Blog catatan oprekan: March 2017

Friday, March 24, 2017

Aktifasi SNMP di switch HP 1620-8G

Bismillah ..

jika kita pernah mencoba memonitoring perangkat switch hp dengan protokol SNMP dan mendapat pesan error no respon , misal di kasus saya saya menggunakan nagios pesan error nya seperti ini ,

[03-09-2017 14:31:04] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Memory Usage;UNKNOWN;notify-service-by-email;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:31:04] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Memory Usage;UNKNOWN;notify-service-by-telegram;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:30:44] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Usage;UNKNOWN;notify-service-by-email;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:30:44] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Usage;UNKNOWN;notify-service-by-telegram;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:28:24] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Temp;UNKNOWN;notify-service-by-email;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:28:24] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Temp;UNKNOWN;notify-service-by-telegram;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:28:24] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Uptime;UNKNOWN;notify-service-by-email;External command error: Timeout: No Response from 192.168.0.45:161.
[03-09-2017 14:28:24] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Uptime;UNKNOWN;notify-service-by-telegram;External command error: Timeout: No Response from 192.168.0.45:161.

Mungkin coba bisa di cek di switch nya , di kasus saya SNMP dari switch hp 1620-8g nya belum di aktifkan , nah untuk mengaktifkan nya bisa ke menu DEVICE ---> SNMP

enable versi SNMP yang anda gunakan , klik apply .. kemudia setting comunity nya kemudian jangan lupa save configurasi nya, agar tidak hilang ketika switch nya ngrestart

berikut perubahan log di nagios saya ,..

[03-09-2017 14:38:28] SERVICE ALERT: Switch-Manageable-adduha;CPU Temp;OK;HARD;3;SNMP OK - Temperature is 55 °C
[03-09-2017 14:35:58] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Memory Usage;OK;notify-service-by-email;SNMP OK - Memory Usage is 38 %
[03-09-2017 14:35:58] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Memory Usage;OK;notify-service-by-telegram;SNMP OK - Memory Usage is 38 %
[03-09-2017 14:35:58] SERVICE ALERT: Switch-Manageable-BIT;Memory Usage;OK;HARD;3;SNMP OK - Memory Usage is 38 %
[03-09-2017 14:35:38] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Usage;OK;notify-service-by-email;SNMP OK - CPU usage is 2 %
[03-09-2017 14:35:38] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Usage;OK;notify-service-by-telegram;SNMP OK - CPU usage is 2 %
[03-09-2017 14:35:38] SERVICE ALERT: Switch-Manageable-BIT;CPU Usage;OK;HARD;3;SNMP OK - CPU usage is 2 %
[03-09-2017 14:35:08] SERVICE ALERT: sim;Total Processes;CRITICAL;HARD;4;PROCS CRITICAL: 201 processes
[03-09-2017 14:33:28] SERVICE ALERT: Switch-Manageable-adduha;CPU Temp;WARNING;HARD;3;SNMP WARNING - Temperature is *56* °C
[03-09-2017 14:33:18] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Temp;OK;notify-service-by-email;SNMP OK - Temperature is 0 °C
[03-09-2017 14:33:18] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;CPU Temp;OK;notify-service-by-telegram;SNMP OK - Temperature is 0 °C
[03-09-2017 14:33:18] SERVICE ALERT: Switch-Manageable-BIT;CPU Temp;OK;HARD;3;SNMP OK - Temperature is 0 °C
[03-09-2017 14:33:18] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Uptime;OK;notify-service-by-email;SNMP OK - Timeticks: (1830060) 5:05:00.60
[03-09-2017 14:33:18] SERVICE NOTIFICATION: nagiosadmin;Switch-Manageable-BIT;Uptime;OK;notify-service-by-telegram;SNMP OK - Timeticks: (1830060) 5:05:00.60
[03-09-2017 14:33:18] SERVICE ALERT: Switch-Manageable-BIT;Uptime;OK;HARD;3;SNMP OK - Timeticks: (1830060) 5:05:00.60
[03-09-2017 14:32:58] SERVICE ALERT: mail.alshifacharity;Total Processes;OK;SOFT;2;PROCS OK: 227 processes

semoga bermanfaat :)

Create image raspbian-wheezy ke SD- card di linux terimnal

Masukan Sd-card ke laptop, kemudian buka terimnal

root@bit-X200CA:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 1,9G 0 1,9G 0% /dev
tmpfs 384M 6,3M 378M 2% /run
/dev/sda3 92G 67G 21G 77% /
tmpfs 1,9G 362M 1,6G 19% /dev/shm
tmpfs 5,0M 4,0K 5,0M 1% /run/lock
tmpfs 1,9G 0 1,9G 0% /sys/fs/cgroup
tmpfs 384M 80K 384M 1% /run/user/1000
/dev/sda4 266G 207G 60G 78% /media/bit/2503-8D66
/dev/sdb1 7,6G 94M 7,5G 2% /media/bit/8765-4321

SD-card saya ada di /dev/sdb1 (SD-card 8 Gb) kemudian unmount


root@bit-X200CA:~# umount /dev/sdb1

cek kembali


root@bit-X200CA:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 1,9G 0 1,9G 0% /dev
tmpfs 384M 6,3M 378M 2% /run
/dev/sda3 92G 67G 21G 77% /
tmpfs 1,9G 362M 1,6G 19% /dev/shm
tmpfs 5,0M 4,0K 5,0M 1% /run/lock
tmpfs 1,9G 0 1,9G 0% /sys/fs/cgroup
tmpfs 384M 80K 384M 1% /run/user/1000
/dev/sda4 266G 207G 60G 78% /media/bit/2503-8D66

ekstrak image raspbian wheezy dengan pernintah dd ,


root@bit-X200CA:~# dd bs=4M if=/media/bit/2503-8D66/4.\ private/iso/2012-10-28-wheezy-raspbian.img of=/dev/sdb
462+1 records in
462+1 records out
1939865600 bytes (1,9 GB, 1,8 GiB) copied, 164,107 s, 11,8 MB/s

sedikit pejelasan tentang perintah " dd " di linux ,Perintah dd (Disk Definition) berasal dari Jb Control Language IBM, dan bisa digunakan untuk menduplikat harddisk, membackup data harddisk, merestore data harddisk, menyalin data, membuat bootable flashdisk, memburning file .iso ke dvd dan masih ada banyak lagi kegunaannya. Perintah ini dianggap penting oleh Sysadmin, karena bermanfaat untuk mengatur data-data di harddisk misal

# dd if=~/sdadata.img of=/dev/sda

ket:
if : lokasi file image
of : lokasi yang akan dikembalikan atau ditimpa dengan file image tersebut
langkah ini bisa juga digunakan untuk me-restore partisi

terakhir lepas SD-card kemudian masukan ke raspberry pi nya , kemudian coba di boot..

semoga bermanfaat :)

referensi :

https://www.raspberrypi.org/documentation/installation/installing-images/linux.md

http://www.sibro21.org/2016/03/arti-perintah-dd-di-terminal-linux.html

failed to open '/dev/sdb': Read-only file system , adapter problem

Pernah mengalami kasus error " Read-only file system " , saya mengalami nya ketika melakukan proses instalasi raspbian- wheezy ke sd-card yang menggunakan converter/adapter yaitu ketika akan melakukan copy image ke sdcard seperti berikut,

root@bit-X200CA:/media/bit/2503-8D66/4. private/iso# dd bs=4M if=2012-10-28-wheezy-raspbian.img of=/dev/sdb
dd: failed to open '/dev/sdb': Read-only file system
root@bit-X200CA:/media/bit/2503-8D66/4. private/iso#

saran saya sebelum melihat lebih jauh ke konfigurasi fstab dan format sebagai nya , cek adapter sd-card nya , karena setelah saya muter-muter cek konfigurasi , mount umount , fsck ternyata problem nya ada di konverter / adapter nya, (adapter nya ter lock) seperti gambar berikut,

pastikan posisi nya tidak terl lock , gambar yang di bulat merah posisi nya tidak di bawah, dan betul setelah di coba

root@bit-X200CA:~# dd bs=4M if=/media/bit/2503-8D66/4.\ private/iso/2012-10-28-wheezy-raspbian.img of=/dev/sdb
462+1 records in
462+1 records out
1939865600 bytes (1,9 GB, 1,8 GiB) copied, 164,107 s, 11,8 MB/s
root@bit-X200CA:~#

alhamdulillah bisa :) , semoga bermanfaat, selamat mencoba

INTEGRASI FREERADIUS + LDAP-ZIMBRA + MIKROTIK DENGAN DALORADIUS SEBAGAI USER MANAJEMEN NYA

Bismillah ,.. insyaallah hari ini saya akan mencoba menulis tentang freeradius yang saya coba integrasikan dengan mikrotik (untuk login di hotspot mikrotik) , backend ldap zimbra dan untuk pencatatan report nye menggunakan daloradius , untuk zimbra nya saya anggap sudah berjalan dengan normal dan kita tinggal mengecek parameter ldap nya , ok bismillah , pertama kita update dan upgrade server ubuntu nya dahulu (saya menggunakan ubuntu server 14.04 lts , tidak saya tulis di judul karena terlalu panjang :) )

Update server ubuntu

root@ubuntu:~# apt-get update

root@ubuntu:~# apt-get upgrade

Install LAMP server (untuk daloradius nya)

root@ubuntu:~# apt-get install apache2 php5 mysql-server

Install Freeradius dengan Modul yang di butuhkan

karena kita akan menggunakan ldap zimbra sebagai backend user nya dan daloradius sebagai reporting nya maka kita install freeradius-mysql dan freeradius-ldap

root@ubuntu:~# apt-get install freeradius freeradius-mysql freeradius-utils freeradius-common freeradius-ldap
Reading package lists... Done
Building dependency tree 
Reading state information... Done
The following extra packages will be installed:
 libfreeradius2 libltdl7 libperl5.18
Suggested packages:
 freeradius-postgresql freeradius-krb5
The following NEW packages will be installed:
 freeradius freeradius-common freeradius-ldap freeradius-mysql
 freeradius-utils libfreeradius2 libltdl7 libperl5.18
0 upgraded, 8 newly installed, 0 to remove and 3 not upgraded.
Need to get 895 kB of archives.
After this operation, 4094 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

Install Modul / library PHP yang di butuhkan daloradius

pengalaman saya sebelum install di ubuntu 14.04 di ubuntu 12 kita akan memukan kendala ketika install dalo radius versi terbaru dengan php 5.3 , beberapa library sangat sulit diinstall seperti php-pear dan php-db

root@ubuntu:~# apt-get install php5-gd php-db php-pear
Reading package lists... Done
Building dependency tree 
Reading state information... Done
The following extra packages will be installed:
 fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
 libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4
Suggested packages:
 libgd-tools php5-dev
The following NEW packages will be installed:
 fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
 libjpeg-turbo8 libjpeg8 libtiff5 libvpx1 libxpm4 php-db php-pear php5-gd
0 upgraded, 13 newly installed, 0 to remove and 3 not upgraded.
Need to get 2622 kB of archives.
After this operation, 10.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Download dan ekstrak daloradius

disini saya menggunakan daloradius versi daloradius-0.9-9.tar.gz , bisa di download di sini kemudian ekstrak , untuk memudahkan silahkan di rename folder nya

root@ubuntu:/var/www/html# tar zxvf daloradius-0.9-9.tar.gz
root@ubuntu:/var/www/html# mv daloradius-0.9-9 daloradius

Buat database dan import skema database dari daloradius

root@ubuntu:~# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 42
Server version: 5.5.54-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create databases radius;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'databases radius' at line 1
mysql> CREATE DATABASE radius;
Query OK, 1 row affected (0.00 sec)

mysql> quit
Bye
root@ubuntu:~#

import skema database daloradius

root@ubuntu:/var/www/html/daloradius/contrib/db# mysql -u root -p radius < fr2-mysql-daloradius-and-freeradius.sql 
Enter password: 
root@ubuntu:/var/www/html/daloradius/contrib/db#

Konfigurasi

# edit file radiusd.conf

root@ubuntu:/var/www/html/daloradius# pico /etc/freeradius/radiusd.conf

fauth = no <---- ( Ubah menjadi “yes” )
authbadpass = no <----( Ubah menjadi “yes” )
authgoodpass = no<----( Ubah menjadi “yes” )

proxy_request = yes <----( Ubah menjadi “no” )

#$INCLUDE sql.conf <---- ( Hilangkan # )

# edit file sql.conf

root@ubuntu:/var/www/html/daloradius# pico /etc/freeradius/sql.conf

# Connection info:
server = “localhost”
#port = 3306
login = “root”
password = “” <----(password root mysql anda)
# Database table configuration for everything except Oracle
radius_db = “radius”
#readclient = yes –> ( Hilangkan tanda pagar # )

#buat baru file clients.conf , yang lama di backup dulu

root@ubuntu:/etc/freeradius# mv clients.conf clients.conf.old

root@ubuntu:/var/www/html/daloradius# pico /etc/freeradius/clients.conf

client 192.168.10.0/29 { <-- ganti ip dengan network ip server radius
secret = test123ok <-- ini yang nanti di set di mikrotik nya
shortname = private-network-akses
}

#edit file site-enabled.conf

root@ubuntu:/etc/freeradius# pico sites-enabled/default

uncomment di beberapa baris ,

authorize --> uncomment bagian ldap#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
ldap

accounting --> uncomment bagian sql#
# Log traffic to an SQL database.
#
# See "Accounting queries" in sql.conf
sql

session --> uncoment bagian sqlsession {
radutmp#
# See "Simultaneous Use Checking Queries" in sql.conf
sql
}

post-auth --> uncomment bagian sql dan ldap#
# After authenticating the user, do another SQL query.
#
# See "Authentication Logging Queries" in sql.conf
sql#
# Instead of sending the query to the SQL server,
# write it into a log file.
#
# sql_log#
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module sub-section of
# the 'modules' section.
#
ldap

kemudian simpan ,

edit file /etc/freeradius/modules/ldap untuk menyessuaikan paramater ldap , contoh untuk kasus saya adalah ldap-zimbra

root@ubuntu:~# pico /etc/freeradius/modules/ldap

ldap {
 #
 # Note that this needs to match the name in the LDAP
 # server certificate, if you're using ldaps.
 server = "192.168.112.211"
 identity = "uid=zimbra,cn=admins,cn=zimbra"
 password = passwordldapzimbra
 #basedn = "ou=people,dc=domainkamu,dc=com"
 basedn = "ou=people,dc=domainkamu,dc=com"
 filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
 #base_filter = "(objectclass=radiusprofile)"
 #identity = "cn=admin,o=My Org,c=UA"
 #password = mypass
 #basedn = "o=My Org,c=UA"
 #filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
 #base_filter = "(objectclass=radiusprofile)"

untuk cek parameter ldap di zimbra bisa dengn perintah

" zmlocalconfig -s zimbra_ldap_password " dengan user zimbra.

restart service freeradius

root@ubuntu:~# service freeradius restart

# Konfigurasi mikrotik

ke radius kemudian tambah radius isikan

address = ip server radius nya

secret = yang sudah di definisikan di clients.conf (di kasus saya testing123ok)

kemudian ke hotspot server profile bagian radius centang use radius dan accounting

Testing user Mysql

akses ke http://ipservernya/daloradius

user: administrator

password : radius

ke config --> Maintenance --> Test user connectivity , sebelum nya add user terlebih dahulu

Testing User LDAP

contoh user ldap yang aktif

selamat mencoba semoga bermanfaat ,... :)

referensi :

http://blog.unpatti.ac.id/ridom/computer-networking/mikrotik-hotspot-dengan-freeradius-dan-daloradiu

http://runnov.blogs.uny.ac.id/2016/08/06/impelementasi-dan-konfigurasi-mikrotik-hotspot-freeradius-mysql-dan-ldap/

Daloradius error " DB Error : Extension Not found "

Beberapa hari yang lalu saya mencoba meninstall daloradius , installasi lancar hanya ketika terkahir di coba setelah login dapat pesan "Database connection error Error message DB Error : Extension Not found " seerti gambar berikut

, solusi nya ternyata cukup install php-myadmin saja ternya , menurut team support dari daloradius nya https://sourceforge.net/p/daloradius/discussion/684102/thread/7ea43f3c/ , jadi langsung saja apt-get install

root@ubuntu:~# apt-get install phpmyadmin

dan hasil nya , OK :)

semoga bermanfaat :)

routing 2 gateway dengan ip alias di ubuntu server

Bismillah, beberapa hari yang lalu saya mencoba membuat sebuah server dengan satu buah interface card dengan ip publik bisa berkomunikasi dengan ip private yang ada di bawah router, rencana nya server ini akan menjadi server (jembatan) antara private server dengan public server atau Host to Host , berikut kurang lebih gambaran topologi nya

tespost

Langkah Pertama kita akan melakukan bridge antar interface public denga interface ke server , di kasus saya, saya menggunakan Mikrotik Router yanag kurang lebih seperti berikut


[aldy@MikroTik] > interface bridge print 
Flags: X - disabled, R - running 
 0  R name="bridge1" mtu=1500 l2mtu=1590 arp=enabled 
      mac-address=D4:CA:6D:98:48:56 protocol-mode=none priorit 
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m 
[aldy@MikroTik] > interface bridge port print 
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE               BRIDGE               PRIORITY  P 
 0    1. PUBLIC               bridge1                  0x80   
 1    3. SERVER               bridge1                  0x80   
 2 X  6. LOCAL                bridge1                  0x80   
 3 X  vlan 999 BIT            bridge1                  0x80   
 4 X  5.CLOUD1                bridge1                  0x80   
 5 X  8.DATACENTER            bridge1                  0x80   
[aldy@MikroTik] >

selanjutnya kita ke server , kemudian untuk testing bridge interface di router berjalan atau tidak , kita coba berikan hanya ip public saja di server ,
masuk ke server

bit@bit-X200CA:~$ ssh root@192.168.123.200

edit konfigurasi network interface

root@mail:~# pico /etc/network/interfaces


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 202.19.9.130
        netmask 255.255.255.240
        network 202.19.9.128
        broadcast 202.19.9.143
        gateway 202.19.9.129
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameserver  8.8.8.8 8.8.4.4

kemudian restart service network nya

root@mail:~# ifdown eth0 && ifup eth0

test dengan ifconfig kemudian ping

root@mail:~# ifconfig
eth0      Link encap:Ethernet  HWaddr bc:ee:7b:bc:58:67  
          inet addr:202.19.9.130  Bcast:202.19.9.143  Mask:255.255.255.240
          inet6 addr: fe80::42f0:2fff:fe8f:baf4/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:19 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3392 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3392 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:607636 (607.6 KB)  TX bytes:607636 (607.6 KB)

root@mail:~# ping 202.19.9.129
PING 202.19.9.129 (202.19.9.129) 56(84) bytes of data.
64 bytes from 202.19.9.129: icmp_seq=1 ttl=63 time=1.00 ms
64 bytes from 202.19.9.129: icmp_seq=2 ttl=63 time=0.981 ms
64 bytes from 202.19.9.129: icmp_seq=3 ttl=63 time=1.17 ms
64 bytes from 202.19.9.129: icmp_seq=4 ttl=63 time=1.06 ms
64 bytes from 202.19.9.129: icmp_seq=5 ttl=63 time=0.946 ms
64 bytes from 202.19.9.129: icmp_seq=6 ttl=63 time=0.959 ms
64 bytes from 202.19.9.129: icmp_seq=7 ttl=63 time=0.940 ms
^C
--- 202.19.9.129 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6007ms
rtt min/avg/max/mdev = 0.940/1.010/1.179/0.079 ms
root@mail:~#

Berikut tabel routing awal nya:

root@mail:~# ip route show
default via 202.62.9.129 dev eth0 
202.62.9.128/28 dev eth0  proto kernel  scope link  src 202.62.9.132 
root@mail:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         202.19.9.129    0.0.0.0         UG    0      0        0 eth0
202.19.9.128    0.0.0.0         255.255.255.240 U     0      0        0 eth0
root@mail:~#

Dan jika kita coba akses ke ip private alur routing nya akan seperti berikut :


root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
 1  129.9.19.202.iconpln.net.id (202.19.9.129)  0.914 ms  0.766 ms  0.826 ms
 2  78.175.iconpln.net.id (119.252.175.78)  29.137 ms  29.104 ms  29.064 ms
 3  77.175.iconpln.net.id (119.252.175.77)  30.195 ms  30.169 ms  30.130 ms
 4  192.168.168.1 (192.168.168.1)  28.888 ms  30.022 ms  29.990 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * *^C
root@mail:~#

Routing akan mengarah ke gateway ip publik isp dan seterus nya , bukan kearah router kita dan di terus kan ke ip private yang di tuju dan itu artinya server public belum bisa berkomunikasi dengan server private, ok kita kelangkah selanjutanya , untuk membuat server public kita bisa komunikasi dengan ip private ,

langkah pertama kita tambahkan ip private di server public tadi , menggunakan interface alias , jadi nanti server public kita akan 2 ip , ip public untuk komunikasi ke public dan ip private untuk komunikasi ke network private di bawah router,

root@mail:~# pico /etc/network/interfaces


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 202.19.9.130
        netmask 255.255.255.240
        network 202.19.9.128
        broadcast 202.19.9.143
        gateway 202.19.9.129
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameserver  8.8.8.8 8.8.4.4
        
auto eth0:0
iface eth0:0 inet static
        address 192.168.222.205
        netmask 255.255.255.0
        network 192.168.222.0
        broadcast 192.168.222.255
        gateway 192.168.222.1

kemudian restart service network nya

root@mail:~# ifdown eth0 && ifup eth0


root@mail:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 9e:6c:aa:92:f2:64  
          inet addr:202.19.9.130  Bcast:202.62.9.143  Mask:255.255.255.240
          inet6 addr: fe80::9c6c:aaff:fe92:f264/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:106938 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52265 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17415524 (17.4 MB)  TX bytes:9152647 (9.1 MB)

eth0:0    Link encap:Ethernet  HWaddr 9e:6c:aa:92:f2:64  
          inet addr:192.168.222.205  Bcast:192.168.222.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1990 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1990 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:161556 (161.5 KB)  TX bytes:161556 (161.5 KB)

root@mail:~#

Tabel routing setelah di tambah kan ip alias untuk komunikasi ke ip private di bawah router ,

root@mail:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         202.19.9.129    0.0.0.0         UG    0      0        0 eth0
192.168.222.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
202.19.9.128    0.0.0.0         255.255.255.240 U     0      0        0 eth0
root@mail:~#

jika kita coba tes koneksi ke ip private yang di bawah router , maka hasil nya akan seperti berikut.

root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
 1 129.9.19.202.iconpln.net.id (202.19.9.129) 0.871 ms 0.809 ms 0.889 ms
 2 78.175.iconpln.net.id (119.252.175.78) 29.804 ms 29.769 ms 29.723 ms
 3 77.175.iconpln.net.id (119.252.175.77) 31.211 ms 31.167 ms 31.129 ms
 4 192.168.168.1 (192.168.168.1) 31.039 ms 31.006 ms 30.966 ms
 5 * * *
 6 * * *
 7 * * *
 8 * * *
 9 * * *
10 *^C

gateway yang di gunakan masih gateway ip public walaupun yag di tuju adalah ip private , maka kita tambahkan routing yang bertujuan ketika akan melakukan koneksi ke network 192.168.223.0/24 maka akan menggunakan gateway 192.168.222.1 (gateway dari ip private alias dari server public kita) , berikut langkah nya

root@mail:~# ip route add 192.168.223.0/24 via 192.168.222.1

tabel routing setelah di tambahkan rule baru

root@mail:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0            202.19.9.129     0.0.0.0         UG     0 0 0    eth0
192.168.222.       0 0.0.0.0        255.255.255.0   U      0 0 0    eth0
192.168.223.0      192.168.222.1    255.255.255.0   UG     0 0 0    eth0
202.62.9.128       0.0.0.0          255.255.255.240 U      0 0 0    eth0
root@mail:~# ip route show
default via 202.19.9.129 dev eth0 
192.168.222.0/24 dev eth0 scope link src 192.168.222.205 
192.168.223.0/24 via 192.168.222.1 dev eth0 
202.19.9.128/28 dev eth0 proto kernel scope link src 202.62.9.132
root@mail:~#

jika kita coba traceroute dan ping

root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
 1 192.168.222.1 (192.168.222.1) 0.556 ms 0.490 ms 0.451 ms
 2 192.168.223.4 (192.168.223.4) 1.481 ms 1.452 ms 1.414 ms
root@mail:~#

root@mail:~# ping 192.168.223.4
PING 192.168.223.4 (192.168.223.4) 56(84) bytes of data.
64 bytes from 192.168.223.4: icmp_seq=1 ttl=63 time=1.08 ms
64 bytes from 192.168.223.4: icmp_seq=2 ttl=63 time=1.00 ms
64 bytes from 192.168.223.4: icmp_seq=3 ttl=63 time=1.05 ms
^C
--- 192.168.223.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.000/1.046/1.083/0.043 ms
root@mail:~#

selamat mencoba semoga bermanfaat :)

Laman