Bismillah, beberapa hari yang lalu saya mencoba membuat sebuah server dengan satu buah interface card dengan ip publik bisa berkomunikasi dengan ip private yang ada di bawah router, rencana nya server ini akan menjadi server (jembatan) antara private server dengan public server atau Host to Host , berikut kurang lebih gambaran topologi nya
Langkah Pertama kita akan melakukan bridge antar interface public denga interface ke server , di kasus saya, saya menggunakan Mikrotik Router yanag kurang lebih seperti berikut
[aldy@MikroTik] > interface bridge print Flags: X - disabled, R - running 0 R name="bridge1" mtu=1500 l2mtu=1590 arp=enabled mac-address=D4:CA:6D:98:48:56 protocol-mode=none priorit auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age forward-delay=15s transmit-hold-count=6 ageing-time=5m [aldy@MikroTik] > interface bridge port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY P 0 1. PUBLIC bridge1 0x80 1 3. SERVER bridge1 0x80 2 X 6. LOCAL bridge1 0x80 3 X vlan 999 BIT bridge1 0x80 4 X 5.CLOUD1 bridge1 0x80 5 X 8.DATACENTER bridge1 0x80 [aldy@MikroTik] >
selanjutnya kita ke server , kemudian untuk testing bridge interface di router berjalan atau tidak , kita coba berikan hanya ip public saja di server ,
masuk ke server
bit@bit-X200CA:~$ ssh root@192.168.123.200
edit konfigurasi network interface
root@mail:~# pico /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 202.19.9.130 netmask 255.255.255.240 network 202.19.9.128 broadcast 202.19.9.143 gateway 202.19.9.129 # dns-* options are implemented by the resolvconf package, if installed dns-nameserver 8.8.8.8 8.8.4.4
kemudian restart service network nya
root@mail:~# ifdown eth0 && ifup eth0
test dengan ifconfig kemudian ping
root@mail:~# ifconfig eth0 Link encap:Ethernet HWaddr bc:ee:7b:bc:58:67 inet addr:202.19.9.130 Bcast:202.19.9.143 Mask:255.255.255.240 inet6 addr: fe80::42f0:2fff:fe8f:baf4/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:19 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:3392 errors:0 dropped:0 overruns:0 frame:0 TX packets:3392 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:607636 (607.6 KB) TX bytes:607636 (607.6 KB) root@mail:~# ping 202.19.9.129 PING 202.19.9.129 (202.19.9.129) 56(84) bytes of data. 64 bytes from 202.19.9.129: icmp_seq=1 ttl=63 time=1.00 ms 64 bytes from 202.19.9.129: icmp_seq=2 ttl=63 time=0.981 ms 64 bytes from 202.19.9.129: icmp_seq=3 ttl=63 time=1.17 ms 64 bytes from 202.19.9.129: icmp_seq=4 ttl=63 time=1.06 ms 64 bytes from 202.19.9.129: icmp_seq=5 ttl=63 time=0.946 ms 64 bytes from 202.19.9.129: icmp_seq=6 ttl=63 time=0.959 ms 64 bytes from 202.19.9.129: icmp_seq=7 ttl=63 time=0.940 ms ^C --- 202.19.9.129 ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 6007ms rtt min/avg/max/mdev = 0.940/1.010/1.179/0.079 ms root@mail:~#
Berikut tabel routing awal nya:
root@mail:~# ip route show default via 202.62.9.129 dev eth0 202.62.9.128/28 dev eth0 proto kernel scope link src 202.62.9.132 root@mail:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0 202.19.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0 root@mail:~#
Dan jika kita coba akses ke ip private alur routing nya akan seperti berikut :
root@mail:~# traceroute 192.168.223.4 traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets 1 129.9.19.202.iconpln.net.id (202.19.9.129) 0.914 ms 0.766 ms 0.826 ms 2 78.175.iconpln.net.id (119.252.175.78) 29.137 ms 29.104 ms 29.064 ms 3 77.175.iconpln.net.id (119.252.175.77) 30.195 ms 30.169 ms 30.130 ms 4 192.168.168.1 (192.168.168.1) 28.888 ms 30.022 ms 29.990 ms 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * *^C root@mail:~#
Routing akan mengarah ke gateway ip publik isp dan seterus nya , bukan kearah router kita dan di terus kan ke ip private yang di tuju dan itu artinya server public belum bisa berkomunikasi dengan server private, ok kita kelangkah selanjutanya , untuk membuat server public kita bisa komunikasi dengan ip private ,
langkah pertama kita tambahkan ip private di server public tadi , menggunakan interface alias , jadi nanti server public kita akan 2 ip , ip public untuk komunikasi ke public dan ip private untuk komunikasi ke network private di bawah router,
root@mail:~# pico /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 202.19.9.130 netmask 255.255.255.240 network 202.19.9.128 broadcast 202.19.9.143 gateway 202.19.9.129 # dns-* options are implemented by the resolvconf package, if installed dns-nameserver 8.8.8.8 8.8.4.4 auto eth0:0 iface eth0:0 inet static address 192.168.222.205 netmask 255.255.255.0 network 192.168.222.0 broadcast 192.168.222.255 gateway 192.168.222.1
kemudian restart service network nya
root@mail:~# ifdown eth0 && ifup eth0
root@mail:~# ifconfig eth0 Link encap:Ethernet HWaddr 9e:6c:aa:92:f2:64 inet addr:202.19.9.130 Bcast:202.62.9.143 Mask:255.255.255.240 inet6 addr: fe80::9c6c:aaff:fe92:f264/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:106938 errors:0 dropped:0 overruns:0 frame:0 TX packets:52265 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17415524 (17.4 MB) TX bytes:9152647 (9.1 MB) eth0:0 Link encap:Ethernet HWaddr 9e:6c:aa:92:f2:64 inet addr:192.168.222.205 Bcast:192.168.222.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1990 errors:0 dropped:0 overruns:0 frame:0 TX packets:1990 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:161556 (161.5 KB) TX bytes:161556 (161.5 KB) root@mail:~#
Tabel routing setelah di tambah kan ip alias untuk komunikasi ke ip private di bawah router ,
root@mail:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0 192.168.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 202.19.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0 root@mail:~#
jika kita coba tes koneksi ke ip private yang di bawah router , maka hasil nya akan seperti berikut.
root@mail:~# traceroute 192.168.223.4 traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets 1 129.9.19.202.iconpln.net.id (202.19.9.129) 0.871 ms 0.809 ms 0.889 ms 2 78.175.iconpln.net.id (119.252.175.78) 29.804 ms 29.769 ms 29.723 ms 3 77.175.iconpln.net.id (119.252.175.77) 31.211 ms 31.167 ms 31.129 ms 4 192.168.168.1 (192.168.168.1) 31.039 ms 31.006 ms 30.966 ms 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 *^C
gateway yang di gunakan masih gateway ip public walaupun yag di tuju adalah ip private , maka kita tambahkan routing yang bertujuan ketika akan melakukan koneksi ke network 192.168.223.0/24 maka akan menggunakan gateway 192.168.222.1 (gateway dari ip private alias dari server public kita) , berikut langkah nya
root@mail:~# ip route add 192.168.223.0/24 via 192.168.222.1
tabel routing setelah di tambahkan rule baru
root@mail:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 202.19.9.129 0.0.0.0 UG 0 0 0 eth0 192.168.222. 0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.223.0 192.168.222.1 255.255.255.0 UG 0 0 0 eth0 202.62.9.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0 root@mail:~# ip route show default via 202.19.9.129 dev eth0 192.168.222.0/24 dev eth0 scope link src 192.168.222.205 192.168.223.0/24 via 192.168.222.1 dev eth0 202.19.9.128/28 dev eth0 proto kernel scope link src 202.62.9.132 root@mail:~#
jika kita coba traceroute dan ping
root@mail:~# traceroute 192.168.223.4 traceroute to 192.168.223.4 (192.168.223.4), 30 hops max, 60 byte packets 1 192.168.222.1 (192.168.222.1) 0.556 ms 0.490 ms 0.451 ms 2 192.168.223.4 (192.168.223.4) 1.481 ms 1.452 ms 1.414 ms root@mail:~#
root@mail:~# ping 192.168.223.4 PING 192.168.223.4 (192.168.223.4) 56(84) bytes of data. 64 bytes from 192.168.223.4: icmp_seq=1 ttl=63 time=1.08 ms 64 bytes from 192.168.223.4: icmp_seq=2 ttl=63 time=1.00 ms 64 bytes from 192.168.223.4: icmp_seq=3 ttl=63 time=1.05 ms ^C --- 192.168.223.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 1.000/1.046/1.083/0.043 ms root@mail:~#
selamat mencoba semoga bermanfaat 🙂
No Comments, Be The First!