1. Memasukkan IP Address ke masing-masing interface.
# Ip address add address xxx.xxx.xxx.xxx/xx interface lan
# Ip address add address xxx.xxx.xxx.xxx/xx interface wan 0
# Ip address add address xxx.xxx.xxx.xxx/xx interface wan 1
2. Membuat address list pada address list agar setip client tershaping semua
# ip firewall address-list add list=Client address=ip-lan-local
3. Membuat Mangle pada firewall
# ip firewall mangle add
0 chain=prerouting in-interface=LAN connection-state=new nth=1,2,0 src-address-list=Client action=mark-connection new-connection-mark=odd passthrough=yes
1 chain=prerouting in-interface=LAN connection-mark=odd action=add-src-to-address-list address-list=odd address-list-timeout=1d
2 chain=prerouting in-interface=LAN connection-mark=odd src-address-list=Client action=mark-routing new-routing-mark=odd passthrough=no
3 chain=prerouting in-interface=LAN connection-state=new nth=1,2,1 src-address-list=Client action=mark-connection new-connection-mark=even passthrough=yes
4 chain=prerouting in-interface=LAN connection-mark=even action=add-src-to-address-list address-list=even address-list-timeout=1d
5 chain=prerouting in-interface=LAN connection-mark=even src-address-list=Client action=mark-routing new-routing-mark=even passthrough=no
4. Membuat NAT
# ip firewall nat add
0 chain=srcnat routing-mark=odd action=src-nat to-addresses=ip-publik1 to-ports=0-65535
1 chain=srcnat routing-mark=even action=src-nat to-addresses=ip-publik2 to-ports=0-65535
2 chain=srcnat action=masquerade
5. Membuat IP Route
# Ip route add gateway xxx.xxx.xxx.xxx routing-mark conn-satu
# Ip route add gateway xxx.xxx.xxx.xxx routing-mark conn-dua
# Ip route add gateway xxx.xxx.xxx.xxx
# Ip address add address xxx.xxx.xxx.xxx/xx interface lan
# Ip address add address xxx.xxx.xxx.xxx/xx interface wan 0
# Ip address add address xxx.xxx.xxx.xxx/xx interface wan 1
2. Membuat address list pada address list agar setip client tershaping semua
# ip firewall address-list add list=Client address=ip-lan-local
3. Membuat Mangle pada firewall
# ip firewall mangle add
0 chain=prerouting in-interface=LAN connection-state=new nth=1,2,0 src-address-list=Client action=mark-connection new-connection-mark=odd passthrough=yes
1 chain=prerouting in-interface=LAN connection-mark=odd action=add-src-to-address-list address-list=odd address-list-timeout=1d
2 chain=prerouting in-interface=LAN connection-mark=odd src-address-list=Client action=mark-routing new-routing-mark=odd passthrough=no
3 chain=prerouting in-interface=LAN connection-state=new nth=1,2,1 src-address-list=Client action=mark-connection new-connection-mark=even passthrough=yes
4 chain=prerouting in-interface=LAN connection-mark=even action=add-src-to-address-list address-list=even address-list-timeout=1d
5 chain=prerouting in-interface=LAN connection-mark=even src-address-list=Client action=mark-routing new-routing-mark=even passthrough=no
4. Membuat NAT
# ip firewall nat add
0 chain=srcnat routing-mark=odd action=src-nat to-addresses=ip-publik1 to-ports=0-65535
1 chain=srcnat routing-mark=even action=src-nat to-addresses=ip-publik2 to-ports=0-65535
2 chain=srcnat action=masquerade
5. Membuat IP Route
# Ip route add gateway xxx.xxx.xxx.xxx routing-mark conn-satu
# Ip route add gateway xxx.xxx.xxx.xxx routing-mark conn-dua
# Ip route add gateway xxx.xxx.xxx.xxx
6. Memasukkan DNS
# ip dns set
primary-dns: 203.130.206.250
secondary-dns: 202.134.0.155
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 660KiB
Tidak ada komentar:
Posting Komentar