1. donlot shorewall , yg tar aja.
2. tar -xvjf shorewall-4.4.13.tar.bz2 terus ./install.sh
3. vim /etc/shorewall/shorewall.conf
startup enable=Yes
4.kemudian ke vim/etc/shorewall/zones
fw firewall
net ipv4
loc ipv4
5.vim /etc/shorewall/interfaces
net eth0 detect
loc eth1 detect
6. pada /etc/shorewall/policy :
fw all ACCEPT
loc all ACCEPT
net all DROP info
all all REJECT info
7, pada bagian /etc/shorewall/rules :
ACCEPT loc loc icmp
ACCEPT loc loc tcp
ACCEPT loc loc udp
ACCEPT loc fw icmp
ACCEPT loc fw udp
ACCEPT loc fw tcp
ACCEPT loc net icmp
ACCEPT loc net udp
ACCEPT loc net tcp
ACCEPT fw loc icmp
ACCEPT fw loc tcp
ACCEPT fw loc udp
ACCEPT fw fw icmp
ACCEPT fw fw udp
ACCEPT fw fw tcp
ACCEPT fw net icmp
ACCEPT fw net udp
ACCEPT fw net tcp
REDIRECT loc 3128 tcp 80
8. pada bagian /etc/shorewall/masq
eth0 eth1
9. service network restart
=======================================
kombinasi shorewall+squid transparent
=======================================
1. siapkan squidnya yang sudah berjalan semestinya
2. pada bagian "http_port 3128" dibelakangna ditambahkan kata "transparent"
3. pada shorewall tambahkan "REDIRECT loc 3128 tcp 80"
No comments:
Post a Comment