Queue tree untuk warnet

catatan saya kali ini tentang seting queue di mikrotik untuk warnet…….saya memakai queue tree, kenap kok g pake simple queue……?? karena simple queue (versi mikrotik petani) idm bs lolos. lansung saja kita lihat dan kita buat :

asumsi  kecepatan internet :

download min=800k  max=1m

upload min =200k max =300k

1.      Set Ip Address

Code:

ip address add address=192.200.1.2/24 interface=ether1
ip address add address=192.168.1.1/24 interface=ether2

2.      Setting DNS

Code:

ip dns static add name=Sejahtera.com address=192.168.1.1
ip dns set primary-dns=202.134.1.10 secondary-dns=208.67.222.222 allow-remote-requests=yes

3.      Nat masquerade

Code:

ip firewall nat add chain=srcnat src-address=192.168.1.0/28 action=masquerade

4.      Member Gateway

Code:

ip route add gateway=192.168.1.1

5.      Membuat Mark Connection yang nantinya di pakai untuk memilah Paket

Code:

ip firewall mangle add chain=forward src-address=192.168.1.2 action=mark-connection new-connection-mark=server
ip firewall mangle add chain=forward src-address=192.168.1.3 action=mark-connection new-connection-mark=client1
ip firewall mangle add chain=forward src-address=192.168.1.4 action=mark-connection new-connection-mark=client2
ip firewall mangle add chain=forward src-address=192.168.1.5 action=mark-connection new-connection-mark=client3
ip firewall mangle add chain=forward src-address=192.168.1.6 action=mark-connection new-connection-mark=client4
ip firewall mangle add chain=forward src-address=192.168.1.7 action=mark-connection new-connection-mark=client5
ip firewall mangle add chain=forward src-address=192.168.1.8 action=mark-connection new-connection-mark=client6
ip firewall mangle add chain=forward src-address=192.168.1.9 action=mark-connection new-connection-mark=client7
ip firewall mangle add chain=forward src-address=192.168.1.10 action=mark-connection new-connection-mark=client8
ip firewall mangle add chain=forward src-address=192.168.1.11 action=mark-connection new-connection-mark=client9
ip firewall mangle add chain=forward src-address=192.168.1.12 action=mark-connection new-connection-mark=client10

6.      Membuat mark packet untuk Queue, yang didapat dari mark connection

Code:

ip firewall mangle add chain=forward connection-mark=server action=mark-packet new-packet-mark=server
ip firewall mangle add chain=forward connection-mark=client1 action=mark-packet new-packet-mark=client1
ip firewall mangle add chain=forward connection-mark=pc2 action=mark-packet new-packet-mark=client2
ip firewall mangle add chain=forward connection-mark=client3 action=mark-packet new-packet-mark=client3
ip firewall mangle add chain=forward connection-mark=client4 action=mark-packet new-packet-mark=client4
ip firewall mangle add chain=forward connection-mark=client5 action=mark-packet new-packet-mark=client5
ip firewall mangle add chain=forward connection-mark=client6 action=mark-packet new-packet-mark=client6
ip firewall mangle add chain=forward connection-mark=client7 action=mark-packet new-packet-mark=client7
ip firewall mangle add chain=forward connection-mark=client8 action=mark-packet new-packet-mark=client8
ip firewall mangle add chain=forward connection-mark=client9 action=mark-packet new-packet-mark=client9
ip firewall mangle add chain=forward connection-mark=client10 action=mark-packet new-packet-mark=client10

7.      Membuat Parent tertinggi Queue

Code:

queue tree add name=sejahtera parent=ether2 max-limit=10000000

8.      Membuat Queue download per terminal

Code:

queue tree add name=serverbiling packet-mark=server parent=sejahtera limit-at=128000 max-limit=512000
queue tree add name=client1 packet-mark=client1 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client2 packet-mark=client2 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client3 packet-mark=client3 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client4 packet-mark=client4 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client5 packet-mark=client5 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client6 packet-mark=client6 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client7 packet-mark=client7 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client8 packet-mark=client8 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client9 packet-mark=client9 parent=sejahtera limit-at=64000 max-limit=250000
queue tree add name=client10 packet-mark=client10 parent=sejahtera limit-at=64000 max-limit=250000

9.      Membuat Queue upload per terminal

queue tree add name=sejahteraup parent=ether1 max-limit=500000
queue tree add name=serverbilingup packet-mark=server parent=sejahteraup limit-at=200000 max-limit=300000
queue tree add name=client1up packet-mark=client1 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client2up packet-mark=client2 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client3up packet-mark=client3 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client4up packet-mark=client4 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client5up packet-mark=client5 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client6up packet-mark=client6 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client7up packet-mark=client7 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client8up packet-mark=client8 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client9up packet-mark=client9 parent=sejahteraup limit-at=20000 max-limit=30000
queue tree add name=client10up packet-mark=client10 parent=sejahteraup limit-at=20000 max-limit=30000

rfrensi :

http://www.forum.devilzc0de.com/printthread.php?tid=2532

Iklan
Dipublikasi di Uncategorized | Tag | 2 Komentar

PFsense RouterOS kaya fitur

perkenalan saya dengan pfsense adalah akhir 2008 tp saya baru bs explore akhir tahun 2009, menurut saya pfsense adalah routeroS yang sangat stabil, mulai dari system rounting,loadbalancing, DHCPserver,Radius server(hotspot) dan proxynya….yang membuat saya sangat suka adalah GUI (Grafic User Interface) mudah di pahami apalagi untuk saya yang buta akan jaringan.

disini kita tidak akan membahas bagaimana cara installnya karena menurut saya sangat mudah, tetapi lebih ke pengenalan fitur-fiturnya :

pertama kita akan mengunakan fitur setup wizard, ini adalah menu untuk mengatur secara manual router kita, sebenarnya waktu kita install pfsense sudah di set menjadi router default

pfsense

Gambar di ats adalah gambar setup untuk memulai seting router secara manual.

gambar diatas adlah gambar untuk mengatur Name server, domain dan DNS server

gambar diatas untuk mengatur time zone sesuai dengan keinginan

gambar diatas untuk mengatus WAN, di mana ada 4 pilihan yaitu :

DHCP : artinya WAN pfsense akan mengikuti Ip pada modem secara otomatis

static : adalah pengaturan di mana kita harus mengatur ip paka WAN interface pada pfsense serta gateway nya

PPPOE : ada lah mode dial up untuk membuat suatu koneksi, username dan password di sediakan dari ISP

PPTP :adalah sebuah protokol yang mengizinkan hubungan Point-to Point Protocol (PPP) melewati jaringan IP, dengan membuat Virtual Private Network (VPN). algorima enkripsi (40bit – 128bit)

untuk seting pengturan tersebut silahkan isi kolom-kolom sesuai dengan kebutuhan

gambar di atas untuk menentukan ip LAN sesuai dengan ke inginan

:

gambar diatas adalah gambar untuk menganti username dan password pada pfsense, secara default pfsense mempunyai  user dan password admin dan pfsense

untuk penyetingan di atas sudah bs menjadikan mesin Pfsense sebagai Router handal.

tulisan ini cukup sekian kritik dan saran sangat di butuhkan

Dipublikasi di Uncategorized | Tag | Meninggalkan komentar

SQUID di EASYHOTSPOT

Kita asumsikan ubuntu server telah terinstall paket LAMP, Ssh server dan yang lain (sesuai kebutuhan anda), langsung kita mulai…..
1. Update ubuntu:

=>apt-get update

2. Untuk memperbolehkan forward ke internet:

=> pico /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

3. buat data base….

=>mysqladmin -u root -pnirwana create hotspot

4. Buat user untuk database…..

=>mysql –u root –pnirwana
=> CREATE USER ‘easyhotspot’@’localhost’;
=>SET PASSWORD FOR ‘easyhotspot’@’localhost’ = PASSWORD(‘nirwana’);
=> GRANT ALL ON hotspot.* ‘easyhotspot’@’localhost’;

**kalo belom bs silahkan memakai webmin..
5. Membuat table billing easyhotspot….
1. Buat git core….

=>apt-get install git-core

2. Unduh file easyhotsgit clone

cd /opt
git clone git://easyhotspot.git.sourceforge.net/gitroot/easyhotspot/easyhotspot

3. memasukkan table billing ke database hotspot

=>cd /opt/easyhotspot/install
=> mysql -u root -pnirwana hotspot <easyhotspot_opensource_2010-10-21.sql

7. Seting freeradius……

=>pico /etc/freeradius/sql.conf
# Connection info:
server = “localhost”
#port = 3306
login = “easyhotspot” #sesuaikan dengan user
password = “nirwana” #sesuaikan dengan pass mysql
# Database table configuration for everything except Oracle
radius_db = “hotspot” #sesuaikan dengan data base
# If you are using Oracle then use this instead
# radius_db = “(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(POR$

8. Edit database pada easyhotspot…………

=>pico /opt/easyhotspot/htdocs/system/application/config/database.php
$db[‘default’][‘hostname’] = “127.0.0.1”;
$db[‘default’][‘username’] = “easyhotspot”;  sesuaikan dengan radius
$db[‘default’][‘password’] = “nirwana”;  sesuaikan dengan radius
$db[‘default’][‘database’] = “hotspot”;  sesuaikan dengan radius
$db[‘default’][‘dbdriver’] = “mysql”;

9. Untuk autenthikasi radius ke mysql…………….

=>pico /etc/freeradius/radiusd.conf

Uncomment:

$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf

Tambahkan di bawah instantiate :

max_all_mb
noresetcounter

untuk selanjutnya edit :

=>pico /etc/freeradius/sites-enabled/default

Uncomment sql pada bagian authorize dan tambahkan :

sql
max_all_mb
noresetcounter

kemudian uncomment baris sql di bagian accounting, session dan post-auth

Dan untuk menghitung data counter mysql client………..

=>pico /etc/freeradius/sql/mysql/counter.conf

Ganti tulisan dibawah ini :

sqlcounter noresetcounter {
dst
}

Dengan :

sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName=’%{%k}’”
}
sqlcounter max_all_mb {
counter-name = Max-All-MB
check-name = Max-All-MB
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(AcctInputOctets)/(1024*1024) + SUM(AcctOutputOctets)/(1024*1024) FROM radacct WHERE UserName=’%{%k}’”
}

10. Kemudia jalan kan radius :

=>/etc/init.d/freeradius stop
=>/usr/sbin/freeradius –X
=>/usr/sbin/freeradius

———-kalo tidak ada eror di lanjut…..
11. Install coovachilli…..

=>wget http://ap.coova.org/chilli/coova-chilli_1.2.4_i386.deb
=>dpkg -i coova-chilli_1.2.4_i386.deb

Aktiv kan coovachilli

=> pico /etc/default/chilli
START_CHILLI=0 ubah menjadi START_CHILLI=1

** apabila anda sudah pernah install chillispot, anda harus manual dengan cara

=>pico /etc/rc.local

Ketik :

/etc/init.d/chilli start

Edit file /etc/chilli/wwwsh

=>pico /etc/chilli/wwwsh
haserl=$(which haserl 2>/dev/null)

ubah menjadi :

haserl=/usr/local/bin/haserl

Edit file /etc/chilli/up.sh

=>pico  /etc/chilli/up.sh

Tambahkan scrip NAT di bawah :

# may not have been populated the first time; run again
[ -e “/var/run/chilli.iptables” ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

12. sekarang jalan kan perintah chilli….

/etc/init.d/chilli start

Install haserl…..

=>apt-get install gcc
=>wget http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz/download
=>tar -zxvf haserl-0.8.0.tar.gz
=>cd haserl-0.8.0;./configure;make;sudo make install

13. Lalu buat simlink easyhotspot :

Ln -s /opt/easyhotspot/htdocs /var/www/easyhotspot

Dari sini anda dapat mencoba dengan measang client di eth1/tun0, kalo IP client dapat DHCP artinya coova anda berjalan lancer, sekarang anda coba browsing, kalo tampilan captive portal muncul berarti hotspot anda sudah berjalan ….
Untuk seting billing easyhotsot selahkan anda masuk kan di browser:
http://ip-server/easyhotspot
kalo tampilany pengen di rubah silah kan oprek tamplate di /etc/chilli/www
kalo pengen rubah ip,DNs,dll oprek di /etc/chilli/defaults

Chilli.conf Harus sama dengan
radiussecret secret di /etc/freeradius/clients.conf in the “client localhost {}” section
uamsecret uamsecret di /etc/chilli/defaults

14. Install squid

=>apt-get install squid

Setting squid :

=>pico /etc/squid/squid.conf

Aktifkan transparent :
Ubah http_port 3128 menjadi http_port 3128 transparent
Bual Acl untuk ip yang didirect:
acl localnet src 10.1.0.0/24
uncooment http localnet :
http_access allow localnet
dari sini kita sudah membuat squid mengijinkan ip coova untuk masuk….kita juga telah membuat transparent proxy, untuk tuning selanjutny terserah anda……..
15. Kita buat iptable untuk direct semua permintaan client ke squid

=>pico /etc/chilli/up.sh

Masukkan ip table berikut di baris paling bawah

iptables -I INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
iptables -I INPUT -i tun0 -p tcp -m tcp –dport 3128 –syn -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -m tcp –dport 3128 -j DROP
iptables -A INPUT -i tun0 -j DROP

kemudian cek dengan :

tail -f /var/log/squid/access.log

16. Agar captive portal tidak bisa di bypass oleh proxy kita buat :

=>wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
=>tar -zxvf squid_radius_auth-1.10.tar.gz
=>cd squid_radius_auth-1.10/
=>make clean
=>make install
=>pico /etc/squid/squid.conf

Edit :

auth_param basic program /usr/local/squid/libexec/squid_radius_auth –h 10.1.0.1 –w testing123
#sesuaikan ip server anda dan password radius anda
auth_param basic children 5
auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off 

### ACL untuk Radius ###
acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH
http_access allow radiusauth

untuk sementara setingan squid.conf yang saya pake :

# WELCOME TO SQUID 2.7.STABLE9
# —————————-
# apabila squid anda berauthenthik/memakai radius
#————————Start——————————
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123
auth_param basic children 5
auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off 

### ACL untuk Radius ###
acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH
http_access allow radiusauth
# ————————–end——————————–

#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.1.0.0/24 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/24# RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# Squid normally listens to port 3128
http_port 3128 transparent
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
maximum_object_size_in_memory 8 MB
cache_dir ufs /var/spool/squid 5000 16 256
store_dir_select_algorithm least-load
minimum_object_size 0 KB
maximum_object_size 204800 KB
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload
# example line deb packages
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

 

selesaii…………smoga dengan catatan ini dapat memberi manfaat

kritik dan saran sangat di tunggu trimakasih

Dipublikasi di Uncategorized | Tag | Meninggalkan komentar

Catatan mikrotik RouterOS

siapa yang tidak tau mikrotik, sebuah RouterOS yang efektif dan efisien, meskipun saya tidak pernah memakai OS ini, tp untuk pengalaman saya akan mencatatny…….!
disini saya tidak akan membahas bagaimana install atau menyetingnya, tp bagai mana cara membuat script nya…agar kita tau bagai mana sebuah command di mikrotik dibuat agar saya tidak lupa……..
MikrotikOs sebenarny terdiri menu-menu, untuk melihat menu-menu tersebut kita dapat mengunakan tombol contoh :
Tab 2x    : untuk menampilkan sub menu
..(titik 2) : untuk keluar menu atau submenu
/               : keluar submenu langsung ke root
/ menu    : untuk masuk ke menu yang di inginkan

Anda masuk dengan login terlebih dahulu
Kemudian anda tekan tab :

Ini merupakan menu/folder yang ada pada mikrotik,
Misal kan ingin memasuki menu interface :
misalny kita lanjutkan masuk ke Ethernet :

langsung aja saya akan member contoh :

[admin@MikroTik] >interface ->enter
[admin@MikroTik] interface>Ethernet ->enter
[admin@MikroTik] interface ethernet>

Untuk keluar dari submenu satu persatu :

[admin@MikroTik] interface ethernet>.. > enter
[admin@MikroTik] interface>..                           –> enter
[admin@MikroTik] >

Atau :

[admin@MikroTik] interface Ethernet>/ ->enter
[admin@MikroTik] >

1. Contoh membuat menganti nama eth :
Command jadi :

[admin@MikroTik] > interface edit 0 name
publik
[admin@MikroTik] > interface edit 0 name
local

Step by step :

[admin@MikroTik] interface> edit ->enter
number: ether ->tab
ether1 ether2
number: ether1
value-name: ->tab
comment disabled mtu name rx-rate tx-rate
value-name: name
publik ->C+o[admin@MikroTik] interface> edit ->enter
number: ether ->tab
publik ether2
number: ether2
value-name: ->tab
comment disabled mtu name rx-rate tx-rate
value-name: name
local ->C+o

2. Contoh membuat ip di mikrotik
Command jadi :

[admin@MikroTik] > ip address add address 192.168.1.2/24 interface publik
[admin@MikroTik] > ip address add address 192.200.1.1/24 interface local

Step by step :

[admin@MikroTik] >ip ->enter
[admin@MikroTik] ip> –>tab
accounting dhcp-relay firewall packing service upnp
address dhcp-server hotspot pool socks vrrp
arp dns ipsec proxy telephony web-proxy
dhcp-client export neighbor route traffic-flow
[admin@MikroTik] ip> address ->enter
[admin@MikroTik] ip address> -> tab
add disable enable find print set
comment edit export get remove
[admin@MikroTik] ip address> add ->enter
address: 192.168.1.2/24
interface: publik
[admin@MikroTik] ip address> print ->enter
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.2/24 192.168.1.0 192.168.1.255 ether1[admin@MikroTik] >ip ->enter
[admin@MikroTik] ip> ->tab
accounting dhcp-relay firewall packing service upnp
address dhcp-server hotspot pool socks vrrp
arp dns ipsec proxy telephony web-proxy
dhcp-client export neighbor route traffic-flow
[admin@MikroTik] ip> address –>enter
[admin@MikroTik] ip address> –> tab
add disable enable find print set
comment edit export get remove
[admin@MikroTik] ip address> add ->enter
address: 192.200.1.2/24
interface:local
[admin@MikroTik] ip address> print ->enter
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.2/24 192.168.1.0 192.168.1.255 ether1
1 192.200.1.1/24 192.200.1.0 192.200.1.255 ether2
[admin@MikroTik] ip address>

3. Membuat gateway
Command jadi :

[admin@MikroTik] Ip route add gateway 192.168.1.1

Step by step :

[admin@MikroTik] > ip
[admin@MikroTik] ip>
accounting dhcp-relay firewall packing service upnp
address dhcp-server hotspot pool socks vrrp
arp dns ipsec proxy telephony web-proxy
dhcp-client export neighbor route traffic-flow
[admin@MikroTik] ip> route
[admin@MikroTik] ip route>
add disable enable find print rule unset
comment edit export get remove set
[admin@MikroTik] ip route> add gateway 192.168.1.1
[admin@MikroTik] ip route> print
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.1.0/24 192.168.1.2 publik
1 ADC 192.200.1.0/24 192.200.1.1 local
2 A S 0.0.0.0/0 r 192.168.1.1 publik
[admin@MikroTik] ip route>

4. Membuat NAT
Command jadi :

[admin@MikroTik] ip firewall nat add chain srcnat action masquerade out-interface publik
[admin@MikroTik] ip firewall nat> print
Flags: X – disabled, I – invalid, D – dynamic
0 chain=srcnat out-interface=public action=masquerade

step by step :

[admin@MikroTik] > ip
[admin@MikroTik] ip>
accounting dhcp-relay firewall packing service upnp
address dhcp-server hotspot pool socks vrrp
arp dns ipsec proxy telephony web-proxy
dhcp-client export neighbor route traffic-flow
[admin@MikroTik] ip> firewall
[admin@MikroTik] ip firewall>
address-list connection export filter mangle nat service-port
[admin@MikroTik] ip firewall> nat
[admin@MikroTik] ip firewall nat>
add edit find print reset-counters-all
comment enable get remove set
disable export move reset-counters unset
[admin@MikroTik] ip firewall nat> add chain srcnat action masquerade out-interface publik
[admin@MikroTik] ip firewall nat> print
Flags: X – disabled, I – invalid, D – dynamic
0 chain=srcnat out-interface=publik action=masquerade

kalo kita kumpulkan command-command diatas akan menjadi router mikrotik, dengan asumsi ip modem 192.168.1.1 dan DNS 202.134.1.10 :

[admin@MikroTik] > interface edit 0 name
publik
[admin@MikroTik] > interface edit 0 name
local
[admin@MikroTik] > ip address add address 192.168.1.2/24 interface ether1
[admin@MikroTik] > ip address add address 192.200.1.1/24 interface ether2
[admin@MikroTik]> Ip route add gateway 192.168.1.1
[admin@MikroTik] >ip firewall nat add chain srcnat action masquerade out-interfa
ce public
[admin@MikroTik] > ip dns set primary-dns 202.134.1.10 secondary-dns 208.67.222.222
Dipublikasi di Uncategorized | Tag | Meninggalkan komentar

Squid dengan Router ubuntu

Biar saya tidak lupa dengan proxy saya, maka saya buat catatn ini

Kita asumsikan router ubuntu telah terinstall dengan baik, apa bila belom silahkan ikuti langkah2 untuk membuat router ubuntu, seperti :

https://catatanfaish.wordpress.com/2010/12/13/ubuntu-router/

oke pertama kita install squid :

=>apt-get install squid

Untuk squid3 :

=>Apt-get install squid3

Kemudian edit squid.conf :

=>pico /etc/squid/squid.conf

Edit di bagian :

http_port 3128  http_port 3128 transparent 

acl localnet src 192.168.0.0/24  sesuaikan dengan ip yang di direct squid (ip eth1)

#http_access allow localnet  uncomment /hilangkan “#”

Dari sini kita dah bs jaln kan squid, tetapi minimal….sementara tweaking saya :

# WELCOME TO SQUID 2.7.STABLE9 

# —————————-

# apabila squid anda berauthenthik/memakai radius#————————Start——————————

auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123

auth_param basic children 5

auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN

auth_param basic credentialsttl 24 hours

auth_param basic casesensitive off

### ACL untuk Radius ###

acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH

http_access allow radiusauth

# ————————–end——————————–

#Recommended minimum configuration:

acl all src all

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.1.0.0/24 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/24# RFC1918 possible internal network

#

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

#Recommended minimum configuration:

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Only allow purge requests from localhost

http_access allow purge localhost

http_access deny purge

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

#Allow ICP queries from local networks only

icp_access allow localnet

icp_access deny all

# Squid normally listens to port 3128

http_port 3128 transparent

#We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

cache_mem 128 MB

maximum_object_size_in_memory 8 MB

cache_dir ufs /var/spool/squid 5000 16 256

store_dir_select_algorithm least-load

minimum_object_size 0 KB

maximum_object_size 204800 KB

cache_swap_low 90

cache_swap_high 95

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880

refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire

refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire

refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire

refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire

refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire

refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire

refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims

refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims

refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload

# example line deb packages

#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600

refresh_pattern . 0 20% 4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

extension_methods REPORT MERGE MKACTIVITY CHECKOUT

update 1:

disini

kemudian kita buat iptable untuk direct client ke squid :

=>pico /etc/rc.local

Tambahkan iptable ini …………………..

mengunakan ubuntu router :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

apabila mengunakan mikrotik, maka buat rule di mikrotik :

ip firewall nat add action=dst-nat chain=dstnat comment=”” src-address=<networ kproxy address> disabled=no dst-port=80 protocol=tcp to-addresses=<proxy address> to-ports=<proxy port>

ato kalo pengen panjang :

ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.200.1.1 to-ports=3128 \ 

protocol=tcp src-address=!192.200.1.0 src-address-list=192.200.1.2,192.200.1.3,192.200.1.4 \

in-interface=ether1 dst-port=80

kemudian simpan dan reboot

cek mengunakan :

tail –f /var/log/squid/access.log

cek perform :

squidclient -h 192.168.1.x -p 3128 mgr:info

squidclient -h 127.0.0.1 mgr:info

kalo menginginkan DHCP silahkan ikuti :

https://catatanfaish.wordpress.com/2010/12/15/dinamic-host-configuration-protokol-dhcp-server-di-ubuntu/

untuk membuat beberapa cache directiry :

misalny kita buat di home :

root@faish:/home#mkdir proxy1

root@faish:/home#chmod 777 proxy1

ulangi hingga bebrapa direktory

stop squid :

/etc/init.d/squid stop

atau

squid -K shutdown

lalu edit di squid.conf pada bagian :

cache_dir aufs /home/proxy1 10400 32 256

cache_dir aufs /home/proxy2 10400 32 256

sesuiakan tempat dan folder..

buat perintah untuk permision di proxy :

root@faish:/home# chown -R proxy.proxy /home/proxy1

root@faish:/home# chown -R proxy.proxy /home/proxy2

kemudian  buat swap untuk cache_dir :

root@faish:/home#squid -z                atau

squid -f /etc/squid/squid.conf –z

lalu jalankan lagi squid anda :

/etc/init.d/squid start                          atau

squid s-CYs

untuk menghapus isi cache :

hentikan terlebih dahulu squid

kemudian hapus semua subdiektory

rm –fdR /home/squid1

rm –fdR /home/squid2

kemudian bangun lagi swap /subdirektori

squid -z

setelah selesai, statrt kembali squid anda

kalo ada masukan dan kritikan silahkan tinggalkan comment…

trimakasih

Dipublikasi di Uncategorized | Tag | 1 Komentar

Dinamic Host Configuration Protokol (DHCP) Server di ubuntu

1. Instalasi
=> Apt-get Install dhcp3-server
2. configurasi
=> pico /etc/dhcp3/dhcpd.conf
# A slightly different configuration for an internal subnet.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.254;
option domain-name-servers 202.134.1.10;
option domain-name “internal.example.org”;
option routers 192.168.1.1;
option broadcast-address 192.168.1.254;
default-lease-time 600;
max-lease-time 7200;
}

3. mengaktiv kan interface
=>pico /etc/default/dhcp3-server
isikan interface yang akan di buat dhcp server, misal nya:
INTERFACES=”eth1″
jika inginkan multi interface /lebih dari 1 interface :
INTERFACES=” eth1 eth2″

jika inginkan memasang Netbios tambahkan :
option netbios-name-servers 192.168.1.1;

**di asumsikan eth1 IP 192.168.1.1

selamat mencoba………….

refrensi :
https://help.ubuntu.com/community/dhcp3-serve

Dipublikasi di Uncategorized | Tag | Meninggalkan komentar

install FTP server di ubuntu

kita asumsikan ubuntu telah terinstall dengan baik dan sudah update
=>apt-get install ftpd
kemudian anda harus mencari program ftp client, seperti :
filezilla : filezilla-project.org/download.php
smartftp : http://www.smartftp.com/
ftpclient : http://www.ftpclient.org
atau yang lain….silahkan pilih program kesayangan anda

lalu masukkan ip server, user dan password di ftp client anda……lalu connect

Dipublikasi di Uncategorized | Tag | Meninggalkan komentar