Faisal Corner’z

Defend me, God, from myself

Linux Bridge Basic

Cara membuat bridge di linux, di umpamakan akan di buat ip bridge 192.168.1.1, jangan lupa pasang gateway agar fungsi bridge berjalan.

# brctl addbr br0

# ifconfig eth0 down
# ifconfig eth1 down
# ifconfig eth2 down

# addif br0 eth0
# addif br0 eth1
# addif br0 eth2

# ifconfig br0 192.168.1.1

# ifconfig eth0 0.0.0.0 up
 # ifconfig eth1 0.0.0.0 up
# ifconfig eth2 0.0.0.0 up

# ifconfig br0 up

# route add default gw 192.168.1.1 br0

Untuk melihat bridge sudah berjalan, gunakan perintah netstat -i

# netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
br0        1500   0   105139      0      0      0    78613      0      0      0 BMRU
eth0       1500   0   923738     13    370     13   737339      3      0      3 BMRU
eth1       1500   0   143691      0      0      0   166542      4      0      4 BMRU
eth2       1500   0   134115      0      0      0   220353      4      0      4 BMRU

Tambahkan di iptables untuk meng accept semua trafic, flush semua yg ada di firewall. Ini beberapa contoh apabila kita ingin memblock port 111 di bridge

# iptables -F
# iptables -A INPUT -i br0 -p tcp  –dport 111 -d 192.168.1.1-m physdev  –physdev-is-in -j DROP
# iptables -A INPUT -i br0 -p udp  –dport 111 -d 192.168.1.1-m physdev  –physdev-is-in -j DROP

# iptables -A FORWARD -i br0 -p tcp –dport 111 -m physdev –physdev-in eth2 –physdev-out eth1 -j DROP

# ebtables -A FORWARD -s 00:0b:db:c3:39:24 -j DROP

Advertisements

November 9, 2008 - Posted by | Linux Basic

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: