Load Balancing Linux

21 02 2010

refrensi dari Pak Onno W Purbo

topologi jaringan

Sambungan ADSL melalui eth1 IP address 192.168.1.2/24 dengan gateway router ADSL pada IP 192.168.1.1/24

Sambungan WIFI melalui eth2 IP address 192.168.5.1/24 melalui WiFi / Wireless dengan gateway 192.168.5.1/24

Sambungan LAN melalui eth0 IP address 192.168.0.254/24

ISP 1
192.168.1.1/24 (ISP1)
192.168.1.2/24 (eth1)

SIP2
192.168.5.1/24 (ISP2)

192.168.5.2/24 (eth2)

ROUTER
192.168.0.254/24 (eth0)

#set IP NIC di /etc/network/interface

auto eth0
iface eth0 inet static
address 172.31.53.254
netmask 255.255.255.192

auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0

auto eth2
iface eth2 inet static
address 192.168.5.2
netmask 255.255.255.0

#tambah routing di /etc/iproute2/rt_tables

120 hsp
121 telkom
123 rtrw

#set routing dan load balancing

/sbin/ip link set lo up
/sbin/ip link set eth0 up
/sbin/ip link set eth1 up
/sbin/ip link set eth2 up

/sbin/ip route flush table hsp
/sbin/ip route flush table telkom
/sbin/ip route flush table rtrw

/sbin/ip rule add prio 10 table main
/sbin/ip rule add prio 20 table hsp
/sbin/ip rule add prio 30 table telkom
/sbin/ip rule add prio 40 table rtrw

/sbin/ip rule add prio 20 from 192.168.5.0/24 table hsp
/sbin/ip route add default via 192.168.5.1 dev eth2 src 192.168.5.2 proto static table hsp
/sbin/ip route append prohibit default table hsp metric 1 proto static

/sbin/ip rule add prio 30 from 192.168.1.0/24 table telkom
/sbin/ip route add default via 192.168.1.1 dev eth1 src 192.168.1.2 proto static table telkom
/sbin/ip route append prohibit default table telkom metric 5 proto static

# Set up load balancing gateways
/sbin/ip rule add prio 40 table rtrw
/sbin/ip route add default proto static table rtrw \
nexthop via 192.168.5.1 dev eth2 weight 1 \
nexthop via 192.168.1.1 dev eth1 weight 1

#set NAT / proxy untu melakukan NAT ke dua (2) interface yang berbeda

/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp -s 0/0 –-dport 25 -j ACCEPT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -i eth2 -j REJECT –-reject-with tcp-reset
/sbin/iptables -A INPUT -p udp -i eth1 -j REJECT -–reject-with icmp-port-unreachable
/sbin/iptables -A INPUT -p udp -i eth2 -j REJECT –-reject-with icmp-port-unreachable

/sbin/iptables -t nat -A POSTROUTING -o eth2 -j SNAT –-to 192.168.5.2
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT -–to 192.168.1.2

#set transparen proxy

/sbin/iptables -t nat -A PREROUTING -i eth0 -p TCP –dport 80 -j REDIRECT –to-port 3128

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




%d bloggers like this: