|eth0
|
|-------|
| MGW
|
|---|---|
|
|eth1
|
|
|--------------------hub----------------------|
| | |
| | |
| | |
|---------|
|---------| |---------|
|Client 01|
|Client 02| |Client 03|
|---------|
|---------| |---------|
Pertama yang harus di lakukan adalah mensetting mgw(main
gateway) supaya bisa connect ke internet
Sebelum Mensetting :
1.Minta IP public ke ISP lengkap dengan
netmask,broadcast dan dns nya
misalnya :
RANGE :
202.159.121.0/29
IP :
202.159.121.2
GATEWAY : 202.159.121.1
Nemast :
255.255.255.248
broadcast : 202.159.121.7
DNS1 :
202.159.0.10
DNS2 :
202.159.0.20
berarti kita mendapatkan ip 5 buah dari 202.159.121.2 -
202.159.121.6
2.Menentukan IP local yang akan kita gunakan buat client
Setting IP MGW :
1.[root@mgw cachak]$ vi /etc/sysconfig/network
lalu isi dengan :
NETWORKING=yes
HOSTNAME=mgw.domain.com
GATEWAY=202.159.121.1
lalu simpen dengan menekan :wq
2.Menconfigurasi IP eth0(default)
[root@mgw root]$ vi
/etc/sysconfig/network-scripts/ifcfg-eth0
lalu isi dengan :
DEVICE=eth0
BOOTPROTO=static
IPADDR=202.159.121.2
BROADCAST=202.159.121.7
NETMASK=255.255.255.249
ONBOOT=yes
USERCTL=no
lalu simpen dengan menekan :wq
3.Setting dns resolve
[root@mgw root]$ vi /etc/resolve.conf
lalu isi dengan nameserver dari isp kita tadi :
nameserver 202.159.0.10
nameserver 202.159.0.20
lalu simpen dengan menekan :wq
4.Setting ip_forwarding
[root@mgw cachak]$ vi /etc/sysctl.conf
rubah net.ipv4.ip_forward = 0 menjadi
net.ipv4.ip_forward = 1
atau kalau gak ada net.ipv4.ip_forward = 0 tambahin
net.ipv4.ip_forward = 1
simpen dengan menekan :wq
5.restart network
[root@mgw cachak]$ /etc/init.d/network restart
Shutting down interface eth0: [ OK
]
Shutting down loopback interface: [ OK
]
Disabling IPv4 packet forwarding: [ OK
]
Setting network parameters: [ OK
]
Bringing up loopback interface: [ OK
]
Bringing up interface eth0: [ OK
]
[root@www root]#chkconfig --level 2345 network on
[root@www root]#
6.testing dengan ngeping ke default gateway
202.159.121.1
[root@mgw cachak]$ ping 202.159.121.1
PING 202.159.121.1 (202.159.121.1) 56(84) bytes of data.
64 bytes from 202.159.121.1: icmp_seq=1 ttl=63
time=0.356 ms
64 bytes from 202.159.121.1: icmp_seq=2 ttl=63
time=0.269 ms
64 bytes from 202.159.121.1: icmp_seq=3 ttl=63
time=0.267 ms
64 bytes from 202.159.121.1: icmp_seq=4 ttl=63
time=0.268 ms
--- 202.159.121.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time
2997ms
rtt min/avg/max/mdev = 0.267/0.290/0.356/0.038 ms
7.testing untuk ngeping google.com untuk ngecek dns nya
kalau muncul :
PING google.com (216.239.39.99) 56(84) bytes of data.
berarti dns kita untuk mgw dah bekerja, tapi kalau
muncul :
ping: unknown host google.com
berarti dns yang kita isikan di /etc/resolve.conf masih
salah,silahkan cek lagi ke ISP nya :)
nah bereskan sudah setting IP untuk mgw nya :)
supaya mgw ini bisa sekaligus di gunakan sebagai ns
server oleh client maka harus di install daemon bind atau daemon nameserver
yang lain
ataukalau sudah ada tinggal idupin Bind nya
[root@www root]# /etc/init.d/named restart
Stopping named:
[ OK ]
Starting named:
[ OK ]
[root@www root]#chkconfig --level 2345 named on
[root@www root]#
misalnya ip ke client adalah :
192.168.0.1/24
IP : 192.168.0.1
netmask : 255.255.255.0
broadcast : 192.168.0.255
RANGE IP CLIENT : 192.168.0.2-192.168.0.254
Setting ip untuk eth1 (yang ke client)
1.memberi IP 192.168.0.1 di eth1
[root@mgw cachak]$ vi
/etc/sysconfig/network-scripts/ifcfg-eth1
lalu isi dengan :
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.0.1
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
ONBOOT=yes
USERCTL=no
lalu simpen dengan menekan :wq
2.Restart networknya
[root@mgw root]$ /etc/init.d/network restart
Shutting down interface eth0: [ OK
]
Shutting down interface eth1: [ OK
]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK
]
Setting network parameters: [ OK
]
Bringing up loopback interface: [ OK
]
Bringing up interface eth0: [
OK ]
Bringing up interface eth1: [ OK
]
3.Testing dengan cara ping ip eth1
[root@mgw cachak]$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=0.356
ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=63 time=0.269
ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=63 time=0.267
ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=63 time=0.268
ms
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time
2997ms
rtt min/avg/max/mdev = 0.267/0.290/0.356/0.038 ms
Tinggal Setting IP computer client dengan ketentuan di
bawah ini :
IP :
192.168.0.2 - 192.168.0.254
GATEWAY :
192.168.0.1
NETMASK :
255.255.255.0
BROADCAST :
192.168.0.255
NAMESERVER :
192.168.0.1
misal :
Client01
===============================
IP :
192.168.0.2
GATEWAY :
192.168.0.1
NETMASK :
255.255.255.0
BROADCAST :
192.168.0.255
NAMESERVER :
192.168.0.1
Client02
===============================
IP :
192.168.0.3
GATEWAY :
192.168.0.1
NETMASK :
255.255.255.0
BROADCAST :
192.168.0.255
NAMESERVER :
192.168.0.1
dan seterusnya sesuai banyaknya client,yang berubah
hanya IP
untuk client windows maka setting IP di bagian Start
Menu/Setting/Control Panel/Network
setelah di setting ip client, maka coba ping ke
192.168.0.1 dari client,kalau berhasil berarti client dan MGW nya sudah
tersambung.
Setting MGW supaya client bisa internat dengan
menggunakan NAT
1.Matikan iptablesnya
[root@mgw root]# /etc/init.d/iptables stop
Flushing all chains:
[ OK ]
Removing user defined chains: [ OK
]
Resetting built-in chains to the default ACCEPT
policy: [ OK
]
[root@mgw root]#
2.Tambahkan iptables untuk Source NAt sesuai dengan ip
di eth0
[root@mgw root]# /sbin/iptables -t nat -A POSTROUTING -o
eth0 -s 192.168.0.0/24 -j SNAT --to-source 202.159.121.2
[root@mgw root]# /sbin/iptables-save >
/etc/sysconfig/iptables
[root@mgw root]# /etc/init.d/iptables restart
Flushing all current rules and user defined chains: [
OK ]
Clearing all current rules and user defined chains: [
OK ]
Applying iptables firewall rules: [ OK
]
[root@mgw root]# iptables-save
SNAT sudah,SNAT disini standar sekali dan gak ada
proteksi
untuk mengetest nya kita browser di client lalau buka
google.com, kalau jalan berati kita sudah berhasil :)
|