Linux IP Masquerade

1. Linux IP Masquerade Onno W. Purbo onno@indo.net.id

2. Linux di COMDEX 2000

3. Referensi • HOWTO IP-Masquerade

4. RFC 1597 – IP Private • 10.x.x.x • 172.16.x.x • 192.168.x.x

5. Topologi Sederhana

6. Aktifkan IP Forwarding

7. Aktifkan IP Forwarding Edit /proc/sys/net/ipv4/ip_forward • [root@server /]# echo "1" > /proc/sys/net/ipv4/ip_forward Edit /etc/sysconfig/network • FORWARD_IPV4=true

8. Check Modul [root@server /]# cd /lib/modules/2.2.5-15/ipv4/ [root@server ipv4]# ls ip_gre.o ip_masq_ftp.o ip_masq_portfw.o ip_masq_user.o rarp.o ip_masq_autofw.o ip_masq_irc.o ip_masq_quake.o ip_masq_vdolive.o ip_masq_cuseeme.o ip_masq_mfw.o ip_masq_raudio.o ipip.o

9. Panggil Modul [root@server ipv4]# modprobe -a *

10. Check Panggil Modul [root@server ipv4]# lsmod . ip_masq_vdolive 1072 0 (unused) ip_masq_user 2312 0 (unused) ip_masq_raudio 2736 0 (unused) ip_masq_quake 1092 0 (unused) ip_masq_portfw 2256 0 (unused) ip_masq_mfw 2880 0 (unused) ip_masq_irc 1520 0 (unused) ip_masq_ftp 2352 0 (unused) ip_masq_cuseeme 816 0 (unused) ip_masq_autofw 2208 0 (unused) ip_gre 6480 0 (unused)

11. Konfig IP Forward & Firewall • ipchains -A forward -s yyy.yyy.yyy.yyy/x -j MASQ Perintah • -A menambahkan rule • -I menyisipkan (insert) rule firewall ke baris paling atas • -D menghapus rule yg telah dibuat • -s source address • -d destination address • MASQ Masquerading • DENY Mencegat

12. Contoh Masquerade • ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ • ipchains -I input -s 192.168.1.5/32 -d 0/0 -j DENY • ipchains -I input -s 192.168.1.10/32 -d 0/0 -j DENY

13. Contoh Blokir IRC • ipchains -I input -s 192.168.1.5/32 -d 0/0 6667 -j DENY -p tcp • ipchains -D input -s 192.168.1.5/32 -d 0/0 6667 -j DENY -p tcp