Kompile kernel freebsd

Posted by: pufferfish on: December 16, 2006

• In: FreeBSD
• 1 Comment

firewall with ipfw

sebelum kita memulai dengan firewall/ipfw sebaiknya kita kompilasi dulu kernel kita supaya support terhadap FIREWALL dan NATD, natd disini supaya server kita dapat memberikan layanan internet kepada client kita

freebsd $ cd /usr/src/sys/i386/conf
freebsd $ cp GENERIC kernelku
freebsd $ ee kernelku
edit atau tambahkan pada file kernelku
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options TCP_DROP_SYNFIN

freebsd # config kernelku

freebsd # cd ../compile/kernelku

freebsd # make depend

freebsd # make

freebsd # make install

freebsd # cd /etc/

freebsd # cp rc.firewall rc.firewall.old

sekarang kita buat file /etc/ipfw.rules

freebsd $ ee /etc/ipfw.rules

contoh sederhana untuk lebih jelasnya silahkan untuk ke
http://people.freebsd.org/~jkb

add divert natd all from any to any via rl0
add 400 pass all from any to any via rl1
add 600 pass tcp from any to any out xmit rl0 setup
add 700 pass tcp from any to any via rl0 established
add 800 pass tcp from any to any 80 setup
add 900 pass tcp from any to any 21 setup
add 900 pass tcp from any to any 22 setup
add 1000 pass tcp from any to any 25 setup
add 1100 pass tcp from any to any 110 setup
add 1100 pass tcp from any to any 113 setup
add 1200 pass tcp from any to any 53 setup
add 1300 pass udp from any to any 53 out xmit rl0
add 1400 pass udp from any 53 to any in recv rl0
add 2000 divert 32000 ip from any to any via rl1
add allow all from any to any via rl1
add allow all from me to any

freebsd #chmod 400 ipfw.rules

freebsd # cp /usr/src/sbin/natd/samples/natd.cf.sample

/usr/local/etc/natd.cf

edit pada bagian /usr/local/etc/natd.cf

freebsd # ee /usr/local/etc/natd.cf

use_socket yes
same_socket yes
interface rl0
dynamic yes

freebsd #

sekarang kita edit atau tambahkan pada /etc/rc.conf

freebsd # ee /etc/rc.conf

ifconfig_lo0=”inet 127.0.0.1″

ifconfig_rl0=”” ‘untuk dinamic biarkan kosong (DHCP)’

network_interfaces=”rl1 rl0 lo0″

firewall_enable=”YES”

firewall_script=”/etc/rc.firewall”

firewall_type=”/etc/ipfw.rules”

natd_enable=”YES”

natd_interface=”rl0″

natd_flags=”-f /usr/local/etc/natd.cf”

ppp_enable=”YES”

ppp_mode=”auto”

ppp_nat=”YES”

ppp_profile=”demand”

sekarang kita coba restart komputer kita

freebsd # shutdown -r now

pastikan tidak terjadi error bila terjadi error catat baik-baik errornya

kira-kira gitu cara mengkompile kernel

Advertisements