Konfigurasi – Bridge



yah… lupa lagi :(( padahal cuman gini ae

/usr/sbin/brctl addbr br0
# Tambahkan ethernet yg dipake
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# buat ethernet on
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# kasih IP biar si bridge bisa di kontrol dari luar
/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.32

# tambah IP internal buat NAT
ip addr add 192.168.0.1/24 dev br0
/sbin/route add default gw 62.3.3.25

IPTABLES nya
iptables -F FORWARD
iptables -P FORWARD DROP
iptables -A FORWARD -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -m state –state INVALID -j DROP
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

# Limit ICMP
# iptables -A FORWARD -p icmp -m limit –limit 4/s -j ACCEPT
# Match string, a good simple method to block some VIRUS very Quickly
# iptables -I FORWARD -j DROP -p tcp -s 0.0.0.0/0 -m string –string “cmd.exe”

# Blok koneksi MySQL
iptables -A FORWARD -p tcp -s 0/0 -d 62.3.3.0/24 –dport 3306 -j DROP

# Linux Mail Server
#
# FTP-DATA ( 20 ) , FTP ( 21 ) , SSH ( 22 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.27/32 –dport 20:22 -j ACCEPT

# Ijinkan Mail Server konek ke luar
iptables -A FORWARD -p tcp -s 62.3.3.27/32 -d 0/0 -j ACCEPT

# WWW Server
#
# HTTP ( 80 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 –dport 80 -j ACCEPT

# HTTPS ( 443 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 –dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 62.3.3.28/32 -d 0/0 -j ACCEPT

sumber:
http://www.linuxsecurity.com/docs/harden-doc/html/securing-debian-howto/ap-bridge-fw.en.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: