Linux Inspirations

Konfigurasi Router di FreeBSD menggunakan IPFW

Posted on: 22 Februari, 2007

2. Compile kernel with aditional options for ipfw router:

3. execute at prompt:

#cd /usr/src/sys/i386/conf#cp GENERIC ROUTER

#edit ROUTER
options IPDIVERToptions IPFIREWALL

options IPFIREWALL_VERBOSE

options IPFIREWALL_FORWARD

options DUMMYNET

options HZ=1000—- end of file router5. execute at prompt:# config ROUTER# cd ../compile/ROUTER

#make depend

#make

#make install6. —- edit /etc/rc.conf —————————————————-defaultrouter=”86.124.80.1″gateway_enable=”YES”ifconfig_fxp0=”inet 83.123.213.23 netmask 255.255.255.252″ifconfig_fxp1=”inet 10.0.0.1 netmask 255.255.255.0″sshd_enable=”YES”

natd_enable=”YES”

natd_flags=””

named_enable=”YES”

natd_interface=”fxp0″

firewall_enable=”YES”

firewall_quiet=”NO”

firewall_script=”/etc/router.firewall”

firewall_logging=”YES”

inetd_enable=”YES”

kern_securelevel_enable=”NO”

7. —- edit /etc/resolv.conf ————————————————

nameserver ip_of_your_dns

—- end of resolv.conf ———————————————

8. —- edit /etc/router.firewall———————————————-

fwcmd=/sbin/ipfw$fwcmd add 00010 divert 8668 ip from any to any via fxp0

$fwcmd add 00020 allow ip from any to any via lo0

$fwcmd add 00030 deny ip from any to 127.0.0.0/8

$fwcmd add 00040 deny ip from 127.0.0.0/8 to any

$fwcmd add 50 allow ip from 10.0.0.2 to any

$fwcmd add 60 allow ip from any to 10.0.0.2

$fwcmd add 70 allow ip from 10.0.0.3 to any

$fwcmd add 80 allow ip from any to 10.0.0.3

$fwcmd add 90 allow ip from 10.0.0.4 to any

$fwcmd add 100 allow ip from any to 10.0.0.4

$fwcmd add 110 allow ip from 10.0.0.5 to any

$fwcmd add 120 allow ip from any to 10.0.0.5

$fwcmd add 35000 allow ip from me to any

$fwcmd add 35001 allow ip from any to me

—- end of router.firewall——————————————–

Comments:

fpx0 is external interface, you should assign your public ip here
fxp1 is internal interface
fxp0 and fxp1 are intel network cards, you should use your own devices here, if
you have other types of cards then your nic device will not be fxp.

To check the name of your devices type ifconfig or dmesg | more.
The file /etc/router.firewall is the firewall rule file, in this example I’ve
allowed only ips 10.0.0.2-10.0.0.5 to use the router.
In the file /etc/resolv.conf you must put your dns servers, so instead of
ip_of_your_dns here in example you should have the ip of your dns

After compiling the kernel don’t forget to reboot.

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

ABout Me!


WordPress ini sengaja saya buat untuk menulis apa yang telah saya lakukan agar saya selalu ingat, tulisan yang saya buat kebanyakan dalam bentuk tutorials configurasi linux dari hasil uji coba saya dan sebahagian di kutip dari beberapa website lain yang saya anggap perlu untuk saya tulis disini. Mudah-mudahan tutorial yang saya buat ini berguna buat pencinta linux yang lain. Salam Sejahtera.

Blog Stats

  • 120,467 hits

Linux Inspiration

%d blogger menyukai ini: