1. Gateway & Router Linux Redhat 9.0

1. Konfigurasi Gateway & Router

Adapun cara konfigurasi Gateway & Router  Linux Redhat 9.0 adalah :

-   Setting IP Modem ADSL  = 192.168.0.1

-   Setting IP eth0

# vi /etc/sysconfig/network-scripts/ifcfg-eth0 (u/ menulis/edit tekan tombol insert)

DEVICE=eth0

ONBOOT=yes

BOOTPROTO=static

NETWORK=192.168.0.0

BROADCAST=192.168.0.255

IPADDR=192.168.0.2

NETMASK=255.255.255.0

USERCTL=no

PEERDNS=no

TYPE=Ethernet

Simpan file dengan menekan tombol escape/Esc kemudian ketik :wq kemudian tekan enter

-       Setting IP eth1

# vi /etc/sysconfig/network-scripts/ifcfg-eth1 (u/ menulis/edit tekan tombol insert)

DEVICE=eth1

BOOTPROTO=static

BROADCAST=192.168.1.255

IPADDR=192.168.1.1

NETMASK=255.255.255.0

NETWORK=192.168.1.0

ONBOOT=yes

USERCTL=no

PEERDNS=no

TYPE=Ethernet

Simpan file dengan menekan tombol escape/Esc kemudian ketik :wq kemudian tekan enter

-       Setting IP eth2

# vi /etc/sysconfig/network-scripts/ifcfg-eth2 (u/ menulis/edit tekan tombol insert)

USERCTL=no

PEERDNS=no

TYPE=Ethernet

DEVICE=eth2

BOOTPROTO=static

ONBOOT=yes

IPADDR=10.10.10.1

NETMASK=255.255.255.0

NETWORK=10.10.10.0

BROADCAST=10.10.10.255

Simpan file dengan menekan tombol escape/Esc kemudian ketik :wq kemudian tekan enter

-          Restart network

# service network restart

Shutting down interface eth0:                              [  OK  ]

Shutting down interface eth1:                               [  OK  ]

Shutting down interface eth2:                               [  OK  ]

Shutting down loopback interface:                     [  OK  ]

Disabling IPv4 packet forwarding:                      [  OK  ]

Setting network parameters:                                [  OK  ]

Bringing up loopback interface:                            [  OK  ]

Bringing up interface eth0:                                     [  OK  ]

Bringing up interface eth1:                                     [  OK  ]

Bringing up interface eth2:                                    [  OK  ]

-          Cek Konfigurasi  Network

[root@server /]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:A0:C9:0F:9D:6F

inet addr:192.168.0.2 Bcast:192.168.0.255  Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:63 errors:0 dropped:0 overruns:0 frame:0

TX packets:89 errors:78 dropped:0 overruns:0 carrier:78

collisions:0 txqueuelen:100

RX bytes:4905 (4.7 Kb)  TX bytes:15956 (15.5 Kb)

Interrupt:10 Base address:0xdcc0 Memory:fa000000-fa000038

eth1      Link encap:Ethernet  HWaddr 00:C0:4F:CF:71:69

inet addr:192.168.1.1 Bcast:192.168.1.255  Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:1400 errors:0 dropped:0 overruns:0 frame:0

TX packets:802 errors:0 dropped:0 overruns:0 carrier:0

collisions:10 txqueuelen:100

RX bytes:180124 (175.9 Kb)  TX bytes:185405 (181.0 Kb)

Interrupt:11 Base address:0xdc00

eth2      Link encap:Ethernet  HWaddr 00:A0:24:6E:55:C1

inet addr:10.10.10.1 Bcast:10.10.10.255  Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:1051 errors:1036 dropped:0 overruns:0 frame:1036

TX packets:621 errors:0 dropped:0 overruns:0 carrier:9

collisions:10 txqueuelen:100

RX bytes:133281 (130.1 Kb)  TX bytes:169101 (165.1 Kb)

Interrupt:5 Base address:0×220

lo        Link encap:Local Loopback

inet addr:127.0.0.1  Mask:255.0.0.0

UP LOOPBACK RUNNING  MTU:16436  Metric:1

RX packets:73727 errors:0 dropped:0 overruns:0 frame:0

TX packets:73727 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:5037963 (4.8 Mb)  TX bytes:5037963 (4.8 Mb)

[root@server /]#

-          Test Ping  ke Modem ADSL

[root@server /]# ping 192.168.0.1

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=9.75 ms

64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.943 ms

64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.936 ms

64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.946 ms

— 192.168.0.1 ping statistics —

4 packets transmitted, 4 received, 0% packet loss, time 3029ms

rtt min/avg/max/mdev = 0.936/3.144/9.754/3.816 ms

[root@server /]#

-          Test Ping  eth0, eth1, eth2

[root@server /]# ping 192.168.0.2

PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.

64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.259 ms

64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.120 ms

64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.121 ms

64 bytes from 192.168.0.2: icmp_seq=4 ttl=64 time=0.120 ms

— 192.168.0.2 ping statistics —

4 packets transmitted, 4 received, 0% packet loss, time 2997ms

rtt min/avg/max/mdev = 0.120/0.155/0.259/0.060 ms

[root@server /]# ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.144 ms

64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.114 ms

64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.118 ms

— 192.168.1.1 ping statistics —

3 packets transmitted, 3 received, 0% packet loss, time 1998ms

rtt min/avg/max/mdev = 0.114/0.125/0.144/0.016 ms

[root@server /]# ping 10.10.10.1

PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.

64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.171 ms

64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.117 ms

64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.107 ms

64 bytes from 10.10.10.1: icmp_seq=4 ttl=64 time=0.115 ms

— 10.10.10.1 ping statistics —

4 packets transmitted, 4 received, 0% packet loss, time 2997ms

rtt min/avg/max/mdev = 0.107/0.127/0.171/0.027 ms

[root@server /]#

-          Setting Gateway

[root@server /]# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=localhost.localdomain

GATEWAY=192.168.0.1

-          Setting dns (/etc/resolv.conf)

#search localdomain

search smkdmi.sch.id

nameserver  192.168.0.1

nameserver  202.134.0.155

-          Aktifkan IP Forwarding

[root@server /]# vi /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and

# sysctl.conf(5) for more details.

# Controls IP packet forwarding

net.ipv4.ip_forward = 1

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

-          Setting NAT

vi /etc/sysconfig/iptables

# Firewall configuration written by lokkit

# Manual customization of this file is not recommended.

# Note: ifup-post will punch the current nameservers through the

# firewall; such entries will *not* be listed here.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Lokkit-0-50-INPUT – [0:0]

-A INPUT -j RH-Lokkit-0-50-INPUT

-A FORWARD -j RH-Lokkit-0-50-INPUT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 80 –syn -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 21 –syn -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 22 –syn -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 23 –syn -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 –sport 67:68 -d 0/0 –dport 67:68 -i eth0 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 –sport 67:68 -d 0/0 –dport 67:68 -i eth1 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 –sport 67:68 -d 0/0 –dport 67:68 -i eth2 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

#mengaktifkan service sharing anta rip yg berbeda segmen.

-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -i eth2 -j ACCEPT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 0:1023 –syn -j REJECT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 2049 –syn -j REJECT

-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 0:1023 -j REJECT

-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 2049 -j REJECT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 6000:6009 –syn -j REJECT

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 7100 –syn -j REJECT

COMMIT

*nat

: OUTPUT ACCEPT [203:13706]

: POSTROUTING ACCEPT [198:13332]

: PREROUTING ACCEPT [5:831]

-A POSTROUTING -o eth0 -j SNAT –to-source 192.168.0.2

COMMIT

-          Restart Iptables

[root@server root]# service iptables restart

Flushing all current rules and user defined chains:        [  OK  ]

Clearing all current rules and user defined chains:        [  OK  ]

Applying iptables firewall rules:                          [  OK  ]

[root@server root]#

-          Restart Network

# service network restart

Shutting down interface eth0:                              [  OK  ]

Shutting down interface eth1:                              [  OK  ]

Shutting down interface eth2:                              [  OK  ]

Shutting down loopback interface:                     [  OK  ]

Disabling IPv4 packet forwarding:                      [  OK  ]

Setting network parameters:                                 [  OK  ]

Bringing up loopback interface:                           [  OK  ]

Bringing up interface eth0:                                    [  OK  ]

Bringing up interface eth1:                                     [  OK  ]

Bringing up interface eth2:                                    [  OK  ]

-          Test Koneksi internet

[root@server root]# ping yahoo.com

PING yahoo.com (69.147.114.224) 56(84) bytes of data.

64 bytes from b1.www.vip.re3.yahoo.com (69.147.114.224): icmp_seq=1 ttl=54 time=301 ms

64 bytes from b1.www.vip.re3.yahoo.com (69.147.114.224): icmp_seq=2 ttl=54 time=299 ms

64 bytes from b1.www.vip.re3.yahoo.com (69.147.114.224): icmp_seq=3 ttl=54 time=303 ms

64 bytes from b1.www.vip.re3.yahoo.com (69.147.114.224): icmp_seq=4 ttl=54 time=305 ms

— yahoo.com ping statistics —

87 packets transmitted, 86 received, 1% packet loss, time 86091ms

rtt min/avg/max/mdev = 288.826/298.175/306.978/5.130 ms