Vyatta 5.0.2: WebProxy, NAT, Load Balancing, IPS

Pada artikel kali ini kita bahas mengenai konfigurasi Webproxy, NAT, Load balancing dan IPS pada Vyatta 5.0.2. Skenario-nya dapat di lihat pada gambar di bawah ini:

skenario
Device
eth0
eth1 eth2
eth3
Keterangan
V0
192.168.5.5/30
192.168.1.1/24
192.168.2.1/24
192.168.3.1/24
DHCP, Webproxy
V1
122.124.193.196/27
192.168.5.6/30
116.98.176.210/29
NAT, Load balancing, IPS
R0
116.98.176.209/29

R1
122.124.193.193/27

DNS
122.124.193.195/27

WEB
122.124.193.204/27

Skenario dari topology di atas, user yang akses dari network 192.168.1.0/24(lan-1), 192.168.2.0/24(lan-2) dan 192.168.3.0/24(lan-3) memperoleh ip dari dhcp server(Vyatta V0) dalam jangkauan .51 s/d .200, default gateway .1.1(lan-1) / .2.1(lan-2) / .3.1(lan-3) dan primary dns 122.124.193.195. Agar penggunaan bandwidth lebih efektif maka dipasang aplikasi webproxy pada Vyatta V0 untuk jaringan lan tersebut.

Untuk akses ke Internet digunakan dua saluran ISP, untuk itu perlu diaktifkan load balancing pada V1 dengan ip monitoring 216.204.61.104 (www.google.com). Jika koneksi eth0 dan eth1 Vyatta V1 sukses menuju ip monitoring, maka saluran koneksi akan menggunakan ISP1 dan ISP2 secara bergantian(per session). Jika salah satu gagal maka hanya ada satu saluran saja yang akan digunakan yaitu saluran koneksi yang sukses menuju ke ip monitoring.

Jika jaringan lan-1, lan-2 dan lan-3 mengakses server DNS/WEB yang terletak dalam domainnya, maka tidak akan dilakukan load balance, akses akan dilewatkan pada jalur eth0 Vyatta V1.

Konfigurasi router Vyatta V0 dan V1 untuk kasus di atas sebagai berikut:

Vyatta router V0:

vyatta@vyatta:~$ configure

vyatta@vyatta# set system name-server 122.124.193.195

vyatta@vyatta# set system gateway-address 192.168.5.6

vyatta@vyatta# commit

vyatta@vyatta# set interfaces ethernet eth0 address 192.168.5.5/30

vyatta@vyatta# set interfaces ethernet eth1 address 192.168.1.1/24

vyatta@vyatta# set interfaces ethernet eth2 address 192.168.2.1/24

vyatta@vyatta# set interfaces ethernet eth3 address 192.168.3.1/24

vyatta@vyatta# commit

vyatta@vyatta# set service dhcp-server shared-network-name lan1

vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24

vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 start 192.168.1.51 stop 192.168.1.200

vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 default-router 192.168.1.1

vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 dns-server 122.124.193.195

vyatta@vyatta# set service dhcp-server shared-network-name lan2

vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24

vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 start 192.168.2.51 stop 192.168.2.200

vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 default-router 192.168.2.1

vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 dns-server 122.124.193.195

vyatta@vyatta# set service dhcp-server shared-network-name lan3

vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24

vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 start 192.168.3.51 stop 192.168.3.200

vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 default-router 192.168.3.1

vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 dns-server 122.124.193.195

vyatta@vyatta# commit

vyatta@vyatta# set service webproxy listen-address 192.168.1.1

vyatta@vyatta# set service webproxy listen-address 192.168.2.1

vyatta@vyatta# set service webproxy listen-address 192.168.3.1

vyatta@vyatta# set service webproxy cache-size 2048

vyatta@vyatta# commit

vyatta@vyatta# save

Vyatta router V1:

vyatta@vyatta:~$ configure

vyatta@vyatta# set system name-server 122.124.193.195

vyatta@vyatta# commit

vyatta@vyatta# set interfaces ethernet eth0 address 122.124.193.196/27

vyatta@vyatta# set interfaces ethernet eth1 address 192.168.5.6/30

vyatta@vyatta# set interfaces ethernet eth2 address 116.98.176.210/29

vyatta@vyatta# commit

vyatta@vyatta# set service nat rule 10 type masquerade

vyatta@vyatta# set service nat rule 10 source address 192.168.0.0/16

vyatta@vyatta# set service nat rule 10 destination address 0.0.0.0/0

vyatta@vyatta# set service nat rule 10 outbound-interface eth0

vyatta@vyatta# set service nat rule 10 protocol all

vyatta@vyatta# set service nat rule 20 type masquerade

vyatta@vyatta# set service nat rule 20 source address 192.168.0.0/16

vyatta@vyatta# set service nat rule 20 destination address 0.0.0.0/0

vyatta@vyatta# set service nat rule 20 outbound-interface eth2

vyatta@vyatta# set service nat rule 20 protocol all

vyatta@vyatta# commit

vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 122.124.193.193

vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 116.98.176.209

vyatta@vyatta# set protocols static route 122.124.193.192/27 next-hop 122.124.193.193

vyatta@vyatta# commit

vyatta@vyatta# set service load-balancing wan interface-health eth0

vyatta@vyatta# set service load-balancing wan interface-health eth0 failure-count 5

vyatta@vyatta# set service load-balancing wan interface-health eth0 nexthop 122.124.193.193

vyatta@vyatta# set service load-balancing wan interface-health eth0 ping 216.204.61.104

vyatta@vyatta# set service load-balancing wan interface-health eth2

vyatta@vyatta# set service load-balancing wan interface-health eth2 failure-count 4

vyatta@vyatta# set service load-balancing wan interface-health eth2 nexthop 116.98.176.209

vyatta@vyatta# set service load-balancing wan interface-health eth2 ping 216.204.61.104

vyatta@vyatta# set service load-balancing wan rule 10

vyatta@vyatta# set service load-balancing wan rule 10 destination address 122.124.193.192/27

vyatta@vyatta# set service load-balancing wan rule 10 exclude

vyatta@vyatta# set service load-balancing wan rule 10 inbound-interface eth1

vyatta@vyatta# set service load-balancing wan rule 10 interface eth0 weight 2

vyatta@vyatta# set service load-balancing wan rule 10 interface eth2 weight 1

vyatta@vyatta# set service load-balancing wan rule 15

vyatta@vyatta# set service load-balancing wan rule 15 inbound-interface eth1

vyatta@vyatta# set service load-balancing wan rule 15 interface eth0 weight 2

vyatta@vyatta# set service load-balancing wan rule 15 interface eth2 weight 1

vyatta@vyatta# commit

vyatta@vyatta# set content-inspection traffic-filter preset all

vyatta@vyatta# set content-inspection ips actions priority-1 drop

vyatta@vyatta# set content-inspection ips auto-update oink-code

vyatta@vyatta# set content-inspection ips auto-update update-hour 23

vyatta@vyatta# commit

vyatta@vyatta# save

Tinggalkan Balasan Batalkan balasan

Ketikkan komentar di sini...

Isikan data di bawah atau klik salah satu ikon untuk log in:

Email (wajib) (Alamat takkan pernah dipublikasikan)

Nama (wajib)

Situs web

You are commenting using your WordPress.com account. ( Logout / Ubah )

You are commenting using your Facebook account. ( Logout / Ubah )

Batal

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Gerakan Open Source

Pastikan Sistem Operasi Anda Linux…!!

Vyatta 5.0.2: WebProxy, NAT, Load Balancing, IPS

Tinggalkan Balasan Batalkan balasan

Beri peringkat:

Share this:

Menyukai ini:

Terkait

Tinggalkan Balasan Batalkan balasan