Linux box pake 3 NIC / kartu jaringan / LAN Card :
eth0 nyambung ke ISP (misal “TELENET”) pake kabel
eth1 nyambung ke ISP ADSL (misal “SKYNET”) (pake modem eksternal)
eth2 nyambung ke LAN (misal “INTERN”).
———— MAIN ROUTING TABLE ———–
# ip route show table main
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254
192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2
81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x
default via 81.82.0.1 dev eth0
———— EXTRA ROUTING TABLE———–
# ip route show table 4
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254
192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2
81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x
default via 192.168.254.1 dev eth1
———– ROUTING RULES ———–
# ip rule show
0: from all lookup 255
32764: from 192.168.254.1 lookup 4
32765: from all fwmark 0×4 lookup 4
32766: from all lookup main
32767: from all lookup default
More…
———- FIREWALL (rules) SCRIPT (partial) ———-
IPTABLES=/sbin/iptables
TELENET=”eth0″
SKYNET=”eth1″
INTERN=”eth2″
INTNET=”192.168.0.0/24″
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -A INPUT -i lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT
$IPTABLES -A OUTPUT -o lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT
$IPTABLES -A INPUT -i $TELENET -s 0.0.0.0/0 -d $TELENETIP -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $SKYNET -s 0.0.0.0/0 -d $SKYNETIP -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $TELENET -s $TELENETIP -d 0.0.0.0/0 -j ACCEPT
$IPTABLES -A OUTPUT -o $SKYNET -s $SKYNETIP -d 0.0.0.0/0 -j ACCEPT
$IPTABLES -A INPUT -i $INTERN -s $INTNET -d 0.0.0.0/0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERN -s $INTERNIP -d $INTNET -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 443 -j MARK –set-mark 0×4
$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 444 -j MARK –set-mark 0×4
$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 1723 -j MARK –set-mark 0×4
$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 4125 -j MARK –set-mark 0×4
$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:443
$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:444
$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:1723
$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:4125
$IPTABLES -t nat -A POSTROUTING -o $TELENET -j SNAT –to-source $TELENETIP
$IPTABLES -t nat -A POSTROUTING -o $SKYNET -j SNAT –to-source $SKYNETIP
$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 444 -m state –state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 1723 -m state –state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 4125 -m state –state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -d $INTNET -j ACCEPT
$IPTABLES -A FORWARD -s $INTNET -j ACCEPT
$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -A FORWARD -d $INTNET -j ACCEPT
$IPTABLES -A FORWARD -s $INTNET -j ACCEPT
2 ISP 1 LAN
biar nge-cache di google ato search engine lainnya
* load balancing 2 ISP
* load balancing multiple ISP link
* http://www.lartc.org/howto/lartc.rpdb.multiple-links.html Load balancing LARTC
contohnya
Berikut ini file konfigurasi:
1. /etc/iproute2/rt_tables
2. loadbalancing.sh
—- /etc/iproute2/rt_tables —-
#
# reserved values
#
#255 local
#254 main
#253 default
#0 unspec
#
# local
#
#1 inr.ruhep
# ADSL1
10 T1
# ADSL2
20 T2
— loadbalancing.sh —-
#!/bin/sh
# Parameter
IF0=eth0
P0_NET=192.168.0.0/24
# Koneksi ke modem adsl (brige mode) via ppp0
IF1=ppp0
IP1=125.164.255.xxx
P1=125.164.255.1
P1_NET=125.164.255.0/24
# Koneksi ke modem adsl (router mode) via eth2
IF2=eth2
IP2=192.168.11.250
P2=192.168.11.200
P2_NET=192.168.11.0/24
ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $P1
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
ip route add $P0_NET dev $IF0 table T1
ip route add $P2_NET dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo table T1
ip route add $P0_NET dev $IF0 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo table T2
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1
Post a Comment