IPTables – Notes

by

IPTables – GNU/LINUX

This is setup for Linux like a Router we configure DHCP Server and Configure Firewall

wan=”ens33″ //interface yang terkoneksi ke internet
lan=”ens36″ //interface lokal yang digunakan untuk dhcp server
lannet=”192.168.10.0/24″ //ip lokal untuk dhcp server
wannet=”10.10.10.0/24″ //ip wan

Flush IPTables

iptables -F
iptables -t nat -F
iptables -x

Default Policy/ Aturan Default

iptables -P INPUT DROP //yang menuju ke linux di drop/blokir
iptables -P FORWARD DROP //yang melewati linux akan di blokir (misal, dari lan ke wan)
iptables -P OUTPUT ACCEPT //mengijinkan semua output

Firewall Dest Traffic Policy

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $lan -p icmp -j ACCEPT
iptables -A INPUT -i $lan -p udp --dport 67 -j ACCEPT //udp port 67 is used by dhcp server

Network lan->wan traffic policy

iptables -A FORWARD -i $lan -s $lannet -o $wan -j ACCEPT //mengijinkan paket dari interface lan dan dari source address lannet menuju ke wan
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

NETWORK lan -> WAN NAT

iptables -t NAT -A POSTROUTING -s $lannet -o $wan -j MASQUERADE

Leave a Comment

IPTables – Notes

by

IPTables – GNU/LINUX

This is setup for Linux like a Router we configure DHCP Server and Configure Firewall

wan=”ens33″ //interface yang terkoneksi ke internet
lan=”ens36″ //interface lokal yang digunakan untuk dhcp server
lannet=”192.168.10.0/24″ //ip lokal untuk dhcp server
wannet=”10.10.10.0/24″ //ip wan

Flush IPTables

iptables -F
iptables -t nat -F
iptables -x

Default Policy/ Aturan Default

iptables -P INPUT DROP //yang menuju ke linux di drop/blokir
iptables -P FORWARD DROP //yang melewati linux akan di blokir (misal, dari lan ke wan)
iptables -P OUTPUT ACCEPT //mengijinkan semua output

Firewall Dest Traffic Policy

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $lan -p icmp -j ACCEPT
iptables -A INPUT -i $lan -p udp --dport 67 -j ACCEPT //udp port 67 is used by dhcp server

Network lan->wan traffic policy

iptables -A FORWARD -i $lan -s $lannet -o $wan -j ACCEPT //mengijinkan paket dari interface lan dan dari source address lannet menuju ke wan
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

NETWORK lan -> WAN NAT

iptables -t NAT -A POSTROUTING -s $lannet -o $wan -j MASQUERADE

Leave a Comment