Kamis, Mei 24, 2007

Step-by step config GW

Pagi ini 2 kompie di kantor mati bareng-bareng :( NS karena HDD dah mau Mati dan 1 lagi GW yang tiba2 Mobo nya ngak kenal sama Hardisknya.
Terpaksa buat lagi GW baru, padahal config belum sempet di backup, ya gini kalo servernya "built up" hehhee ... ini sekarang step-by step config server but gw

1.install debby
2.Install shorewall
2.Install Squid, squidguard dan sarg


SHOREWALL
Karena konfigurasi kampus agak njlimet dan aneh :D butuh tuning up shorewall
file interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,tcpflags,norfc1918,routefilter,nosmurfs,logmartians
- eth1 detect tcpflags,detectnets,nosmurfs
locw eth2 detect tcpflags,detectnets,nosmurfs

ket:
eth1 ntar melayanai koneksi internal kampus
eth2 ke warnet
eth0 ke inet
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
locw ipv4
loc1 ipv4
loc2 ipv4
loc3 ipv4
loc4 ipv4

loc1 s/d 4 adalah lokal kampus dan locw warnet

file hosts
loc1 eth1:10.15.74.32/27
loc2 eth1:10.15.74.64/27
loc3 eth1:10.15.74.96/27
loc4 eth1:10.15.74.128/27

file Policy
# on your firewall, change the loc to net policy to REJECT info.
loc1 net ACCEPT
loc1 $FW REJECT info
loc1 all REJECT info

loc2 net ACCEPT
loc2 $FW REJECT info
loc2 all REJECT info

loc3 net ACCEPT
loc3 $FW REJECT info
loc3 all REJECT info

loc4 net ACCEPT
loc4 $FW REJECT info
loc4 all REJECT info

locw net ACCEPT
locw $FW REJECT info
locw all REJECT info

File Rules

file zones

Tidak ada komentar: