Konfigurasi – Bridge

yah… lupa lagi :(( padahal cuman gini ae

/usr/sbin/brctl addbr br0
# Tambahkan ethernet yg dipake
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# buat ethernet on
/sbin/ifconfig eth0
/sbin/ifconfig eth1

# kasih IP biar si bridge bisa di kontrol dari luar
/sbin/ifconfig br0 netmask broadcast

# tambah IP internal buat NAT
ip addr add dev br0
/sbin/route add default gw

iptables -F FORWARD
iptables -P FORWARD DROP
iptables -A FORWARD -s -d -m state –state INVALID -j DROP
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

# Limit ICMP
# iptables -A FORWARD -p icmp -m limit –limit 4/s -j ACCEPT
# Match string, a good simple method to block some VIRUS very Quickly
# iptables -I FORWARD -j DROP -p tcp -s -m string –string “cmd.exe”

# Blok koneksi MySQL
iptables -A FORWARD -p tcp -s 0/0 -d –dport 3306 -j DROP

# Linux Mail Server
# FTP-DATA ( 20 ) , FTP ( 21 ) , SSH ( 22 )
iptables -A FORWARD -p tcp -s -d –dport 20:22 -j ACCEPT

# Ijinkan Mail Server konek ke luar
iptables -A FORWARD -p tcp -s -d 0/0 -j ACCEPT

# WWW Server
# HTTP ( 80 )
iptables -A FORWARD -p tcp -s -d –dport 80 -j ACCEPT

# HTTPS ( 443 )
iptables -A FORWARD -p tcp -s -d –dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s -d 0/0 -j ACCEPT



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: