RSS
 

Posts Tagged ‘Networking’

Evolution from Debian to Mikrotik DOM Lvl6

05 Nov

At least my debian box that act as router has changed with Mikrotik DOM lvl 6.. It only bear up for only 2 weeks until I changed it. With the same network topology as router before (debian mode), it easier to config network rules using mikrotik, especially using winbox tools that has GUI that make router config more user friendly without concerning terminal script :D

A lot of stuff  I plugged in this DOM.

  1. NAT masquerrade
  2. Transparet proxy with automatic clearing cache
  3. IP forwarding classified by port number to communicate between local server to public clients
  4. Porn sites blocking using firewall, even if I upset with this thing :P

Everything seems fine and it works with a good performance.

Problem came up when I try to set one more network interface that provide an ip public. I planned to use this IP so that web server can accessed over internet. But when i started to config it, the network became mess. User in local area network can be browsing with URL method. Send ICMP Packet to public gateway made a normal reply from it. I really suspicious with the DNS configuration and routing stuff.. Hmm it needs more routing rules I think,,ehmm I rather lazzy to think and configure about it again when I found that I still have one more mikrotik router in Routerbox 450G.

Routerboard 450G, hmm I can use it as a brigde to connecting ip public to web server directly without through NAT server.. Hehehehe. Obviously the setup process is more complicated then DOM. We have to connect to routerboard using its Mac Address and winbox. 2 days I was thinking to manage this RB 450 G and at least I succeded to config this RB 450G.

Tommorow will be an execution day to make IP public setting using RB 450G. Friday — pararell with Software Development Document that will be consult with the client,,,hope will be no more problem in it.

 

Debian Box as Router Gateway – NAT mode ON

24 Jul

Network layout seems like this

Set net interface :

debian:~# nano /etc/network/interfaces
auto eth1
iface eth1 inet static
address 10.2.1.254
netmask 255.255.255.0
network 10.2.1.0
broadcast 10.2.1.255
gateway 10.2.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 222.124.199.71
iface eth0 inet static
address 172.15.0.254
netmask 255.255.0.0
broadcast 172.15.255.255

change file /etc/sysctl.conf parameters.
net.ipv4.conf.default.forwarding=1
net.ipv6.conf.default.forwarding=1

Allowing ip forwarding from local network 172.15.0.0/16 to public network  10.2.1.0/24
debian:~# iptables -t nat -A POSTROUTING -o eth1 -s 172.15.0.0/16 -d 0/0 -j MASQUERADE

Allowing public network client  to access local server 172.15.101.79 through 82 port

Port 82
debian:~# iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 82 -j DNAT –to 172.15.101.79:82

//change –dport  and –to parameters to expand your network policy about which server that will be accessible from public client

regards

 
 
 

Switch to our mobile site