Senin, 13 Februari 2012
Konfigurasi Router Ubuntu
Konfigurasi Router Ubuntu
Router –> wlan0 = merupakan jalur akses ke internet
Router –> eth0 = merupakan jalur ke komputer lokal (client) dengan ip 192.168.9.1/24
Client –> Menggunakan ip 192.168.9.2 sampai 192.168.9.254
fungsi:
Sharing koneksi internet
Hanya membuka port 80 (web) dan port icmp
Anti ping flood attack
Anti Dos (denial of service)
1. Buka terminal
2. Masuk root #sudo su
3. Masuk folder home root #cd ~
4. Buat file dengan nama routing #gedit routing
5. Isi file tersebut dengan perintah-perintah berikut
#####################################
#!/bin/sh
# Menghapus semua rule
iptables -F
iptables -X
# Menentukan default police DROP All
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# set FORWARD rules
iptables -A FORWARD -s 192.168.9.0/24 -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -d 192.168.9.0/24 -i wlan0 -o eth0 -j ACCEPT
# set port 80 rules
iptables -A INPUT -j ACCEPT -p tcp –sport 80 -d 0/0
iptables -A INPUT -j ACCEPT -p tcp –dport 80 -d 0/0
iptables -A OUTPUT -j ACCEPT -p tcp –sport 80 -s 0/0
iptables -A OUTPUT -j ACCEPT -p tcp –dport 80 -s 0/0
iptables -A FORWARD -s 192.168.9.0/24 -p tcp –dport 80 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -d 192.168.9.0/24 -p tcp –sport 80 -i ppp0 -o eth0 -j ACCEPT
# set ICMP rules
iptables -A INPUT -p ICMP –icmp-type 8 -s 0/0 -d 0/0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p ICMP –icmp-type 0 -s 0/0 -d 0/0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p ICMP –icmp-type 8 -s 0/0 -d 0/0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p ICMP –icmp-type 0 -s 0/0 -d 0/0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
# Penghancur ping flood attack
iptables -N pingfloodjahat
iptables -A INPUT -p icmp -j pingfloodjahat
iptables -A pingfloodjahat -m limit –limit 1/s –limit-burst 2 -j ACCEPT
iptables -A pingfloodjahat -j DROP
# Pemusnah SYN flood attack (Denial of Service)
iptables -N synsampah
iptables -A INPUT -p tcp –syn -j synsampah
iptables -A synsampah -m limit –limit 1/s –limit-burst 3 -j ACCEPT
iptables -A synsampah -j DROP
# set Sharing Internet
iptables -t nat -A POSTROUTING -s 192.168.9.0/24 -d 0/0 -j MASQUERADE
# set OpenDNS
ipserver=”0/0″
ipdns=”8.8.8.8 8.8.4.4″
for ip in $ipdns
do
iptables -A INPUT -p udp -s 0/0 –sport 1024:65535 -d $ipserver –dport 53 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s $ip –sport 53 -d $ipserver –dport 1024:65535 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $ipserver –sport 53 -d 0/0 –dport 1024:65535 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $ipserver –sport 1024:65535 -d 0/0 –dport 53 -m state –state NEW,ESTABLISHED -j ACCEPT
done
##############################################
6. Save file tersebut, kemudian keluar dari editor gedit
7. Ubah hak akses dengan perintah #chmod u+x routing
8. Jalankan file tersebut dengan perintah #./routing
9. Cek koneksi klient ke router denagn ping
10. Cek koneksi internet client
Langganan:
Postingan (Atom)