Custome iptables

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

iptables -P INPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -P OUTPUT ACCEPT

iptables -A INPUT -m state --state INVALID -j DROP

iptables -A INPUT -s 10.0.0.0/8 -j DROP

iptables -A INPUT -s 172.16.0.0/12 -j DROP

iptables -A INPUT -s 192.168.0.0/16 -j DROP

iptables -A INPUT -s 169.254.0.0/16 -j DROP

iptables -A INPUT -s 127.0.0.0/8 -j DROP

iptables -A INPUT -s 224.0.0.0/4 -j DROP

iptables -A INPUT -d 224.0.0.0/4 -j DROP

iptables -A INPUT -s 240.0.0.0/5 -j DROP

iptables -A INPUT -d 240.0.0.0/5 -j DROP

iptables -A INPUT -s 0.0.0.0/8 -j DROP

iptables -A INPUT -d 0.0.0.0/8 -j DROP

iptables -A INPUT -d 239.255.255.0/24 -j DROP

iptables -A INPUT -d 255.255.255.255 -j DROP

iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -m comment --comment "Drop all traffic to 127 that doesn't use lo"

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow all incoming on established connections"

iptables -A INPUT -j ACCEPT -m comment --comment "Accept all incoming"

iptables -A INPUT -i lo -j ACCEPT -m comment --comment "Allow all loopback traffic"

iptables -A FORWARD -m state --state INVALID -j DROP

iptables --append FORWARD --in-interface eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 172.16.0.0/12 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE

iptables -A OUTPUT -m state --state INVALID -j DROP

iptables -A OUTPUT -j ACCEPT -m comment --comment "Accept all outgoing"

iptables -t nat -A POSTROUTING -s 172.16.11.0/24 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 172.16.12.0/24 -j MASQUERADE

iptables -I INPUT -s 172.16.0.0/12 -i ppp0 -j ACCEPT

iptables -I INPUT -s 172.16.0.0/12 -i ppp+ -j ACCEPT

iptables --append FORWARD --in-interface eth0 -j ACCEPT

################ PENTING BANGET!!!! #################

iptables-save

iptables-restore -t < /etc/iptables/rules.v4

netfilter-persistent save

netfilter-persistent reload

#####################

##########Restart service lebih pasti!

/etc/init.d/pptpd restart

/etc/init.d/xl2tpd restart

/etc/init.d/strongswan restart

sudo /etc/init.d/networking restart

###############

Configure ip forwarding

/etc/sysctl.conf

/etc/sysctl.conf
1
net.ipv4.ip_forward=1

run commands

Commands
1
sysctl -p

/etc/rc.local

/etc/rc.local
1
2
iptables -t nat -A POSTROUTING -s 192.168.210.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s 192.168.210.0/24 -j TCPMSS --set-mss 1356

run commands

Commands
1
/etc/rc.local

Reload services

run commands

Commands
1
2
3
/etc/init.d/pptpd restart
/etc/init.d/ipsec restart
/etc/init.d/xl2tpd restart

Catatan Si Arie

Search This Blog