' USERCONTROL='no' # cara keluarmenyimpan configurasi = esc > :wq # cara keluar tanpa menyimpan konfigurasi = esc > :q # Cara mengubah konfigure Firewall yast > Securety and user > Firewall > Allowed Service > # Cara membuat Folder mkdir martin # cara pindah dari folder cd.. # Cara mngecek flash disk mount /dev/sd > klik tab 2 kali # Cara mamasukan flah disk mount /dev/sdc1 /media/martin # Cara mengeluarkan flah disk umount /media/ukirindo/ # Cara melihat isi flash disk cd /media/martin > ls # ls membaca folder > cara mengkopi cp lowongan3.html /media # Cara nginstal di linux tar xvfz xampp-linux-1.6.6.tar.gz -C /opt /opt/lampp/lampp start /opt/lampp/lampp stop untuk menghentikan konfigurasi # Remote telnet init 0 Shutdown init 6 restart # Uninstal Programe cd /opt/lampp rm -rf * # Konfigure Squid or Proxy Server vi /etc/squid/squid.conf >> Menuju halaman 2439

    IP Fungtion Lalu edit : acl Martin src 192.168.10.0/255.255.255.0 Port Fungtion : http_port 8080 >> pada halaman 82 # Squid Fungtion service squid start untuk start service squid stop Untuk stop service squid status untuk melihat status ss -ap Mengcek service berjalan 1. Beda Limit Bandwidth Siang dan Malam Bandwidth = 06:00am Bandwidth = 18:00pm #name= Siang #name= Malam Buat Jadwal #name= Siang on-event=Siang start-date=may/15/2008 start-time=06:00:00 interval=1d #name= Malam on-event=Malam start-date=may/15/2008 start-time=18:00:00 interval=1d 2. Amankan Client Anda /ip firewall filter add chain=forward connection-state=established comment="allow established connec tions" add chain=forward connection-state=related comment="allow related connections" add chain=forward connection-state=invalid action=drop comment="drop invalid con nections" Menu Block Allow and Drop add chain=forward action=accept protocol=tcp dst-port=80 comment="Allow HTTP" add chain=forward action=accept protocol=tcp dst-port=25 comment="Allow SMTP" add chain=forward protocol=tcp comment="allow TCP" add chain=forward protocol=icmp comment="allow ping" add chain=forward protocol=udp comment="allow udp" add chain=forward action=drop comment="drop everything else" 3. IP MAGLE untuk memisahkan bandwhich game dan browsing /ip address add address=10.10.10.2/30 interface=ether1 comment=ISP 1 for IIX disabled=no add address=20.20.20.2/30 interface=ether2 comment=ISP 2 for Internasional disab led=no add address=192.168.0.1/24 interface=ether3 disabled=no /ip firewall mangle add chain=prerouting src-address=192.168.0.0/24 dst-address-list=nice action=mar k-routing new-routing-mark=iix disabled=no comment=Routing Mark for IIX /ip route add gateway=20.20.20.1 add gateway=10.10.10.1 routing-mark=iix /ip firewall nat add chain=srcnat action=masquerade disabled=no 4. Membuat Router pada OpenSUSE Mengaktifkan fungsi routing # echo 1>/proc/sys/net/ipv4/ipforward 18:00pm 06:00am 1Mbps. <Max-Limit> 2Mbps.

    source=/queue simple enable Siang; /queue simple disable Malam source=/queue simple enable Malam; /queue simple disable Siang

    Membuat routing dengan target berupa sebuah network # route add -net 168.155.121.0/24 gw 165.155.121.1 Membuat routing table # iptables -t nat -A POSTROUTING -s 165.155.121.0/24 -j MASQUERADE Menyimpan iptables # iptables-save > /etc/sysconfig/iptables-net Agar iptables langsung start saat komputer baru hidup, # mcedit /etc/init.d/network tambahkan iptables-restore < /etc/sysconfig/iptables-net 5. PC Router + firewall 2. Mengaktifkan IP Forwarding # echo 1 > /proc/sys/net/ipv4/ip_forward 3. Menginstall aplikasi bridge-utils # apt-get install bridge-utils 4. Mengaktifkan device bridge (br0) # brctl addbr br0 # brctl addif br0 eth0 # brctl addif br0 eth1 # ifconfig eth0 0 # ifconfig eth1 0 5. Memberikan IP pada perangkat bridge dengan cara static atau dhcp # ifconfig br0 10.252.108.100 netmask 255.255.255.0 atau # dhclient br0 1. Install aplikasi iptables # apt-get install iptables 2. Hapus semua rule iptables pada PC router # iptables -F # iptables -t nat -F 3. Rubah chain pada firewall menjadi default ACCEPT # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT 4. Catat rule hasil firewall # iptables -nL Contoh bloking jalur ping : # iptables -I FORWARD -s 0.0.0.0/0 -d 0.0.0.0/0 -p icmp -j DROP Contoh bloking jalur web : # iptables -I FORWARD -d sembarang.com -p tcp -dport 80 -j DROP Untuk menghitung jumlah paket yg tertangkap: #iptables -nvL 6. Router warnet a. Menconfigurasi IP eth0 # vi /etc/sysconfig/network-scripts/ifcfg-eth0 isi dengan :

    DEVICE=eth0 BOOTPROTO=static IPADDR=202.159.121.2 BROADCAST=202.159.121.7 NETMASK=255.255.255.248 ONBOOT=yes USERCTL=no b. Setting DNS Resolver # vi /etc/resolv.conf lalu isi dengan nameserver dari isp kita tadi : nameserver 202.159.0.10 nameserver 202.159.0.20 Setting IP Forwarding Believed or not "Up to you"

    S-ar putea să vă placă și