Mode bridge di Vyatta

Mode bridge atau biasa disebut mode transparent, biasanya berfungsi sebagai transparent firewall, sehingga firewall tersebut tidak dapat terdeteksi dalam jaringan. Namun, untuk kemudahan administrasi, seringkali transparent firewall tersebut biasanya di set juga ip address untuk remote ssh.

Untuk membuat Vyatta berfungsi dalam mode bridge, berikut konfigurasi dasarnya.

firewall {
 broadcast-ping disable
 conntrack-tcp-loose enable
 ip-src-route disable
 log-martians enable
 name WAN-LOCAL {
 description "Local Wan Services"
 rule 4 {
 action accept
 description allow-icmp
 protocol icmp
 }
 rule 5 {
 action accept
 description "Allow E,R"
 state {
 established enable
 related enable
 }
 }
 }
 name WAN-TO-SF {
 rule 4 {
 action accept
 state {
 established enable
 related enable
 }
 }
 rule 5 {
 action accept
 description "Allow ICMP"
 protocol icmp
 }
 rule 6 {
 action accept
 destination {
 address 0.0.0.0/0
 }
 source {
 address 75.131.xxx.xxx/29
 }
 }
 }
 receive-redirects disable
 send-redirects disable
 syn-cookies enable
}
interfaces {
 bridge br0 {
 address 75.131.xxx.xxx/29
 aging 300
 description bridge-for-public-addresses
 disable false
 firewall {
 in {
 name WAN-TO-SF
 }
 local {
 name WAN-LOCAL
 }
 }
 forwarding-delay 15
 hello-time 2
 max-age 20
 priority 0
 stp false
 }
 ethernet eth2 {
 bridge-group {
 bridge br0
 }
 description "Physical Outside IF"
 duplex auto
 hw-id 00:00:d1:f0:7d:91
 speed auto
 }
 ethernet eth6 {
 duplex auto
 hw-id 00:13:49:17:40:6c
 speed auto
 vif 30 {
 bridge-group {
 bridge br0
 }
 description "Public IP Passthrough"
 }
 }
 loopback lo {
 }
}
protocols {
 static {
 route 0.0.0.0/0 {
 next-hop 75.131.xxx.xxx {
 }
 }
 }
}
service {
 nat {
 rule 10 {
 destination {
 address 0.0.0.0/0
 }
 outbound-interface br0
 protocol all
 source {
 address 172.22.42.0/24
 }
 type masquerade
 }
 }
}
system {
 gateway-address 75.131.xxx.xxx
 host-name vyatta
 ntp-server 69.59.150.135
 options {
 reboot-on-panic true
 }
 package {
 auto-sync 1
 repository community {
 components main
 distribution stable
 password ""
 url http://packages.vyatta.com/vyatta
 username ""
 }
 }
 time-zone GMT
}

Salam,
#Rooter

referensi: Vyatta forum.

You can leave a response, or trackback from your own site.

5 Responses to “Mode bridge di Vyatta”

  1. Routegeek says:

    Routegeek…

    […] something about routegeek[…]…

  2. Ebooks says:

    What is your RSS feed URL? I’d like to add to my feedburner.

  3. Jutta Pavon says:

    VMware IT Services for reducing your overall server count

  4. LCD TV says:

    Hi there I like your post

  5. Zoey says:

    Mode bridge di vyatta.. Bang-up 🙂

Leave a Reply

*

Topik Populer: vyatta transparent firewall, mode bridge, vyatta firewall br0, vyatta bridge mode, Vyatta bridge firewall, vyatta transparent bridge, vyatta bridge, vyatta wireless bridge, vyatta as transparent firewall, vyatta bridge interfaces

Powered by WordPress | iCellPhoneDeals.com Offers Free Wireless Deals. | Thanks to Bestincellphones.com Verizon Cell Phones, Best CD Rates Online and Fat Burning Furnace Review