Академический Документы
Профессиональный Документы
Культура Документы
1.ROUTER
auto eth1
iface eth1 inet static
address 192.168.11.71
netmask 255.255.255.0
network 172.168.11.0
broadcast 192.168.11.255
3.edit rc.local from directory /etc for MASQUERADE iptables and setting firewall in router
---------> perintahnya nano /etc/rc.local
# Enable IP Forward
#—————————————————————
echo “1? > /proc/sys/net/ipv4/ip_forward
#—————————————————————
# Module kernel for Connection Tracking NAT FTP
#—————————————————————
modprobe ip_nat_ftp
#—————————————————————
# Flush all rules
#—————————————————————
/sbin/iptables -F
/sbin/iptables -t nat -F
#—————————————————————
# NAT
#—————————————————————
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#—————————————————————
# Default policy “Block ALL”
#—————————————————————
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
#—————————————————————
# The loopback interface should accept all traffic
#—————————————————————
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#—————————————————————
# INPUT (Protect Our Router from Outside)
#—————————————————————
/sbin/iptables -I INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp –dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp –dport 161:162 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
#—————————————————————
# FORWARD (Allowed specific port services on outside)
#—————————————————————
/sbin/iptables -I FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 20:21 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 22 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 25 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 53 -j ACCEPT
/sbin/iptables -A FORWARD -p udp –dport 53 -j ACCEPT
/sbin/iptables -A FORWARD -p udp –dport 67 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 110 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 143 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 443 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 5050 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 5100 -j ACCEPT
/sbin/iptables -A FORWARD -p icmp -j ACCEPT
#—————————————————————
# OUTPUT (Allowed specific access from Our Router to Outside)
#—————————————————————
/sbin/iptables -I OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp –dport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp –dport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp -j ACCEPT
5. DHCP configuration
* install dhcp3 with command #apt-get install dhcp3-server
* edit file filter from directory /etc/network
change
ip_subnet=192.16.3.3/29
* type command line to root #chmod 0775 /etc/network/filter
* edit file dhcpd.conf from directory /etc/dhcp3
change
subnet 192.168.1.0
netmask 255.255.255.0 {
range 192.168.1.1 192.168.1.50;
option domain-name "smkn1.co.id";
deny unknown-clients;
}
* restart service dhcp with command line #/etc/init.d/dhcp3-server restart
2. SERVER
1.network configuration
* edit interfaces from directory /etc/networking
auto eth0
iface eth1 inet static
address 192.168.11.71
netmask 255.255.255.0
network 172.168.11.0
broadcast 192.168.11.255
2. DNS configuration
zone "www.smkn1.co.id" {
type master;
file "/etc/bind/db.smkn1.co.id"; };
* edit file named.conf.local to directory /etc/bind
zone "smkn1.co.id" {
type master;
file "/etc/bind/db.smkn1.co.id";
};
zone "11.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};
5.MAIL Server
documentroot /usr/share/squirrelmail
servername mail.nama_domain.com
documentroot /var/www/
servername www.nama_domain.com
6. FTP SERVER
listen=YES
anonymous_enable=YES
local_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftp
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=ftp
banner_file=/etc/vsftpd.banner
dirmessage_enable=YES
message_file=welcome.msg
deny_email_enable=YES
banned_email_file=/etc/vsftpd.banned_emails
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd_user
write_enable=YES
max_clients=50
max_per_ip=5
6.tambah user uploader
perintahnya #adduser uploader
jawab pertanyaan2 yang diajukan
7.cari dan Rubah home directory user tersebut dengan edit file /etc/passwd