WTA: ubah port

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
danz0
Posts: 140
Joined: 19 Jan 2010, 12:37
Location: Suroboyo

WTA: ubah port

Postby danz0 » 18 May 2010, 11:32

hai all
mau sharing dikit neh
gw baru masuk kerja di server pulsa
nah critana ni si boz pengen ubah port yang udah ada untuk koneksi H2H skr yang pake port 80
apakah ini masi berkaitan ama setting IP table?
ni gm caranya yah..gw cuman ngenal ubuntu dasar2nya aj
ad yang bisa bantuin gw

Masalahnya disini g ada yg paham gtuan. ato ada referensi dm ya forum yang bahas topik ini..thx
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 18 May 2010, 15:15

kalo mau ngubah port di level aplikasinya. CMIIW


regards,
c0jack
User avatar
danz0
Posts: 140
Joined: 19 Jan 2010, 12:37
Location: Suroboyo

Re: WTA: ubah port

Postby danz0 » 18 May 2010, 15:20

ya nih baru tau ternyata di level aplikasi.

uda dapet sedikit pencerahan :D
Ada yang lain?
User avatar
suryayusra
Posts: 394
Joined: 05 May 2010, 15:54
Location: Palembang, Indonesia
Contact:

Re: WTA: ubah port

Postby suryayusra » 19 May 2010, 08:06

nambahin :D
buka port nya yg ada di server :D
contoh, port apa yang akan di pake , ya ente buka, kemudian baru setting port di level aplikasi masing2 :)
klo di iptable ya ente ACCEPT aja port yang akan di tuju oleh port aplikasi
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 19 May 2010, 09:13

suryayusra wrote:contoh, port apa yang akan di pake , ya ente buka, kemudian baru setting port di level aplikasi masing2 :)

mungkin bisa di share bagaimana cara membuka port-nya bro suryayusra


regards,
c0jack
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 21 May 2010, 18:19

bener bro surya gimana nie langkah2 simple nya open close port
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 28 Jul 2010, 07:30

sundul biar keliatan klo kasus belum solved :grin: <<--butuh soal nya :blush:
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: WTA: ubah port

Postby Rh354 » 28 Jul 2010, 09:50

intinya iptables itu ada 3 chain (rantai): INPUT, OUTPUT dan FORWARD
chain INPUT itu menangani paket2 data yang masuk ke dalam komputer lo
chain OUTPUT menangani paket2 data yang keluar dari komputer lo
chain FORWARD menangani paket2 data yang lewat melalui komputer lo


sudo iptables -A FORWARD --port 9339 -j ACCEPT

mungkin begini cara bukanya
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 28 Jul 2010, 10:02

mantaff berarti klo tutup

tinggal delete aja :grin: mungkin coz belum coba :D

sudo iptables -D FORWARD --port 9339 -j ACCEPT
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 28 Jul 2010, 14:27

bro, saya coba buka port 10 pake command dari bro Rh354 kok ga bisa ya? ada yang salah kah?

Code: Select all

sudo iptables -A FORWARD --port 10 -j ACCEPT

hasilnya

Code: Select all

iptables v1.4.4: unknown option `--port'
Try `iptables -h' or 'iptables --help' for more information.

regards,
c0jack
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: WTA: ubah port

Postby Rh354 » 28 Jul 2010, 18:12

sudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 9939 -j ACCEPT
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 28 Jul 2010, 20:47

saya jalanin command

Code: Select all

sudo iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 10 -j ACCEPT

ini hasil-nya

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

trus saya cek pake nmap

Code: Select all

Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-28 20:43 WIT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
PORT   STATE  SERVICE
10/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

kok blom kebuka port-nya?


regards,
c0jack
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 01 Aug 2010, 23:04

HUAAAA gimana dunk masih belum ke buka ini port :(

emergency harus bisa buka port 100 malam ini :(
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 01 Aug 2010, 23:50

mau buka port untuk keperluan apa bro zitux?
ini ada contoh script php dari devshed.com untuk open port
[php]// set some variables
$host = "localhost";
$port = 10;
// don't timeout!
set_time_limit(0);
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socket\n");
// bind socket to port
$result = socket_bind($socket, $host, $port) or die("Could not bind to socket\n");
// start listening for connections
$result = socket_listen($socket, 3) or die("Could not set up socket listener\n");
// accept incoming connections
// spawn another socket to handle communication
$spawn = socket_accept($socket) or die("Could not accept incoming connection\n");
// read client input
$input = socket_read($spawn, 1024) or die("Could not read input\n");
// clean up input string
$input = trim($input);
// reverse client input and send back
$output = strrev($input) . "\n";
socket_write($spawn, $output, strlen ($output)) or die("Could not write output\n");
// close sockets
socket_close($spawn);
socket_close($socket);[/php]
ini hasil cek pake nmap

Code: Select all

Starting Nmap 5.00 ( http://nmap.org ) at 2010-08-01 23:48 WIT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
PORT   STATE SERVICE
10/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

regards,
c0jack
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 01 Aug 2010, 23:52

script nya ditaruh dimana mas ?
langkah2 nya maaf dah buntu ini
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 01 Aug 2010, 23:56

emang mau buka port untuk keperluan apa? script itu kan buka port di level aplikasi. jadi harus jelas dulu buka port untuk keperluan/aplikasi apa.


regards,
c0jack
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: WTA: ubah port

Postby amanda » 01 Aug 2010, 23:58

cb di flush maz rules dari iptables nya

Code: Select all

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -A INPUT -p tcp --dport 10 -j ACCEPT

/etc/init.d/iptables save

/etc/init.d/iptables restart


nutup misal port 25

Code: Select all

sudo iptables -A INPUT -p tcp --dport 25 -j DROP


misal diforward example : port 25 ke 5000

Code: Select all

echo "1" > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --dport 25 -j REDIRECT --to-ports 5000


mbuka port mgkn bisa pk option multi port juga

Code: Select all

sudo iptables -A INPUT -p tcp -m multiport --dport 22,222,2222 -j ACCEPT


kalo salah maklum baru belajar :(
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: WTA: ubah port

Postby zitux » 02 Aug 2010, 00:09

yg ini sudah tp gak mau buka
iptables -A INPUT -p tcp --dport 10 -j ACCEPT

yg ini juga salah comand klo di lucid


# /etc/init.d/iptables restart
-bash: /etc/init.d/iptables: No such file or directory
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: WTA: ubah port

Postby amanda » 02 Aug 2010, 00:28

cb disesuaikan script init.d nya sama disini maz http://ubuntuforums.org/showthread.php?t=159661 mgkn bisa..
User avatar
c0jack
Posts: 743
Joined: 12 Jan 2010, 10:33
Location: Jogjakarta, Indonesia
Contact:

Re: WTA: ubah port

Postby c0jack » 02 Aug 2010, 01:54

amanda wrote:nutup misal port 25

Code: Select all

sudo iptables -A INPUT -p tcp --dport 25 -j DROP


mbuka port mgkn bisa pk option multi port juga

Code: Select all

sudo iptables -A INPUT -p tcp -m multiport --dport 22,222,2222 -j ACCEPT

kayaknya masih ada kerancuan antara istilah
menutup port (close port) >< mengijinkan port (accept port)

AFAIK, menutup dan membuka port hanya bisa dilakukan di level aplikasi. sedangkan iptables tugasnya hanya memfilter paket data yang melalui jaringan. saya jelasin pake contoh aja ya. saya akan jalanin web server apache yang jalan di port 80, dan saya tidak membuat rule apapun di iptables saya. berikut tampilan iptablesnya

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

dan ini hasil scanning dari nmap

Code: Select all

Starting Nmap 5.00 ( http://nmap.org ) at 2010-08-02 01:31 WIT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 100 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

kondisi sekarang saya bisa akses web server saya. trus sekarang saya buat rule iptables

Code: Select all

sudo iptables -A INPUT -p tcp --dport 80 -j DROP

ini hasil nya

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp dpt:www

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

trus saya scan lagi pake nmap, ini hasilnya

Code: Select all

Starting Nmap 5.00 ( http://nmap.org ) at 2010-08-02 01:38 WIT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 100 closed ports
PORT   STATE    SERVICE
80/tcp filtered http

Nmap done: 1 IP address (1 host up) scanned in 2.55 seconds

perhatikan hasil scanning nmap nya. terlihat perbedaan yang tadinya state open menjadi state filtered. itu brarti iptables sukses menjalankan tugasnya memfilter port 80 dengan rule drop yang artinya iptables akan men-drop paket data yang melewati port 80 (bukan menutup port 80 lho ya) ke komputer saya sehingga saya tidak bisa mengakses web lokal saya.


regards,
c0jack

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 8 guests