Panduan singkat tentang cara menginstal firewall bridge di centos

Sebuah panduan singkat tentang cara menginstal firewall bridge. Sebuah firewall bridge adalah firewall yang beroperasi pada layer 2. Ia bekerja pada lapisan MAC dan tidak menggunakan IP pengalamatan pada layer 3. Ini adalah cara yang bagus untuk mengintegrasikan firewall ke jaringan tanpa harus membuat perubahan jaringan besar. (hanya ada satu ip ditugaskan dan ini adalah untuk manajemen).

Anda akan membutuhkan server dengan setidaknya 2 jaringan Anda untuk uplink dan downlink.

Kami akan utilzing jaringan bridging dan kami akan bridging kedua antarmuka fisik menjadi satu virtual bridge.

sample ini menggunakan Centos 5.0.

Install Bridge-Utils —–> # yum install bridge-utils

Create and modify network scripts

Create this config file:
# /etc/sysconfig/network-scripts/ifcfg-br0

Sample:
DEVICE=br0
TYPE=Bridge
IPADDR=10.68.29.2
GATEWAY=10.68.29.1
NETMASK=255.255.255.0
ONBOOT=yes

Modify this config file:
/etc/sysconfig/network-scripts/ifcfg-eth0

Sample:
DEVICE=eth0
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes

Modify this config file:
/etc/sysconfig/network-scripts/ifcfg-eth1

Sample:
DEVICE=eth1
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes

Restart your network

# service network restart

Install and configure iptables

# yum install iptables or yum update iptables

Example iptables commands;

Example:
# Flush firewall
iptables -X firewall
iptables -X
iptables -F
iptables -Z # Setup firewall chain (all that’s being blocked goes to this chain)
iptables -N firewall
iptables -A firewall -j LOG –log-level info –log-prefix “Firewall:”
iptables -A firewall -j DROP# Setup rules INT->EXT
iptables -A FORWARD -s 10.68.29.5 -p tcp –dport 20:21 -j ACCEPT
iptables -A FORWARD -s 10.68.29.5 -p udp –dport 53 -j ACCEPT
iptables -A FORWARD -s 10.68.29.5 -p tcp –dport 53 -j ACCEPT
iptables -A FORWARD -s 10.68.29.5-p tcp –dport 80 -j ACCEPT
iptables -A FORWARD -s 10.68.29.5 -p icmp -j ACCEPT # Block anything else INT->EXT (send it to firewall chain)
iptables -A FORWARD -s 10.68.29.5 -p icmp -j firewall
iptables -A FORWARD -s 10.68.29.5 -p tcp –syn -j firewall
iptables -A FORWARD -s 10.68.29.5 -p udp -j firewall# Setup rules EXT->INT
iptables -A FORWARD -d 10.68.29.5 -p tcp –dport 80 -j ACCEPT
iptables -A FORWARD -d 10.68.29.5 -p icmp -j ACCEPT
iptables -A FORWARD -d 10.68.29.11 -p udp –sport 53 -j ACCEPT
iptables -A FORWARD -d 10.68.29.11 -p tcp –sport 53 -j ACCEPT

# Block anything else EXT->INT (send it to firewall chain)
iptables -A FORWARD -d 10.68.29.5 -p icmp -j firewall
iptables -A FORWARD -d 10.68.29.5 -p tcp –syn -j firewall
iptables -A FORWARD -d 10.68.29.5 -p udp -j firewall

Save iptables config

iptables-save > /etc/sysconfig/iptables

Show iptables config

iptables -l

 

5 thoughts on “Panduan singkat tentang cara menginstal firewall bridge di centos

  1. Mora Dziurawiec

    Whats up are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and set up my own. Do you require any coding knowledge to make your own blog? Any help would be really appreciated!

    Reply
  2. koldra

    Is it your post or maybe somebody else wrote it? Because i`m thinking about this situation and i don`t know what to think about it. I`m really confused that.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>