Cara Single IP Public dengan metode NAT


Status
Not open for further replies.
Rockman

Rockman

Hosting Guru
Verified Provider
GPLHosting said:
pak kyai, coba paste kesini hasil dari perintah (dinode) : iptables-save
Click to expand...
Code: 
[root@s110798 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Fri Sep 22 04:44:45 2017
*nat
:PREROUTING ACCEPT [18681:1101397]
:POSTROUTING ACCEPT [11633:821584]
:OUTPUT ACCEPT [15839:1138492]
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p tcp -j MASQUERADE --to-p                                                                                        orts 1024-65535
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p udp -j MASQUERADE --to-p                                                                                        orts 1024-65535
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --                                                                                        to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --                                                                                        to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -o vmbr0 -j MASQUERADE
COMMIT
# Completed on Fri Sep 22 04:44:45 2017
# Generated by iptables-save v1.4.7 on Fri Sep 22 04:44:45 2017
*mangle
:PREROUTING ACCEPT [2028249:328574317]
:INPUT ACCEPT [177586:131882598]
:FORWARD ACCEPT [1850970:196741798]
:OUTPUT ACCEPT [182862:72954329]
:POSTROUTING ACCEPT [2033315:269627746]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Sep 22 04:44:45 2017
# Generated by iptables-save v1.4.7 on Fri Sep 22 04:44:45 2017
*filter
:INPUT ACCEPT [76908:94203004]
:FORWARD ACCEPT [605:113444]
:OUTPUT ACCEPT [182862:72955237]
-A INPUT -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 111,662,892,1515,2049,3389,32803 -j ACCEPT                                                                                       
-A INPUT -p udp -m multiport --dports 662,892,2049,3389,32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900:16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49261 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 111,662,892,1515,2049,32803 -j ACCEPT
-A INPUT -p udp -m multiport --dports 662,892,2049,32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900:16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49261 -j ACCEPT
-A INPUT -p udp -m udp --dport 5404:5405 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21064 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 41966:41969 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50006:50009 -j ACCEPT
-A INPUT -p udp -m udp --dport 50007 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -o virbr1 -m state --state RELATED,ESTABLISHED -j A                                                                                        CCEPT
-A FORWARD -s 192.168.0.0/24 -i virbr1 -j ACCEPT
-A FORWARD -i virbr1 -o virbr1 -j ACCEPT
-A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j                                                                                         ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -j ACCEPT
COMMIT
ini hasil nya...
 
Rockman

Rockman

Hosting Guru
Verified Provider
Saya membuatnya seperti ini :

IFCONFIG
Code: 
[root@s110798 /]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1E:4F:B3:3C:2E
          inet6 addr: fe80::21e:4fff:feb3:3c2e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1659590 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1183091 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:756426332 (721.3 MiB)  TX bytes:161349111 (153.8 MiB)
          Interrupt:21 Memory:fe9e0000-fea00000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:88865 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88865 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:40297982 (38.4 MiB)  TX bytes:40297982 (38.4 MiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:96:A5:29
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr1    Link encap:Ethernet  HWaddr 52:54:00:30:26:B4
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1057479 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1506168 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:95228586 (90.8 MiB)  TX bytes:646808040 (616.8 MiB)

vmbr0     Link encap:Ethernet  HWaddr 00:1E:4F:B3:3C:2E
          inet addr:107.150.58.150  Bcast:107.150.58.151  Mask:255.255.255.252
          inet6 addr: fe80::21e:4fff:feb3:3c2e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1581733 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1175095 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:720883521 (687.4 MiB)  TX bytes:152804730 (145.7 MiB)

vnet0     Link encap:Ethernet  HWaddr FE:54:00:66:64:11
          inet6 addr: fe80::fc54:ff:fe66:6411/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11958 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36571 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:867881 (847.5 KiB)  TX bytes:49628294 (47.3 MiB)

vnet1     Link encap:Ethernet  HWaddr FE:54:00:FF:E3:7D
          inet6 addr: fe80::fc54:ff:feff:e37d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:745717 errors:0 dropped:0 overruns:0 frame:0
          TX packets:975403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:92561422 (88.2 MiB)  TX bytes:102393897 (97.6 MiB)

vnet2     Link encap:Ethernet  HWaddr FE:54:00:33:66:2B
          inet6 addr: fe80::fc54:ff:fe33:662b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:158342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:248986 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:10190879 (9.7 MiB)  TX bytes:40859993 (38.9 MiB)

IPTABLES

Code: 
[root@s110798 /]# iptables-save
# Generated by iptables-save v1.4.7 on Fri Sep 22 07:03:16 2017
*filter
:INPUT ACCEPT [108:14276]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [13566:15705926]
-A INPUT -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 111,662,892,1515,2049,3389,32803 -j ACCEPT
-A INPUT -p udp -m multiport --dports 662,892,2049,3389,32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900:16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49261 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 111,662,892,1515,2049,32803 -j ACCEPT
-A INPUT -p udp -m multiport --dports 662,892,2049,32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900:16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49261 -j ACCEPT
-A INPUT -p udp -m udp --dport 5404:5405 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21064 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 41966:41969 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50006:50009 -j ACCEPT
-A INPUT -p udp -m udp --dport 50007 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -p udp -m udp --dport 3389 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3308 -j ACCEPT
-A INPUT -p udp -m udp --dport 3308 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2087 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2086 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 662 -j ACCEPT
-A INPUT -p udp -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1515 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -p udp -m udp --dport 32769 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49261 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15900:16900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49261 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -o virbr1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -i virbr1 -j ACCEPT
-A FORWARD -i virbr1 -o virbr1 -j ACCEPT
-A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -i virbr1 -j ACCEPT
COMMIT
# Completed on Fri Sep 22 07:03:16 2017
# Generated by iptables-save v1.4.7 on Fri Sep 22 07:03:16 2017
*mangle
:PREROUTING ACCEPT [154689:265174028]
:INPUT ACCEPT [12830:8048541]
:FORWARD ACCEPT [141863:257126403]
:OUTPUT ACCEPT [13570:15709750]
:POSTROUTING ACCEPT [155428:272835197]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Sep 22 07:03:16 2017
# Generated by iptables-save v1.4.7 on Fri Sep 22 07:03:16 2017
*nat
:PREROUTING ACCEPT [3:180]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [6:528]
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.3:443
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A PREROUTING -i vmbr0 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.0.3:53
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2087 -j DNAT --to-destination 192.168.0.3:2087
-A PREROUTING -i vmbr0 -p tcp -m tcp --dport 2086 -j DNAT --to-destination 192.168.0.3:2086
-A PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.1:22
-A PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
-A PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -o vmbr0 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Fri Sep 22 07:03:16 2017
ini hasil nya...
 
GPLHosting

GPLHosting

Hosting Guru
1. Hapus dulu rules yang kurang tepat :

Code: 
# iptables -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80
# iptables -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.3:443
# iptables -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
# iptables -D PREROUTING -i vmbr0 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.0.3:53
# iptables -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2087 -j DNAT --to-destination 192.168.0.3:2087
# iptables -D PREROUTING -i vmbr0 -p tcp -m tcp --dport 2086 -j DNAT --to-destination 192.168.0.3:2086
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.1:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22

2. Buat rules untuk port2 cpanel yang meng-NAT/Forward dari IP 107.150.58.150 ke VM 192.168.0.3
Code: 
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.3:80
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.3:443
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.0.3:53
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2086 -j DNAT --to-destination 192.168.0.3:2086
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2087 -j DNAT --to-destination 192.168.0.3:2087
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2095 -j DNAT --to-destination 192.168.0.3:2095
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.0.3:21
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.0.3:25
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.0.3:110
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.0.3:143
# iptables -A PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.0.3:587
 
GPLHosting

GPLHosting

Hosting Guru
DNAT itu satu port untuk satu tujuan, gak bisa misalnya port 2222 tsb di dnat ke banyak IP, spt di bawah ini :
Code: 
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.1:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22

Sebaiknya tiap satu destination, satu port, misalnya (interfacenya juga harusnya vmbr0, bukan eth0, karena sudah di bridge) :
Code: 
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2221 -j DNAT --to-destination 192.168.0.1:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2223 -j DNAT --to-destination 192.168.0.3:22
 
Bestariweb Hosting

Bestariweb Hosting

Hosting Guru
The Warrior
Verified Provider
kalo port 2222 diforward ke banyak IP, nanti pas kasih command: ssh -p 2222 [email protected], tar DSnya bingung mau diforward kemana wkwkwk. Kan repot nanti kalo sampe DSnya ngambek karena perintah forwardnya gak jelas dialamatkan ke NAT IP yang mana.

Ngopi dulu biar nyante
 
Last edited:
Rockman

Rockman

Hosting Guru
Verified Provider
GPLHosting said:
DNAT itu satu port untuk satu tujuan, gak bisa misalnya port 2222 tsb di dnat ke banyak IP, spt di bawah ini :
Code: 
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.1:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i eth0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22

Sebaiknya tiap satu destination, satu port, misalnya (interfacenya juga harusnya vmbr0, bukan eth0, karena sudah di bridge) :
Code: 
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2221 -j DNAT --to-destination 192.168.0.1:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.2:22
# iptables -D PREROUTING -d 107.150.58.150/32 -i vmbr0 -p tcp -m tcp --dport 2223 -j DNAT --to-destination 192.168.0.3:22
Click to expand...
Iya Bu hajjah, Saya juga bingung baca dari semua artikel yang ada, antara artikel 1 dengan lainnya tidak sama, akhirnya saya masukkan saja semua perintah satu persatu dan siapa tahu ada nyantol. hehehe.... :D
Oke terima kasih sebelumnya, karena telah memberi pencerahan nya....:D
Ilmu anda sangat bermanfaat dan tiada terkira pahala yang bu hajjah dapat.....
 
Rockman

Rockman

Hosting Guru
Verified Provider
Oh ya Suhu+Master, tutorial diatas kan perintah untuk IPTables di centos 6, Kalau perintah untuk CenTOS 7 Bagaimana ??
Bagaimana step by step membuat rules untuk port-port cpanel yang meng-NAT / Forward dari IP Public ke VM 192.168.0.3 yang di peruntukkan untuk CentOS 7 yang tidak menggunakan IPTables


Kami sudah kami open port sebagai berikut :
Code: 
systemctl status firewalld
systemctl enable firewalld
systemctl start firewalld

firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --zone=public --permanent --add-port=53/tcp
firewall-cmd --zone=public --permanent --add-port=53/udp
firewall-cmd --zone=public --permanent --add-port=21/tcp
firewall-cmd --zone=public --permanent --add-port=21/udp
firewall-cmd --zone=public --permanent --add-port=22/tcp
firewall-cmd --zone=public --permanent --add-port=23/tcp
firewall-cmd --zone=public --permanent --add-port=110/tcp
firewall-cmd --zone=public --permanent --add-port=143/tcp
firewall-cmd --zone=public --permanent --add-port=465/tcp
firewall-cmd --zone=public --permanent --add-port=587/tcp
firewall-cmd --zone=public --permanent --add-port=993/tcp
firewall-cmd --zone=public --permanent --add-port=995/tcp
firewall-cmd --zone=public --permanent --add-port=2086/tcp
firewall-cmd --zone=public --permanent --add-port=2087/tcp
firewall-cmd --zone=public --permanent --add-port=2095/tcp
firewall-cmd --zone=public --permanent --add-port=3389/tcp
firewall-cmd --zone=public --permanent --add-port=3389/udp
firewall-cmd --zone=public --permanent --add-port=8080/tcp

firewall-cmd --zone=public --permanent --add-port=111/tcp
firewall-cmd --zone=public --permanent --add-port=662/tcp
firewall-cmd --zone=public --permanent --add-port=662/udp
firewall-cmd --zone=public --permanent --add-port=892/tcp
firewall-cmd --zone=public --permanent --add-port=892/udp
firewall-cmd --zone=public --permanent --add-port=1500/tcp
firewall-cmd --zone=public --permanent --add-port=1515/tcp
firewall-cmd --zone=public --permanent --add-port=2049/tcp
firewall-cmd --zone=public --permanent --add-port=2049/udp
firewall-cmd --zone=public --permanent --add-port=32803/tcp
firewall-cmd --zone=public --permanent --add-port=32769/udp
firewall-cmd --zone=public --permanent --add-port=5900/tcp
firewall-cmd --zone=public --permanent --add-port=6900/tcp
firewall-cmd --zone=public --permanent --add-port=5900-6900/tcp
firewall-cmd --zone=public --permanent --add-port=15900/tcp
firewall-cmd --zone=public --permanent --add-port=16900/tcp
firewall-cmd --zone=public --permanent --add-port=15900-16900/tcp
firewall-cmd --zone=public --permanent --add-port=49152/tcp
firewall-cmd --zone=public --permanent --add-port=49261/tcp
firewall-cmd --zone=public --permanent --add-port=49152-49261/tcp

firewall-cmd --reload

Bagaimana meng-NAT / Forward di centOS 7, yang sudah tidak tersedia IPTables..??

Maaf kalau banyak bertanya.....
 
Last edited:
Status
Not open for further replies.

Top