Konfigurasi - Bridge

yah... lupa lagi :(( padahal cuman gini ae


/usr/sbin/brctl addbr br0
# Tambahkan ethernet yg dipake
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# buat ethernet on
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# kasih IP biar si bridge bisa di kontrol dari luar
/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.32

# tambah IP internal buat NAT
ip addr add 192.168.0.1/24 dev br0
/sbin/route add default gw 62.3.3.25

IPTABLES nya
iptables -F FORWARD
iptables -P FORWARD DROP
iptables -A FORWARD -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Limit ICMP
# iptables -A FORWARD -p icmp -m limit --limit 4/s -j ACCEPT
# Match string, a good simple method to block some VIRUS very Quickly
# iptables -I FORWARD -j DROP -p tcp -s 0.0.0.0/0 -m string --string "cmd.exe"

# Blok koneksi MySQL
iptables -A FORWARD -p tcp -s 0/0 -d 62.3.3.0/24 --dport 3306 -j DROP

# Linux Mail Server
#
# FTP-DATA ( 20 ) , FTP ( 21 ) , SSH ( 22 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.27/32 --dport 20:22 -j ACCEPT

# Ijinkan Mail Server konek ke luar
iptables -A FORWARD -p tcp -s 62.3.3.27/32 -d 0/0 -j ACCEPT

# WWW Server
#
# HTTP ( 80 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 --dport 80 -j ACCEPT

# HTTPS ( 443 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 62.3.3.28/32 -d 0/0 -j ACCEPT


sumber:
http://www.linuxsecurity.com/docs/harden-doc/html/securing-debian-howto/ap-bridge-fw.en.html