Lingkage program

secure by default pf.conf

Posted on: May 19, 2007

Begins

mungkin udah banyak yang kenal dengan os yang satu ini, siapa orang yang masih meragukan ketangguhan os ini untuk di jadikan sebagai server, semboyannya ajah secure by default, yang secara harfiah diartikan pengamanan system standar ( diamanin udeh dari sononye)  untuk lebih detailnya  klik disini

o0 seting gateway

di sini gua bakalan ngebahas cara menseting gateway di openBSD, sebelumnya saya sarankan untuk mengikuti petunjuk di sini


sebaiknya anda mengetahui dulu nama dari NIC ( ethernet card) yang telah terselip dengan nista di pojokan mobo anda dengan cara,
#ifconfig
lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
xl0: flags=8843 mtu 1500
lladdr 00:a0:24:a9:39:de
groups: egress
media: Ethernet autoselect (10baseT)
status: active
inet 222.124.159.210 netmask 0xfffffff8 broadcast 222.124.159.215
inet6 fe80::2a0:24ff:fea9:39de%xl0 prefixlen 64 scopeid 0x1
xl1: flags=8843 mtu 1500
lladdr 00:10:4b:cd:c0:f8
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.251.1 netmask 0xfffffffc broadcast 192.168.251.3
inet6 fe80::210:4bff:fecd:c0f8%xl1 prefixlen 64 scopeid 0x2
pflog0: flags=141 mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536

di situ terlihat lo0 (hanya sebagai loopback) xl0, xl1 dan xl2 itu adalah nama-nama NIC (hostname), yang terselip dengan nista di mobo milik gua, cara masukin IPnya pun gampang banget loe tinggal edit ajah langsung di /etc/hostname.xl0 ( baca:contoh)

#nano /etc/hostname.xl0
kalo di mesin servernya sudah terdapat nano sebagai editor, apabila belum bisa menggunakan commands vi

#vi /etc/hostname.xl0

inet 222.124.159.210 255.255.255.248 NONE

setelah memasukan IPnya kedalam masing-masing hostname, sekarang kita forward di /etc/sysctl.conf
# sysctl net.inet.ip.forwarding=1

net.inet.ip.forwarding: 0 -> 1

setelah di forward, kita tinggal menseting /etc/pf.conf nya

#nano -w /etc/pf.conf

#       $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="xl0" # NIC OUT
int_if="xl1" # NIC IN
ip_public="222.124.159.210"

#table  persist
#table  persist

#set skip on lo

#scrub in
nat on $ext_if from !($ext_if) -> $ip_public

------------------------------------

fungsi NAT tujuan utamanya adalah mentranslatekan IP private ke IP public
setelah itu tinggal menload pf.conf nya..

#pfctl -f /etc/pf.conf

#pfctl -sn
nat on xl0 inet from ! (xl0) to any -> 222.124.159.210

oO commands dasar load pf.conf
     # pfctl -f /etc/pf.conf     Load the pf.conf file
     # pfctl -nf /etc/pf.conf    Mengecek parse, ada yang erroe atau tidaknya
     # pfctl -Nf /etc/pf.conf    Hanya meload NAT
     # pfctl -Rf /etc/pf.conf    Hanya meload filter 

     # pfctl -sn                 melihat hasil nat
     # pfctl -sr                 melihat hasil filter 
     # pfctl -ss                 melihat status table
     # pfctl -si                 melihat staut filter dan counters
     # pfctl -sa                 melihat semuanya yg dapat di tampilkan

setelah itu editlah /etc/rc.local

# set the following to "YES" to turn them on
rwhod=NO
nfs_server=YES          # see sysctl.conf for nfs client configuration
lockd=NO
amd=NO
pf=YES                  # Packet filter / NAT
portmap=NO              # Note: inetd(8) rpc services need portmap too
inetd=YES               # almost always needed
check_quotas=YES        # NO may be desirable in some YP environments

krb5_master_kdc=NO      # KerberosV master KDC. Run 'info heimdal' for help.
krb5_slave_kdc=NO       # KerberosV slave KDC.
afs=NO                  # mount and run afs

lalu reboot mesinnya... lihat apakah sudah berhasil connect atau belum.. kalo belum
silahkan comments di sini

regards

1 Response to "secure by default pf.conf"

BEWARE OF THE CIALIS. Aggiunto: 24 settembre 2007. BEWARE OF THE CIA
LIS (meno dettagli). Aggiunto: 24 settembre 2007. Categoria: Video divertenti GrigioTorino Bacheca: Annunci gratuiti per chi vuole cercare e trovare casa, lavoro, incontri ed eventi nella tua citta. dove comprare viagra

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


  • Order Xtrasize: Hi there, all is going well here and ofcourse every one is sharing facts, that's in fact fine, keep up writing.
  • chatroulette: I am curious to find out what blog system you're using? I'm experiencing some small security issues with my latest site and I would like to find s
  • 3:00 AM: Hello! Do you know if they make any plugins to protect against hackers? I'm kinda paranoid about losing everything I've worked hard on. Any suggest

Categories

%d bloggers like this: