Langkah Pertama kita akan melakukan bridge antar interface public denga interface ke server , di kasus saya, saya menggunakan Mikrotik Router yanag kurang lebih seperti berikut
[aldy@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 l2mtu=1590 arp=enabled
mac-address=D4:CA:6D:98:48:56 protocol-mode=none priorit
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[aldy@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY P
0 1. PUBLIC bridge1 0x80
1 3. SERVER bridge1 0x80
2 X 6. LOCAL bridge1 0x80
3 X vlan 999 BIT bridge1 0x80
4 X 5.CLOUD1 bridge1 0x80
5 X 8.DATACENTER bridge1 0x80
[aldy@MikroTik] >
selanjutnya kita ke server , kemudian untuk testing bridge interface di router berjalan atau tidak , kita coba berikan hanya ip public saja di server ,
masuk ke server
bit@bit-X200CA:~$ ssh root@192.168.123.200edit konfigurasi network interface
root@mail:~# pico /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 202.19.9.130
netmask 255.255.255.240
network 202.19.9.128
broadcast 202.19.9.143
gateway 202.19.9.129
# dns-* options are implemented by the resolvconf package, if installed
dns-nameserver 8.8.8.8 8.8.4.4
kemudian restart service network nya
root@mail:~# ifdown eth0 && ifup eth0
test dengan ifconfig kemudian ping
root@mail:~# ifconfig
eth0 Link encap:Ethernet HWaddr bc:ee:7b:bc:58:67
inet addr:202.19.9.130 Bcast:202.19.9.143 Mask:255.255.255.240
inet6 addr: fe80::42f0:2fff:fe8f:baf4/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3392 errors:0 dropped:0 overruns:0 frame:0
TX packets:3392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:607636 (607.6 KB) TX bytes:607636 (607.6 KB)
root@mail:~# ping 202.19.9.129
PING 202.19.9.129 (202.19.9.129) 56(84) bytes of data.
64 bytes from 202.19.9.129: icmp_seq=1 ttl=63 time=1.00 ms
64 bytes from 202.19.9.129: icmp_seq=2 ttl=63 time=0.981 ms
64 bytes from 202.19.9.129: icmp_seq=3 ttl=63 time=1.17 ms
64 bytes from 202.19.9.129: icmp_seq=4 ttl=63 time=1.06 ms
64 bytes from 202.19.9.129: icmp_seq=5 ttl=63 time=0.946 ms
64 bytes from 202.19.9.129: icmp_seq=6 ttl=63 time=0.959 ms
64 bytes from 202.19.9.129: icmp_seq=7 ttl=63 time=0.940 ms
^C
--- 202.19.9.129 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6007ms
rtt min/avg/max/mdev = 0.940/1.010/1.179/0.079 ms
root@mail:~#
Berikut tabel routing awal nya:
root@mail:~# ip route show
default via 202.62.9.129 dev eth0
202.62.9.128/28 dev eth0 proto kernel scope link src 202.62.9.132
root@mail:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0
202.19.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0
root@mail:~# Dan jika kita coba akses ke ip private alur routing nya akan seperti berikut :
root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
1 129.9.19.202.iconpln.net.id (202.19.9.129) 0.914 ms 0.766 ms 0.826 ms
2 78.175.iconpln.net.id (119.252.175.78) 29.137 ms 29.104 ms 29.064 ms
3 77.175.iconpln.net.id (119.252.175.77) 30.195 ms 30.169 ms 30.130 ms
4 192.168.168.1 (192.168.168.1) 28.888 ms 30.022 ms 29.990 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * *^C
root@mail:~#Routing akan mengarah ke gateway ip publik isp dan seterus nya , bukan kearah router kita dan di terus kan ke ip private yang di tuju dan itu artinya server public belum bisa berkomunikasi dengan server private, ok kita kelangkah selanjutanya , untuk membuat server public kita bisa komunikasi dengan ip private ,
langkah pertama kita tambahkan ip private di server public tadi , menggunakan interface alias , jadi nanti server public kita akan 2 ip , ip public untuk komunikasi ke public dan ip private untuk komunikasi ke network private di bawah router,
root@mail:~# pico /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 202.19.9.130
netmask 255.255.255.240
network 202.19.9.128
broadcast 202.19.9.143
gateway 202.19.9.129
# dns-* options are implemented by the resolvconf package, if installed
dns-nameserver 8.8.8.8 8.8.4.4
auto eth0:0
iface eth0:0 inet static
address 192.168.222.205
netmask 255.255.255.0
network 192.168.222.0
broadcast 192.168.222.255
gateway 192.168.222.1
kemudian restart service network nya
root@mail:~# ifdown eth0 && ifup eth0
root@mail:~# ifconfig
eth0 Link encap:Ethernet HWaddr 9e:6c:aa:92:f2:64
inet addr:202.19.9.130 Bcast:202.62.9.143 Mask:255.255.255.240
inet6 addr: fe80::9c6c:aaff:fe92:f264/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:106938 errors:0 dropped:0 overruns:0 frame:0
TX packets:52265 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17415524 (17.4 MB) TX bytes:9152647 (9.1 MB)
eth0:0 Link encap:Ethernet HWaddr 9e:6c:aa:92:f2:64
inet addr:192.168.222.205 Bcast:192.168.222.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1990 errors:0 dropped:0 overruns:0 frame:0
TX packets:1990 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:161556 (161.5 KB) TX bytes:161556 (161.5 KB)
root@mail:~#
Tabel routing setelah di tambah kan ip alias untuk komunikasi ke ip private di bawah router ,
root@mail:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0
192.168.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
202.19.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0
root@mail:~#
jika kita coba tes koneksi ke ip private yang di bawah router , maka hasil nya akan seperti berikut.
root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
1 129.9.19.202.iconpln.net.id (202.19.9.129) 0.871 ms 0.809 ms 0.889 ms
2 78.175.iconpln.net.id (119.252.175.78) 29.804 ms 29.769 ms 29.723 ms
3 77.175.iconpln.net.id (119.252.175.77) 31.211 ms 31.167 ms 31.129 ms
4 192.168.168.1 (192.168.168.1) 31.039 ms 31.006 ms 30.966 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 *^C
gateway yang di gunakan masih gateway ip public walaupun yag di tuju adalah ip private , maka kita tambahkan routing yang bertujuan ketika akan melakukan koneksi ke network 192.168.223.0/24 maka akan menggunakan gateway 192.168.222.1 (gateway dari ip private alias dari server public kita) , berikut langkah nya
root@mail:~# ip route add 192.168.223.0/24 via 192.168.222.1
tabel routing setelah di tambahkan rule baru
root@mail:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0
192.168.222. 0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.223.0 192.168.222.1 255.255.255.0 UG 0 0 0 eth0
202.62.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0
root@mail:~# ip route show
default via 202.19.9.129 dev eth0
192.168.222.0/24 dev eth0 scope link src 192.168.222.205
192.168.223.0/24 via 192.168.222.1 dev eth0
202.19.9.128/28 dev eth0 proto kernel scope link src 202.62.9.132
root@mail:~#
jika kita coba traceroute dan ping
root@mail:~# traceroute 192.168.223.4
traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets
1 192.168.222.1 (192.168.222.1) 0.556 ms 0.490 ms 0.451 ms
2 192.168.223.4 (192.168.223.4) 1.481 ms 1.452 ms 1.414 ms
root@mail:~#
root@mail:~# ping 192.168.223.4
PING 192.168.223.4 (192.168.223.4) 56(84) bytes of data.
64 bytes from 192.168.223.4: icmp_seq=1 ttl=63 time=1.08 ms
64 bytes from 192.168.223.4: icmp_seq=2 ttl=63 time=1.00 ms
64 bytes from 192.168.223.4: icmp_seq=3 ttl=63 time=1.05 ms
^C
--- 192.168.223.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.000/1.046/1.083/0.043 ms
root@mail:~#
selamat mencoba semoga bermanfaat :)
No comments:
Post a Comment