Senin, 07 Januari 2013

Mode bridge di Vyatta



Mode bridge atau biasa disebut mode transparent, biasanya berfungsi sebagai transparent firewall, sehingga firewall tersebut tidak dapat terdeteksi dalam jaringan. Namun, untuk kemudahan administrasi, seringkali transparent firewall tersebut biasanya di set juga ip address untuk remote ssh.
Untuk membuat Vyatta berfungsi dalam mode bridge, berikut konfigurasi dasarnya.
firewall {
 broadcast-ping disable
 conntrack-tcp-loose enable
 ip-src-route disable
 log-martians enable
 name WAN-LOCAL {
 description "Local Wan Services"
 rule 4 {
 action accept
 description allow-icmp
 protocol icmp
 }
 rule 5 {
 action accept
 description "Allow E,R"
 state {
 established enable
 related enable
 }
 }
 }
 name WAN-TO-SF {
 rule 4 {
 action accept
 state {
 established enable
 related enable
 }
 }
 rule 5 {
 action accept
 description "Allow ICMP"
 protocol icmp
 }
 rule 6 {
 action accept
 destination {
 address 0.0.0.0/0
 }
 source {
 address 75.131.xxx.xxx/29
 }
 }
 }
 receive-redirects disable
 send-redirects disable
 syn-cookies enable
}
interfaces {
 bridge br0 {
 address 75.131.xxx.xxx/29
 aging 300
 description bridge-for-public-addresses
 disable false
 firewall {
 in {
 name WAN-TO-SF
 }
 local {
 name WAN-LOCAL
 }
 }
 forwarding-delay 15
 hello-time 2
 max-age 20
 priority 0
 stp false
 }
 ethernet eth2 {
 bridge-group {
 bridge br0
 }
 description "Physical Outside IF"
 duplex auto
 hw-id 00:00:d1:f0:7d:91
 speed auto
 }
 ethernet eth6 {
 duplex auto
 hw-id 00:13:49:17:40:6c
 speed auto
 vif 30 {
 bridge-group {
 bridge br0
 }
 description "Public IP Passthrough"
 }
 }
 loopback lo {
 }
}
protocols {
 static {
 route 0.0.0.0/0 {
 next-hop 75.131.xxx.xxx {
 }
 }
 }
}
service {
 nat {
 rule 10 {
 destination {
 address 0.0.0.0/0
 }
 outbound-interface br0
 protocol all
 source {
 address 172.22.42.0/24
 }
 type masquerade
 }
 }
}
system {
 gateway-address 75.131.xxx.xxx
 host-name vyatta
 ntp-server 69.59.150.135
 options {
 reboot-on-panic true
 }
 package {
 auto-sync 1
 repository community {
 components main
 distribution stable
 password ""
 url http://packages.vyatta.com/vyatta
 username ""
 }
 }
 time-zone GMT
}
Salam,
#Rooter

Tidak ada komentar:

Posting Komentar