Sekenario :
Rencana Akan menghubungkan subdomain kedalam webserver Lokal di belakang Mikrotik
di dalam jaringan Internal kita terdatap 3 webserver yang akan kita publiskan melalui IP publik kita.
Webserver 1 –> 192.168.1.250 —> www.sub1.AAA.com
Webserver 2 —> 192.168.1.100 —> www.sub2.AAA.com
webserver 3 —> 192.168.55.2 —> www.sub3.AAA.com
IP publik Kita —-> 118.96.XX.YY
1. Konfigurasi Web Proxy Internal
1
2
3
4
5
| /ip web-proxy set enabled= yes src-address=0.0.0.0 port=8080 hostname = "server-lokal" \ transparent-proxy= yes parent-proxy=0.0.0.0:0 \ cache-administrator= "masagun@gmail.com" max-object-size=1096KiB cache-drive=system \ max-cache-size=2024 max- ram -cache-size=unlimited |
1
2
3
| /ip web-proxy access add dst-port=23-25 action=deny comment= "block telnet & spam e-mail relaying" \ disabled=no |
1
2
3
4
5
6
| /ip dns static add name=sub1.AAA.com address=192.168.1.250 /ip dns static add name=sub2.AAA.com address=192.168.1.100 /ip dns static add name=sub3.AAA.com address=192.168.55.2 /ip dns static add name=www.sub1.AAA.com address=192.168.1.250 /ip dns static add name=www.sub2.AAA.com address=192.168.1.100 /ip dns static add name=www.sub3.AAA.com address=192.168.55.2 |
1
2
3
| /ip firewall nat add chain=dstnat in -interface=pppoe1-speedy dst-address=118.96.XX.YY protocol=tcp \ dst-port=80 action=redirect to-ports=8080 comment= "" disabled=no |
diharapkan dengan rule diatas akan berjalan seperti ini:
saat mengakses subdomain —: sub1.AAA.com
Interner —-> 118.96.XX.YY:80 —> 118.96.XX.YY:8080 —> 192.168.1.250
Catatan :
Untuk Kemanan jangan Lupa menerapkan rule berikut
1
2
3
4
5
| /ip proxy access add dst-port=80 dst-host= "sub1.AAA.com" action=allow disabled=no add dst-port=80 dst-host= "sub2.AAA.com" action=allow disabled=no add dst-port=80 dst-host= "sub3.AAA.com" action=allow disabled=no add action=deny disabled=no |
sumber
No comments:
Post a Comment