By Niammuddin Mz
June 27, 2025

Redirect ICMP dan IP tertentu di Juniper OS

 Berikut adalah konfigurasi lengkap dan siap pakai di Juniper untuk membelokkan:

1. ICMP ke 8.8.8.8 dan 8.8.4.4

2. DNS (UDP/TCP port 53) ke DNS server lokal

Semua trafik dari klien akan diarahkan ke Mikrotik atau server lokal tanpa menyentuh routing utama (inet.0) dan tanpa NAT.

🧱 TOPOLOGI CONTOH:

  • Klien masuk via interface em2, IP klien: 203.0.4.0/24

  • Mikrotik/server DNS:

    • Interface ke Juniper: em3, IP: 10.0.1.2

    • IP spoofed:

      • 8.8.8.8/32 dan 8.8.4.4/32

      • 1.1.1.1/32 (contoh DNS lokal lainnya)

⚙️ KONFIGURASI LENGKAP JUNIPER

1. 🔧 Routing-instances untuk ICMP dan DNS

set routing-instances ICMP-REDIRECT instance-type forwarding
set routing-instances ICMP-REDIRECT routing-options static route 0.0.0.0/0 next-hop 10.0.1.2

set routing-instances DNS-REDIRECT instance-type forwarding
set routing-instances DNS-REDIRECT routing-options static route 0.0.0.0/0 next-hop 10.0.1.2

2. 🧠 RIB Group untuk share route interface

set routing-options rib-groups FBF-GROUP import-rib ICMP-REDIRECT.inet.0
set routing-options rib-groups FBF-GROUP import-rib DNS-REDIRECT.inet.0
set routing-options rib-groups FBF-GROUP import-rib inet.0
set routing-options interface-routes rib-group inet FBF-GROUP

3. 🔥 Firewall Filter gabungan untuk redirect

set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8888 from destination-address 8.8.8.8/32
set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8888 from protocol icmp
set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8888 then routing-instance ICMP-REDIRECT

set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8844 from destination-address 8.8.4.4/32
set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8844 from protocol icmp
set firewall family inet filter CLIENT-REDIRECT term ICMP-to-8844 then routing-instance ICMP-REDIRECT

set firewall family inet filter CLIENT-REDIRECT term DNS-UDP from protocol udp
set firewall family inet filter CLIENT-REDIRECT term DNS-UDP from destination-port 53
set firewall family inet filter CLIENT-REDIRECT term DNS-UDP then routing-instance DNS-REDIRECT

set firewall family inet filter CLIENT-REDIRECT term DNS-TCP from protocol tcp
set firewall family inet filter CLIENT-REDIRECT term DNS-TCP from destination-port 53
set firewall family inet filter CLIENT-REDIRECT term DNS-TCP then routing-instance DNS-REDIRECT

set firewall family inet filter CLIENT-REDIRECT term default then accept

4. 🎯 Terapkan filter ke interface klien

set interfaces em2 unit 0 family inet filter input CLIENT-REDIRECT

5. 🔍 Validasi konfigurasi

run show route table ICMP-REDIRECT.inet.0
run show route table DNS-REDIRECT.inet.0
run show firewall filter CLIENT-REDIRECT

✅ HASIL AKHIR

Jenis Trafik Target Dialihkan ke
ICMP ke 8.8.8.8 / 8.8.4.4 Google DNS Server lokal via routing-instance
UDP/TCP port 53 ke DNS publik mana pun DNS Server lokal via routing-instance


Labels:

Powered By Blogger | Privacy Policy