refrensi dari Pak Onno W Purbo
topologi jaringan
Sambungan ADSL melalui eth1 IP address 192.168.1.2/24 dengan gateway router ADSL pada IP 192.168.1.1/24
Sambungan WIFI melalui eth2 IP address 192.168.5.1/24 melalui WiFi / Wireless dengan gateway 192.168.5.1/24
Sambungan LAN melalui eth0 IP address 192.168.0.254/24
ISP 1
192.168.1.1/24 (ISP1)
192.168.1.2/24 (eth1)
SIP2
192.168.5.1/24 (ISP2)
192.168.5.2/24 (eth2)
ROUTER
192.168.0.254/24 (eth0)
#set IP NIC di /etc/network/interface
auto eth0
iface eth0 inet static
address 172.31.53.254
netmask 255.255.255.192
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.5.2
netmask 255.255.255.0
#tambah routing di /etc/iproute2/rt_tables
120 hsp
121 telkom
123 rtrw
#set routing dan load balancing
/sbin/ip link set lo up
/sbin/ip link set eth0 up
/sbin/ip link set eth1 up
/sbin/ip link set eth2 up
/sbin/ip route flush table hsp
/sbin/ip route flush table telkom
/sbin/ip route flush table rtrw
/sbin/ip rule add prio 10 table main
/sbin/ip rule add prio 20 table hsp
/sbin/ip rule add prio 30 table telkom
/sbin/ip rule add prio 40 table rtrw
/sbin/ip rule add prio 20 from 192.168.5.0/24 table hsp
/sbin/ip route add default via 192.168.5.1 dev eth2 src 192.168.5.2 proto static table hsp
/sbin/ip route append prohibit default table hsp metric 1 proto static
/sbin/ip rule add prio 30 from 192.168.1.0/24 table telkom
/sbin/ip route add default via 192.168.1.1 dev eth1 src 192.168.1.2 proto static table telkom
/sbin/ip route append prohibit default table telkom metric 5 proto static
# Set up load balancing gateways
/sbin/ip rule add prio 40 table rtrw
/sbin/ip route add default proto static table rtrw \
nexthop via 192.168.5.1 dev eth2 weight 1 \
nexthop via 192.168.1.1 dev eth1 weight 1
#set NAT / proxy untu melakukan NAT ke dua (2) interface yang berbeda
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -i eth2 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p udp -i eth1 -j REJECT -–reject-with icmp-port-unreachable
/sbin/iptables -A INPUT -p udp -i eth2 -j REJECT –-reject-with icmp-port-unreachable
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j SNAT –-to 192.168.5.2
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT -–to 192.168.1.2
#set transparen proxy
/sbin/iptables -t nat -A PREROUTING -i eth0 -p TCP –dport 80 -j REDIRECT –to-port 3128
topologi jaringan
Sambungan ADSL melalui eth1 IP address 192.168.1.2/24 dengan gateway router ADSL pada IP 192.168.1.1/24
Sambungan WIFI melalui eth2 IP address 192.168.5.1/24 melalui WiFi / Wireless dengan gateway 192.168.5.1/24
Sambungan LAN melalui eth0 IP address 192.168.0.254/24
ISP 1
192.168.1.1/24 (ISP1)
192.168.1.2/24 (eth1)
SIP2
192.168.5.1/24 (ISP2)
192.168.5.2/24 (eth2)
ROUTER
192.168.0.254/24 (eth0)
#set IP NIC di /etc/network/interface
auto eth0
iface eth0 inet static
address 172.31.53.254
netmask 255.255.255.192
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.5.2
netmask 255.255.255.0
#tambah routing di /etc/iproute2/rt_tables
120 hsp
121 telkom
123 rtrw
#set routing dan load balancing
/sbin/ip link set lo up
/sbin/ip link set eth0 up
/sbin/ip link set eth1 up
/sbin/ip link set eth2 up
/sbin/ip route flush table hsp
/sbin/ip route flush table telkom
/sbin/ip route flush table rtrw
/sbin/ip rule add prio 10 table main
/sbin/ip rule add prio 20 table hsp
/sbin/ip rule add prio 30 table telkom
/sbin/ip rule add prio 40 table rtrw
/sbin/ip rule add prio 20 from 192.168.5.0/24 table hsp
/sbin/ip route add default via 192.168.5.1 dev eth2 src 192.168.5.2 proto static table hsp
/sbin/ip route append prohibit default table hsp metric 1 proto static
/sbin/ip rule add prio 30 from 192.168.1.0/24 table telkom
/sbin/ip route add default via 192.168.1.1 dev eth1 src 192.168.1.2 proto static table telkom
/sbin/ip route append prohibit default table telkom metric 5 proto static
# Set up load balancing gateways
/sbin/ip rule add prio 40 table rtrw
/sbin/ip route add default proto static table rtrw \
nexthop via 192.168.5.1 dev eth2 weight 1 \
nexthop via 192.168.1.1 dev eth1 weight 1
#set NAT / proxy untu melakukan NAT ke dua (2) interface yang berbeda
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -i eth2 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p udp -i eth1 -j REJECT -–reject-with icmp-port-unreachable
/sbin/iptables -A INPUT -p udp -i eth2 -j REJECT –-reject-with icmp-port-unreachable
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j SNAT –-to 192.168.5.2
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT -–to 192.168.1.2
#set transparen proxy
/sbin/iptables -t nat -A PREROUTING -i eth0 -p TCP –dport 80 -j REDIRECT –to-port 3128
Tidak ada komentar:
Posting Komentar