EKAKJ

November 12, 2007

1 LAN dengan 2 ISP – Load Balancing

Filed under: linux — ekakj @ 3:47 pm

Linux box pake 3 NIC / kartu jaringan / LAN Card :

eth0 nyambung ke ISP (misal “TELENET”) pake kabel

eth1 nyambung ke ISP ADSL (misal “SKYNET”) (pake modem eksternal)

eth2 nyambung ke LAN (misal “INTERN”).

———— MAIN ROUTING TABLE ———–

# ip route show table main

192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254

192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2

81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x

default via 81.82.0.1 dev eth0

———— EXTRA ROUTING TABLE———–

# ip route show table 4

192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254

192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2

81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x

default via 192.168.254.1 dev eth1

———– ROUTING RULES ———–

# ip rule show

0: from all lookup 255

32764: from 192.168.254.1 lookup 4

32765: from all fwmark 0×4 lookup 4

32766: from all lookup main

32767: from all lookup default

———- FIREWALL (rules) SCRIPT (partial) ———-

IPTABLES=/sbin/iptables

TELENET=”eth0″

SKYNET=”eth1″

INTERN=”eth2″

INTNET=”192.168.0.0/24″

$IPTABLES -F

$IPTABLES -F -t nat

$IPTABLES -F -t mangle

$IPTABLES -A INPUT -i lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A INPUT -i $TELENET -s 0.0.0.0/0 -d $TELENETIP -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -i $SKYNET -s 0.0.0.0/0 -d $SKYNETIP -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -o $TELENET -s $TELENETIP -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o $SKYNET -s $SKYNETIP -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A INPUT -i $INTERN -s $INTNET -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o $INTERN -s $INTERNIP -d $INTNET -j ACCEPT

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 443 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 444 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 1723 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 4125 -j MARK –set-mark 0×4

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:443

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:444

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:1723

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:4125

$IPTABLES -t nat -A POSTROUTING -o $TELENET -j SNAT –to-source $TELENETIP

$IPTABLES -t nat -A POSTROUTING -o $SKYNET -j SNAT –to-source $SKYNETIP

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 444 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 1723 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 4125 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -d $INTNET -j ACCEPT

$IPTABLES -A FORWARD -s $INTNET -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -P FORWARD DROP

$IPTABLES -P INPUT DROP

$IPTABLES -P OUTPUT DROP

$IPTABLES -A FORWARD -d $INTNET -j ACCEPT

$IPTABLES -A FORWARD -s $INTNET -j ACCEPT

2 ISP 1 LAN

biar nge-cache di google ato search engine lainnya

contohnya

Berikut ini file konfigurasi:

1. /etc/iproute2/rt_tables
2. loadbalancing.sh

—- /etc/iproute2/rt_tables —-
#
# reserved values
#
#255 local
#254 main
#253 default
#0 unspec
#
# local
#
#1 inr.ruhep
# ADSL1
10 T1
# ADSL2
20 T2

— loadbalancing.sh —-

#!/bin/sh

# Parameter

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: