Pada artikel kali ini kita bahas mengenai konfigurasi Webproxy, NAT, Load balancing dan IPS pada Vyatta 5.0.2. Skenario-nya dapat di lihat pada gambar di bawah ini:
| Device | eth0 | eth1 | eth2 | eth3 | Keterangan |
| V0 | 192.168.5.5/30 | 192.168.1.1/24 | 192.168.2.1/24 | 192.168.3.1/24 | DHCP, Webproxy |
| V1 | 122.124.193.196/27 | 192.168.5.6/30 | 116.98.176.210/29 | Â | NAT, Load balancing, IPS |
| R0 | Â | 116.98.176.209/29 | Â | Â | Â |
| R1 | Â | 122.124.193.193/27 | Â | Â | Â |
| DNS | 122.124.193.195/27 | Â | Â | Â | Â |
| WEB | 122.124.193.204/27 | Â | Â | Â | Â |
Konfigurasi router Vyatta V0 dan V1 untuk kasus di atas sebagai berikut:
Vyatta router V0:vyatta@vyatta:~$ configure
vyatta@vyatta# set system name-server 122.124.193.195
vyatta@vyatta# set system gateway-address 192.168.5.6
vyatta@vyatta# commit
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.5.5/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.1.1/24
vyatta@vyatta# set interfaces ethernet eth2 address 192.168.2.1/24
vyatta@vyatta# set interfaces ethernet eth3 address 192.168.3.1/24
vyatta@vyatta# commit
vyatta@vyatta# set service dhcp-server shared-network-name lan1
vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24
vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 start 192.168.1.51 stop 192.168.1.200
vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 default-router 192.168.1.1
vyatta@vyatta# set service dhcp-server shared-network-name lan1 subnet 192.168.1.0/24 dns-server 122.124.193.195
vyatta@vyatta# set service dhcp-server shared-network-name lan2
vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24
vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 start 192.168.2.51 stop 192.168.2.200
vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 default-router 192.168.2.1
vyatta@vyatta# set service dhcp-server shared-network-name lan2 subnet 192.168.2.0/24 dns-server 122.124.193.195
vyatta@vyatta# set service dhcp-server shared-network-name lan3
vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24
vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 start 192.168.3.51 stop 192.168.3.200
vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 default-router 192.168.3.1
vyatta@vyatta# set service dhcp-server shared-network-name lan3 subnet 192.168.3.0/24 dns-server 122.124.193.195
vyatta@vyatta# commit
vyatta@vyatta# set service webproxy listen-address 192.168.1.1
vyatta@vyatta# set service webproxy listen-address 192.168.2.1
vyatta@vyatta# set service webproxy listen-address 192.168.3.1
vyatta@vyatta# set service webproxy cache-size 2048
vyatta@vyatta# commit
vyatta@vyatta# save
Vyatta router V1:
vyatta@vyatta:~$ configure
vyatta@vyatta# set system name-server 122.124.193.195
vyatta@vyatta# commit
vyatta@vyatta# set interfaces ethernet eth0 address 122.124.193.196/27
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.5.6/30
vyatta@vyatta# set interfaces ethernet eth2 address 116.98.176.210/29
vyatta@vyatta# commit
vyatta@vyatta# set service nat rule 10 type masquerade
vyatta@vyatta# set service nat rule 10 source address 192.168.0.0/16
vyatta@vyatta# set service nat rule 10 destination address 0.0.0.0/0
vyatta@vyatta# set service nat rule 10 outbound-interface eth0
vyatta@vyatta# set service nat rule 10 protocol all
vyatta@vyatta# set service nat rule 20 type masquerade
vyatta@vyatta# set service nat rule 20 source address 192.168.0.0/16
vyatta@vyatta# set service nat rule 20 destination address 0.0.0.0/0
vyatta@vyatta# set service nat rule 20 outbound-interface eth2
vyatta@vyatta# set service nat rule 20 protocol allÂ
vyatta@vyatta# commit
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 122.124.193.193
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 116.98.176.209
vyatta@vyatta# set protocols static route 122.124.193.192/27 next-hop 122.124.193.193
vyatta@vyatta# commit
vyatta@vyatta# set service load-balancing wan interface-health eth0
vyatta@vyatta# set service load-balancing wan interface-health eth0 failure-count 5
vyatta@vyatta# set service load-balancing wan interface-health eth0 nexthop 122.124.193.193
vyatta@vyatta# set service load-balancing wan interface-health eth0 ping 216.204.61.104
vyatta@vyatta# set service load-balancing wan interface-health eth2
vyatta@vyatta# set service load-balancing wan interface-health eth2 failure-count 4
vyatta@vyatta# set service load-balancing wan interface-health eth2 nexthop 116.98.176.209
vyatta@vyatta# set service load-balancing wan interface-health eth2 ping 216.204.61.104
vyatta@vyatta# set service load-balancing wan rule 10
vyatta@vyatta# set service load-balancing wan rule 10 destination address 122.124.193.192/27
vyatta@vyatta# set service load-balancing wan rule 10 exclude
vyatta@vyatta# set service load-balancing wan rule 10 inbound-interface eth1
vyatta@vyatta# set service load-balancing wan rule 10 interface eth0 weight 2
vyatta@vyatta# set service load-balancing wan rule 10 interface eth2 weight 1
vyatta@vyatta# set service load-balancing wan rule 15
vyatta@vyatta# set service load-balancing wan rule 15 inbound-interface eth1
vyatta@vyatta# set service load-balancing wan rule 15 interface eth0 weight 2
vyatta@vyatta# set service load-balancing wan rule 15 interface eth2 weight 1
vyatta@vyatta# commit
vyatta@vyatta# set content-inspection traffic-filter preset all
vyatta@vyatta# set content-inspection ips actions priority-1 drop
vyatta@vyatta# set content-inspection ips auto-update oink-code
vyatta@vyatta# set content-inspection ips auto-update update-hour 23
vyatta@vyatta# commit
vyatta@vyatta# save
ini saja dulu...mudahan bermanfaat.ISOnya dapat anda download di bawah ini.!!
CD ISO image 165 MB | i386 | Download here
.png "English"){kind=small}
0 comments: