Friday, April 21, 2006

1. FLUSH/DEL RULES
iptables -F

2. NAT
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to 202.157.56.3

3. REDIRECT
iptables -t nat -A PREROUTING -p tcp -s 192.168.10.0/24 --dport 80 -j REDIRECT --to-port 3128 --> gateway + squid dalam satu mesin
iptables -t nat -A PREROUTING -p tcp -s 192.168.10.0/24 --dport 80 -j DNAT --to 202.149.79.50:8200 --> gateway terpisah dengan squid


4. BLOKIR CLIENT
iptables -I INPUT -s 192.168.10.5/32 -d 0/0 -j DROP

5. BLOKIR IRC
iptables -I INPUT -p tcp -s 192.168.10.5/32 -d 0/0 --destination-port 6667 -j DROP

6. BLOKIR PORT COMPLETE
for PORT in 69 111 135 137 138 139 213 445 554 1025 1034 1080 1214 2049 4000 4444 4662 4661 6257 6346 6347 6699 6700 7070 10858 31415 48523 54470
do
iptables -A FORWARD -p tcp --dport $PORT -j REJECT
iptables -A FORWARD -p udp --dport $PORT -j REJECT
done

7. REDIRECT ACCESS
iptables -t nat -A PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 192.168.10.4:3000

semua yang access lewat port 3000 otomatis ditujukan ke ip 192.168.10.4 port 3000

No comments: