Sebelumnya makasi om tutorialnya
dua sapidi ter-LB dengan baik.
nah ini ada masalah dikit, ini karena saya butuh DMZ di belakang router LB.
nah saya mau akses web server di belakang, pake dst-nat sudah sukses om
cuman ini koneksi ga stabil
oya saya buka dst-nat ini di satu iface saja
saya kira karena trafik web server "ter-LB" (conn-mark nya ganti2)
tapi saya amati di ip fi conn ternyata tidak, karena hanya datang di satu iface saja jadi tidak mgkn dikasih label beda.
sudah coba bikin mangle buat memastikan koneksi dari luar, keluar dan masuk lewat 1 iface saja, tetep aja ga stabil.
mgkn ada solusi om, puyeng juga nih 
nih sedikit config-nya Om
mangle
Code:
0 ;;; LB
chain=input action=mark-connection new-connection-mark=ADSL1 passthrough=yes connection-state=new in-interface=26
1 chain=input action=mark-connection new-connection-mark=ADSL2 passthrough=yes connection-state=new in-interface=27
2 chain=output action=mark-routing new-routing-mark=jalur1 passthrough=no connection-mark=ADSL1
3 chain=output action=mark-routing new-routing-mark=jalur2 passthrough=no connection-mark=ADSL2
4 chain=prerouting action=mark-connection new-connection-mark=ADSL1 passthrough=yes dst-address-type=!local in-interface=ether4
per-connection-classifier=both-addresses-and-ports:2/0
5 chain=prerouting action=mark-connection new-connection-mark=ADSL2 passthrough=yes dst-address-type=!local in-interface=ether4
per-connection-classifier=both-addresses-and-ports:2/1
6 chain=prerouting action=mark-routing new-routing-mark=jalur1 passthrough=yes in-interface=ether4 connection-mark=ADSL1
7 chain=prerouting action=mark-routing new-routing-mark=jalur2 passthrough=yes in-interface=ether4 connection-mark=ADSL2
8 chain=input action=accept in-interface=ether4
9 chain=input action=accept in-interface=26
10 chain=input action=accept in-interface=27
ip address
Code:
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.3.1.254/24 10.3.1.0 10.3.1.255 ether4
1 D 110.138.215.xx/32 110.138.215.1 0.0.0.0 27
2 D 110.138.215.xx/32 110.138.215.1 0.0.0.0 26
ip route
Code:
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=26 gateway-status=26 reachable distance=1 scope=30 target-scope=10 routing-mark=jalur1
1 A S dst-address=0.0.0.0/0 gateway=27 gateway-status=27 reachable distance=1 scope=30 target-scope=10 routing-mark=jalur2
2 A S ;;; Default gateway
dst-address=0.0.0.0/0 gateway=27 gateway-status=27 reachable distance=1 scope=30 target-scope=10
3 S ;;; Failover check gateway
dst-address=0.0.0.0/0 gateway=26 gateway-status=26 reachable check-gateway=ping distance=2 scope=30 target-scope=10
4 A S dst-address=10.1.1.0/24 gateway=10.3.1.1 gateway-status=10.3.1.1 reachable ether4 distance=1 scope=30 target-scope=10
5 A S dst-address=10.2.3.0/24 gateway=10.3.1.1 gateway-status=10.3.1.1 reachable ether4 distance=1 scope=30 target-scope=10
6 A S dst-address=10.2.4.0/24 gateway=10.3.1.1 gateway-status=10.3.1.1 reachable ether4 distance=1 scope=30 target-scope=10
7 ADC dst-address=10.3.1.0/24 pref-src=10.3.1.254 gateway=ether4 gateway-status=ether4 reachable distance=0 scope=10
8 ADC dst-address=110.138.215.1/32 pref-src=110.138.215.xx gateway=27,26 gateway-status=27 reachable,26 reachable distance=0 scope=10
dst-nat
Code:
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; NAT-ed to 110.138.215.xx
chain=srcnat action=masquerade out-interface=26
1 ;;; NAT-ed to 110.138.215.yy
chain=srcnat action=masquerade out-interface=27
2 ;;; Open Port 80 to 110.138.215.xx
chain=dstnat action=dst-nat to-addresses=10.3.1.aa to-ports=80 protocol=tcp in-interface=26 dst-port=80