Senin, 19 Mei 2008

Menggunakan 2 ISP pakai mikrotik

Pengantar

Sesuaikan skenario dengan yang anda hadapi. Baca dahulu dengan teliti. Diasumsikan server Mikrotik memiliki 3 (tiga)

buah interfaces (NIC) dan dalam kondisi fresh install.

Skenario:

1. ISP Telkom-Speedy (ADSL)

IP Router ADSL(LAN): 192.168.0.254

IP DNS1: 202.134.0.155

IP DNS2: 202.134.2.5

2. ISP Diginet (Wireless)

IP: 203.81.187.62

IP Gateway: 203.81.187.62

IP DNS1: 203.81.185.12

IP DNS2: 203.81.185.13

Jumlah Komputer Internet: 50 pc –>

Network: 192.168.3.0/26 (Ip Address: 192.168.3.1 - 192.168.3.63 Netmask: 255.255.255.192)

Jumlah Komputer Games: 50 pc –>

Network: 192.168.3.64/26 (Ip Address: 192.168.3.65 - 192.168.3.128 Netmask: 255.255.255.192)

Skema Network:

Diginet—, ,—Speedy

| |

| |

203.81.187.62(ether2) 192.168.0.253(ether1)

[M i k r o t i k 2 . 9 . 6]

192.168.3.254/24 (ether3)

|

|

192.168.3.0/24

| |

Games: Internet:

192.168.3.64/26 192.168.3.0/26


Langkah-langkah:

1. Beri nama Interfaces Ether1-3 di [Interfaces]

Command:

/interface set ether1 name=Telkom

/interface set ether2 name=Diginet

/interface set ether3 name=Local

admin@BlueSky.Net] > interface print

Flags: X - disabled, D - dynamic, R - running

# NAME TYPE RX-RATE TX-RATE MTU

0 R Telkom ether 0 0 1500

1 R Diginet ether 0 0 1500

2 R Local ether 0 0 1500

2. Beri IP Address untuk masing-masing ethernet. [Ip - Interfaces]

Command:

/ip address add address=192.168.0.253/24 interface=Telkom

/ip address add address=203.81.187.62/24 interface=Diginet <— karena gak tahu netmasknya brp..

/ip address add address=192.168.3.0/24 interface=Local

[admin@BlueSky.Net] > ip address print

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.253/24 192.168.0.0 192.168.0.255 Telkom

1 192.168.3.254/24 192.168.3.0 192.168.3.255 Local

2 203.81.187.62/24 203.81.187.0 203.81.187.255 Diginet

3. Buat rule di [IP – Firewall - Mangle]:

- chain=prerouting src-address=192.168.3.0/26 action=mark-routing new-routing-mark=Internet

“untuk menandai paket yang berasal dari 192.168.3.0/26 dengan nama=Internet”

- chain=prerouting src-address=192.168.3.64/26 action=mark-routing new-routing-mark=Games

“untuk menandai paket yang berasal dari 192.168.3.64/26 dengan nama=Games”

Command:

/ip firewall mangle add chain=prerouting src-address=192.168.3.0/26 \

action=mark-routing new-routing-mark=Internet

/ip firewall mangle add chain=prerouting src-address=192.168.3.64/26 \

action=mark-routing new-routing-mark=Games

[admin@BlueSky.Net] ip firewall mangle> print

Flags: X - disabled, I - invalid, D - dynamic

0 chain=prerouting src-address=192.168.3.0/26 action=mark-routing

new-routing-mark=Internet passthrough=yes

1 chain=prerouting src-address=192.168.3.64/26 action=mark-routing

new-routing-mark=Games passthrough=yes

4. Set Gateway untuk masing-masing network. [IP - Route]

Command:

/ip route add gateway=192.168.0.254 dst-address=0.0.0.0/0 routing-mark=Internet

/ip route add gateway=203.81.187.1 dst-address=0.0.0.0/0 routing-mark=Games

[admin@BlueSky.Net] > ip route print

Flags: X - disabled, A - active, D - dynamic,

C - connect, S - static, r - rip, b - bgp, o - ospf

# DST-ADDRESS PREFSRC G GATEWAY DIS INTE…

0 ADC 192.168.0.0/24 192.168.0.253 Telkom

1 ADC 192.168.3.0/24 192.168.3.254 Local

2 ADC 203.81.187.0/24 203.81.187.62 Diginet

3 A S 0.0.0.0/0 r 192.168.0.254 Telkom

4 A S 0.0.0.0/0 r 203.81.187.1 Diginet

5. Buat rule nat-masquerade untuk network 192.168.3.0/24 [IP - Firewall - Nat]

Command:

/ip firewall nat add chain=srcnat src-address=192.168.3.0/24 action=masquerade

[admin@BlueSky.Net] > ip firewall nat print

Flags: X - disabled, I - invalid, D - dynamic

0 ;;; Masquerade Network 192.168.3.0/24

chain=srcnat src-address=192.168.3.0/24 action=masquerade

6. Buat script untuk melakukan cek gw dengan tools netwatch:

command

/system script add name=check-gw source={

:local R1

:local R2

:if ([/tool netwatch get R1 status]=up) do={:set R1 192.168.0.254}

:if ([/tool netwatch get R2 status]=up) do={:set R2 203.81.187.1}

/ip route set [/ip route find dst-address=0.0.0.0/0] \

gateway=($R1 . , . $R2)

}

/tool netwatch add comment=R1 host=192.168.0.254 interval=5s up-script=check-gw \

down-script=check-gw

/tool netwatch add comment=R2 host=203.81.187.1 interval=5s up-script=check-gw \

down-script=check-gw

Setting di Mikrotik sudah selesai.

Berikutnya, isikan IP address untuk tiap client Internet dengan IP Address mulai dari: 192.168.3.1 sampai 192.168.3.63.

Gunakan Netmask 255.255.255.192 agar workgroup terpisah dengan Games.

Jangan lupa berikan IP DNS Telkom di network-properties client Internet sesuai skenario di atas (202.134.0.155 dan

202.134.2.5).

Gateway diarahkan ke: 192.168.3.254.

Untuk Client Games isikan IP Address mulai dari: 192.168.3.65 sampai dengan 192.168.3.128.

Gunakan juga Netmask 255.255.255.192 jika menginginkan workgroup yang terpisah dengan Client untuk Internet.

Berikan IP DNS Diginet (203.81.185.12 dan 203.81.185.13) di network-propertiesnya.

Gateway diisikan dengan 192.168.3.254.

Selamat mencoba…

Diposting oleh di 1 komentar:
Label:
Langganan: Postingan (Atom)