Konfigurasi DNS Unbound Ubuntu

Written by Bima Firewall 0 comments Posted in:

keunggulan dari dns unbound  adalah simple dan bisa dituning lebih tinggi. jadi belum dikasih squid saja udah cepet sekali koneknya heuheuhue.
OK kangsung saja ini panduannya yang benar wkwkwkkwkw di internet ga ada yang benar.
cari referensi sulit yaa langsung ke web alsina aja wess website unbound ambil dengan wget di putty
sebelumnya uninstall dulu bind9 dengan tasksel 



# tasksel

hilangkan tanda bintang pada dns-server dengan tombol space

[ * ] Server DNS

jadi

[   ] Server DNS

install DNS UNBOUND

# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# chown unbound:root unbound_*
# chmod 440 unbound_*


saya menganjurkan backup unbound.conf dulu sebelum diobok-obok

# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.asli

hapus semua isi tulisan file /etc/unbound/unbound.conf dan isikan ini

server:

verbosity: 1
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no

interface: 192.168.2.2 # saya revisi harus ada lan / eth1
interface: 127.0.0.1

# penggunaan cpu, nilai 1 = no threading, nilai 2 = go threading
num-threads: 2

# nilai 2 kali dari  num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4 

# gunakan 1/10 dari memory misal memory 512 mb
# msg-cache size = 512 / 10 = 51,2 ato 50 m
# untuk rrset-cache-size = msg-cache-size X 2
rrset-cache-size: 100m
msg-cache-size: 50m   

# rumus untuk single core pentium 4 adalah memory : 2
# sedangkan untuk dual core dan lainya rumusnya 1024/cores - 50
outgoing-range: 256

# Larger socket buffer.  OS may need config.
so-rcvbuf: 4m

num-queries-per-thread: 1024
     
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
        
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
        
key-cache-size: 4m

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

access-control: 0.0.0.0/0 refuse
access-control:192.168.2.0/24 allow # saya revisi juga harus ada lan / eth1
access-control: 127.0.0.0/8 allow
    
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
      
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address:192.168.2.0/24 # saya revisi harus ada lan / eth1
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"

#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
     
#zone cjmedia.net, samakan dengan dhcp
local-zone: "cjmedia.net." static
local-data: "cjmedia.net. 86400 IN NS ns1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN SOA cjmedia.net. hostmaster.cjmedia.net. 3 3600 1200 604800 86400"
local-data: "cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "www.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "ns1.cjmedia.net. 86400 IN A 192.168.2.2" # sama didhcp server

# layanan mail
local-data: "mail1.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "cjmedia.net. 86400 IN MX 10 mail1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN TXT v=spf1 a mx ~all"
# dns bind hanya diremove systemnya bukan file nya dengan tasksel
local-zone: "168.192.in-addr.arpa." static
local-data: "168.192.in-addr.arpa. 10800 IN NS cjmedia.net."
local-data: "168.192.in-addr.arpa. 10800 IN SOA cjmedia.net. hostmaster.cjmedia.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR cjmedia.net."

forward-zone:
name: "."
forward-addr:192.168.2.2 # ini saya revisi forward dns local harus ada
forward-addr: 180.131.144.144
forward-addr: 180.131.145.145
# anda bisa menambah lebih banyak lagi dns spidol
                     
remote-control:

control-enable: yes
control-interface:192.168.2.2 # saya revisi lan / eth1 harus ada
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"

save dan tutup kemudian check konfigurasi unbound diputty

# unbound-checkconf /etc/unbound/unbound.conf

jika komeng keluarnya gini

unbound-checkconf: no errors in /etc/unbound/unbound.conf


berarti konfigurasi sudah betul.
tambahkan dns option pada file /etc/network/interfaces agar modem bisa mengarah ke localhost 127.0.0.1
buka file /etc/network/interfaces. tambahakan baris berikut setelah gateway modem dan sebelum auto eth1
lihat tulisan merah


auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1

# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1

auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255


save dan restart networking


# services networking restart


restart unbound

# /etc/init.d/unbound restart


kemudian check dns lookup dengan cara


# nslookup
> 192.168.2.2
> 127.0.0.1
> localhost
> cjmedia.net
> www.cjmedia.net
> mail1.cjmedia.net
> google.com
> yahoo.com
> gmail.com
> exit


jika tidak ada masalah maka sudah benar dan reboot kompie anda


# reboot

lihat prosesnya di kompi ubuntu server jika lihat prosesnya berarti sudah ok


recursive DNS server unbound                                            [ OK ]

Read more

Setting pdnsd di Ubuntu Server

Written by Bima Firewall 0 comments Posted in:

Pdnsd adalah DNS cache proxy...Proses meminta terjemahan nama domain ke IP address ini dari komputer kita ke DNS server ISP tidak lama, rata-rata memakan waktu 500 milidetik, alias setengah detik. namun bayangkan jika DNS server ISP itu bisa kita pindahkan ke dalam jaringan lokal di rumah, maka proses penerjemahan nama domain tadi bisa disingkat sampai cuma tinggal 1 milidetik. jika seharian kita melakukan ratusan permintaan penerjemahan nama domain, banyak waktu yang bisa dihemat jika DNS server-nya ada di jaringan lokal.

untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig. 
langkah - langkah :

# sudo apt-get update
# sudo apt-get install pdnsd

edit usr/share/pdnsd/pdnsd-resolvconf.conf

/* Debian specific configuration to work with resolvconf */

global {
    perm_cache = 1024;
    cache_dir = "/var/cache/pdnsd";
    run_as = "pdnsd";
    server_ip = any;  // Use eth0 here if you want to allow other
                            // machines on your network to query pdnsd.
    status_ctl = on;
    paranoid = on;
    min_ttl = 15m;          // Retain cached entries at least 15 minutes.
    max_ttl = 1w;           // One week.
    timeout = 10;           // Global timeout option (10 seconds).
}

/* server {
    label = "resolvconf";
    proxy_only = on;
} */
server {
    label=DNSpeedy;
    ip=202.134.0.155;
    ip=203.130.193.74;
        timeout=30;
        interval=30;
        uptest=ping;
        ping_timeout=50;
        purge_cache=off;
}

server {
    label=DNS;
    ip=180.211.88.5;
    ip=180.211.88.50;
    timeout=30;
    interval=30;
    uptest=ping;
    ping_timeout=50;
    purge_cache=off;
}
source {
    owner = localhost;
    file = "/etc/hosts";
}

rr {
    name = localhost;
    reverse = on;
    a = 127.0.0.1;
    owner = localhost;
    soa = localhost,root.localhost,42,86400,900,86400,86400;
}

 rr {
    name = dns.brother.info;
    reverse = on;
    a = 192.168.2.2;
    owner = localhost;
    soa = localhost,root.localhost,42,86400,900,86400,86400;
}

/* vim:set ft=c: */

edit lagi di /etc/default/pdnsd :

# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=

edit lagi di /etc/pdnsd.conf :

/* Debian specific configuration to work with resolvconf */

global {

    perm_cache = 1024;
    cache_dir = "/var/cache/pdnsd";
    run_as = "pdnsd";
    server_ip = any;  // Use eth0 here if you want to allow other
                            // machines on your network to query pdnsd.
    status_ctl = on;
    paranoid = on;
    min_ttl = 15m;          // Retain cached entries at least 15 minutes.
    max_ttl = 1w;           // One week.
    timeout = 10;           // Global timeout option (10 seconds).
}

/* server {

    label = "resolvconf";
    proxy_only = on;
} */
server {
    label=DNSpeedy;
    ip=202.134.0.155;
    ip=203.130.193.74;
        timeout=30;
        interval=30;
        uptest=ping;
        ping_timeout=50;
        purge_cache=off;
}

server {

    label=DNS;
    ip=180.211.88.5;
    ip=180.211.88.50;
    timeout=30;
    interval=30;
    uptest=ping;
    ping_timeout=50;
    purge_cache=off;
}
source {
    owner = localhost;
    file = "/etc/hosts";
}

rr {

    name = localhost;
    reverse = on;
    a = 127.0.0.1;
    owner = localhost;
    soa = localhost,root.localhost,42,86400,900,86400,86400;
}
 rr {
    name = dns.brother.info;
    reverse = on;
    a = 192.168.2.2;
    owner = localhost;
    soa = localhost,root.localhost,42,86400,900,86400,86400;
}

/* vim:set ft=c: */

edit /etc/resolv.conf

name-server nameserver 127.0.0.1

edit /etc/dhcp/dhclient.conf :

#prepend domain-name-servers 127.0.0.1; hilangkan tanda # 

tambahkan pada rc.local :

/etc/init.d/pdnsd restart

langsung di test : 

sudo /etc/init.d/pdnsd restart


semua langkah pengeditan harus di simpan setelah di edit/ditambahkan...

192.168.2.2 IP server... di sesuaikan IP server anda...

Selamat Mencoba ^_^



Read more

Membuat Jalur Ping dan DNS

Written by Bima Firewall 0 comments Posted in:

Pada jaringan yang dilimit, ketika batas bandwidth suatu client telah maksimal digunakan, maka ping akan membesar nilai reply-nya, hal ini dikarenakan pengantrian koneksi dari client itu sendiri. Sehingga seolah-olah koneksi yang kita pakai memiliki kualitas jelek karena ping yang besar.


Bagaimana caranya agar ping tetap stabil walau koneksi telah full digunakan oleh client itu sendiri, begitu juga halnya dengan DNS (port 53) agar lebih cepat dalam pengalokasian address, pada tulisan ini kita akan membuat jalur sendiri icmp dan dns, dan diharapkan tanpa adanya gangguan dari koneksi, sehingga koneksi penyampaian ping dan dns bisa lebih cepat.
/ ip firewall mangle

add chain=prerouting protocol=icmp src-address=192.168.10.0/24 action=mark-connection new-connection-mark=icmp-c comment="--> ping" disabled=no

add chain=prerouting connection-mark=icmp-c action=mark-packet new-packet-mark=icmp-p comment="" disabled=no

add chain=prerouting packet-mark=icmp-p action=change-tos new-tos=min-delay comment="" disabled=no

add chain=prerouting src-address=192.168.10.0/24 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="--> dns" disabled=no

add chain=prerouting src-address=192.168.10.0/24 protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-c comment="" disabled=no

add chain=prerouting connection-mark=dns-c action=mark-packet new-packet-mark=dns-p comment="" disabled=no

add chain=prerouting packet-mark=dns-p action=change-tos new-tos=min-delay comment="" disabled=no

Jika pada mangle terdapat mark packet nya koneksi (IIX / INT) letakkan di bagian bawah mangle tersebut, dan jangan diletakkan di bagian atas. Selanjutnya pada queue type:

/ queue type

add name="64" kind=pfifo pfifo-limit=64
Pada queue tree:
/ queue tree

add name="64" parent=global-in packet-mark="" limit-at=0 queue=64 priority=5 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

add name="ping" parent=64 packet-mark=icmp-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

add name="dns" parent=64 packet-mark=dns-p limit-at=8000 queue=64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Read more

Limit Download File di IDM

Written by Bima Firewall 0 comments Posted in:

/ip firewall layer7-protocol
add comment=”" name=”Extension \” .exe \”" regexp=”\\.(exe)”
add comment=”" name=”Extension \” .rar \”" regexp=”\\.(rar)”
add comment=”" name=”Extension \” .zip \”" regexp=”\\.(zip)”
add comment=”" name=”Extension \” .7z \”" regexp=”\\.(7z)”
add comment=”" name=”Extension \” .cab \”" regexp=”\\.(cab)”
add comment=”" name=”Extension \” .asf \”" regexp=”\\.(asf)”
add comment=”" name=”Extension \” .mov \”" regexp=”\\.(mov)”
add comment=”" name=”Extension \” .wmv \”" regexp=”\\.(wmv)”
add comment=”" name=”Extension \” .mpg \”" regexp=”\\.(mpg)”
add comment=”" name=”Extension \” .mpeg \”" regexp=”\\.(mpeg)”
add comment=”" name=”Extension \” .mkv \”" regexp=”\\.(mkv)”
add comment=”" name=”Extension \” .avi \”" regexp=”\\.(avi)”
add comment=”" name=”Extension \” .flv \”" regexp=”\\.(flv)”
add comment=”" name=”Extension \” .pdf \”" regexp=”\\.(pdf)”
add comment=”" name=”Extension \” .wav \”" regexp=”\\.(wav)”
add comment=”" name=”Extension \” .rm \”" regexp=”\\.(rm)”
add comment=”" name=”Extension \” .mp3 \”" regexp=”\\.(mp3)”
add comment=”" name=”Extension \” .mp4 \”" regexp=”\\.(mp4)”
add comment=”" name=”Extension \” .ram \”" regexp=”\\.(ram)”
add comment=”" name=”Extension \” .rmvb \”" regexp=”\\.(rmvb)”
add comment=”" name=”Extension \” .dat \”" regexp=”\\.(dat)”
add comment=”" name=”Extension \” .daa \”" regexp=”\\.(daa)”
add comment=”" name=”Extension \” .iso \”" regexp=”\\.(iso)”
add comment=”" name=”Extension \” .nrg \”" regexp=”\\.(nrg)”
add comment=”" name=”Extension \” .bin \”" regexp=”\\.(bin)”
add comment=”" name=”Extension \” .vcd \”" regexp=”\\.(vcd)”
add comment=”" name=”Extension \” .mp2 \”" regexp=”\\.(mp2)”
add comment=”" name=”Extension \” .3gp \”" regexp=”\\.(3gp)”
add comment=”" name=”Extension \” .mpe \”" regexp=”\\.(mpe)”
add comment=”" name=”Extension \” .qt \”" regexp=”\\.(qt)”
add comment=”" name=”Extension \” .raw \”" regexp=”\\.(raw)”
add comment=”" name=”Extension \” .wma \”" regexp=”\\.(wma)”
add comment=”" name=”Extension \” .ogg \”" regexp=”\\.(ogg)”
add comment=”" name=”Extension \” .doc \”" regexp=”\\.(doc)”

/ip firewall address-list
add address=10.0.0.30 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=bypass
add address=192.168.1.100 comment=”" disabled=no list=skip_content_download
add address=10.0.0.0/24 comment=”" disabled=no list=skip_content_download

/ip firewall filter
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .zip \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=add-dst-to-address-list address-list=content_download address-list-timeout=5s chain=forward comment=”" disabled=no dst-address-list=\
!skip_content_download layer7-protocol=”Extension \” .vcd \”" protocol=tcp

/ip firewall mangle
add action=mark-connection chain=prerouting comment=Content_download disabled=no dst-address-list=content_download new-connection-mark=\
Bw_Download passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=”" connection-bytes=262146-4294967295 disabled=no dst-address-list=!bypass new-connection-mark=\
Bw_Download passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Download disabled=no dst-address-list=!bypass new-packet-mark=Paket_Download \
passthrough=no
add action=mark-connection chain=prerouting comment=Content_browsing disabled=no dst-address-list=!bypass new-connection-mark=Bw_Browsing passthrough=yes \
protocol=!icmp
add action=mark-packet chain=prerouting comment=”" connection-mark=Bw_Browsing disabled=no dst-address-list=!bypass new-packet-mark=Paket_Browsing \
passthrough=no

/queue type
add kind=pcq name=pcq-down pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
add kind=pcq name=Pcq_Browsing_Down pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=DOWN parent=LOCAL priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Browsing_Down packet-mark=Paket_Browsing parent=DOWN priority=5 \
queue=Pcq_Browsing_Down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no max-limit=256k name=Regular_Down packet-mark=Paket_Download parent=DOWN \
priority=8 queue=pcq-down

drop idm

/ip firewall filter
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .exe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .3gp \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .7z \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .asf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .avi \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .bin \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .cab \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .daa \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .dat \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .doc \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .flv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .iso \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mkv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mov \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp2 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp3 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mp4 \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpe \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpeg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .mpg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .nrg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ogg \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .pdf \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .qt \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .ram \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rar \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .raw \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rm \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .rmvb \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .vcd \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wav \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wma \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .wmv \”" protocol=tcp
add action=drop chain=forward comment=”" connection-limit=4,32 disabled=no in-interface=LOCAL layer7-protocol=”Extension \” .zip \”" protocol=tcp

Read more

DNS Flush di Mikrotik

Written by Bima Firewall 0 comments Posted in:

ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.144.144 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp

ip firewall nat add chain=dstnat action=dst-nat to-addresses=180.131.145.145 to-ports=53 in-interface=ether1 dst-port=53 protocol=udp

/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=jump jump-target=180.131.144.144 disabled=yes
/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=jump jump-target=180.131.145.145 disabled=yes



add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=udp to-ports=53

Read more

Menggunakan Internal Proxy nya mikrotik versi crack(2.9) ternyata masih bisa. dari pada pakai komputer lagi mending pakai Internal Proxy nya saja. cuman hasilnya memang belum seoptimal kalo pakai external proxy(terutama di bagain bandwith manjemennya) tetapi masih memuaskan. (sudah ditest cuman kadang terasa kurang memuaskan, tetapi bisa membantu meningkatkan perfoma)

Seting IP untuk Internal Proxy pada mikrotik

1. IP Modem:
- 192.168.10.1
2. IP Mikrotik:
- 192.168.1.1 = local
- 192.168.10.2 = public/ke modem speedy
3. IP Client: 192.168.1.0/24

Seting Rule Internal Proxy di Winbox :

/ ip address
add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment=”" disabled=no
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Lan comment=”" disabled=no

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.10.1 scope=255 target-scope=10 \
comment=”" disabled=no

/ ip dns
set primary-dns=192.168.10.1 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 4096KiB
cache-drive: system
max-cache-size: none
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 0KiB
reserved-for-ram-cache: 154624KiB

/ ip firewall nat
add chain=dstnat src-address=192.168.1.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment=”" disabled=no
add chain=srcnat out-interface=Public action=masquerade comment=”" disabled=no
/ ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=”" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con\
action=mark-packet new-packet-mark=icmp-pkt\
passthrough=no comment=”" disabled=noadd chain=prerouting action=mark-connection new-connection-mark=con-up\
passthrough=yes comment=”"
add chain=prerouting action=mark-paket new-paket-mark=all-pkt\
conection-mark=con-up passthrough=no comment=”"add chain=output content=”X-Cache: HIT” action=mark-connection \
new-connection-mark=proxy-con passthrough=yes comment=”"\
disabled=no
add chain=output connection-mark=proxy-con action=mark-packet \
new-packet-mark=proxy-pkt passthrough=no comment=”" disabled=noadd chain=forward action=mark-connection new-connection-mark=direct-con\
passthrough=yes comment=”" disabled=no
add chain=forward protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no
add chain=output protocol=tcp connection-mark=direct-con \
action=mark-packet new-packet-mark=all-pkt passthrough=no
comment=”" disabled=no

 / queue simple
add name=”proxy-HIT” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=proxy-pkt direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”paling atas”
add name=”Ping-queue” dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp-pkt direction=both priority=2 \
queue=default-small/default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no comment=”supaya ping kecil”
add name=”Parent-queue” dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=45000/300000 total-queue=default-small disabled=no
add name=”All-Trafik” target-addresses=192.168.1.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Parent-queue \
packet-marks=all-pkt direction=both priority=8
queue=default-small/default-small limit-at=4500/30000
max-limit=45000/300000 total-queue=default-small disabled=no

Read more

High Performance Lusca Squid Ubuntu

Written by Bima Firewall 0 comments Posted in:

Beberapa tool tambahan yang mungkin perlu anda periksa/instal:



# vi /etc/network/interfaces
# sudo ufw disable
# apt-get install nmap
 
Lakukan instalasi dependensi yang di butuhkan:

# sudo apt-get update
# sudo apt-get install squid
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
# sudo apt-get install multitail
# sudo apt-get install unzip
# sudo apt-get install acpid 
 
Download LUSCA_HEAD-r14809: 
 
# cd /tmp
# tar -xvjf LUSCA_HEAD-r14809-patch.tar.bz2
# cd LUSCA_HEAD-r14809
Compile, configure dan install Lusca Squid dengan perintah berikut:
# make clean
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/etc/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536
# make
# sudo make install
Konfigurasi dan Tunnelling Lusca Squid :
# cd /etc/squid
# mv squid.conf squid.conf.original
# unzip squid.conf.ubuntu.zip
# mv squid.conf.ubuntu squid.conf
# tar -xvzf storeurl.pl.tar.gz
# chown proxy:proxy /cache1
# chown proxy:proxy /cache2
# chmod 777 /cache1
# chmod 777 /cache2
# chown proxy:proxy /etc/squid/storeurl.pl
# chmod 777 /etc/squid/storeurl.pl
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah:
# squid -f /etc/squid/squid.conf -z
Periksa konfigurasi squid
squid -NDd1 &
Jika tidak terdapat error jalankan squid:
# sudo /etc/init.d/squid restart
Reboot/restart CPU Ubuntu anda
# shutdown -r now   
sumber : indoit.web.id 
   
 

Read more

Optimalkan Ping Internet

Written by Bima Firewall 0 comments Posted in:

Ada yang bilang proxy bukan untuk hemat bendwith tetapi makan icmp (ping), mungkin ini solusinya : 

1. Pertama, aktifkan dulu ip firewall di bridgenya, commandnya seperti ini …
lihat bridge setting, apakah ip firewall sdh aktif apa belum …


[wiwid@funny-mikrotik] /interface bridge settings> pr
use-ip-firewall: no
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no

 ternyata use-ip-firewall masih belum aktif.

ktifkan use-ip-firewallnya ,
[wiwid@funny-mikrotik] /interface bridge settings> set use-ip-firewall=yes

oK sekarang kita lihat hasil printnya …

[wiwid@funny-mikrotik] /interface bridge settings> pr
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
Bisa dilihat, use-ip-firewall sdh diaktifkan.

2. Buat Mangle :

[wiwid@funny-mikrotik] /ip firewall mangle>add chain=prerouting action=mark-connection new-connection-mark=icmp-conn passthrough=yes protocol=icmp  
[wiwid@SGH-JCO Salam] /ip firewall mangle>add chain=prerouting action=mark-packet new-packet-mark=tcp-conn passthrough=no protocol=icmp connection-mark=icmp-conn 

3. Buat Queue Tree

[wiwid@funny-mikrotik] /queue tree> add name=”ICMP” parent=global-total packet-mark=tcp-conn limit-at=48k queue=default priority=8 max-limit=96k burst-limit=96k burst-threshold=64k burst-time=5s 

Test : ping 192.168.1.2 -l 1472 -t 

Selamat Mencoba.......

 

Read more

SQUID PROXY DENGAN UBUNTU SERVER 32/64 BIT

Written by Bima Firewall 0 comments Posted in:

Hidupkan PC Calon Proxy Server
Masukkan ‘CD Ubuntu Server’ Ke CDROM
Booting dari CDROM
Pilih language English, Enter
Pilih Install Ubuntu Server, Enter
Tekan enter pada ‘Choose Language’ English
Pilih United States
‘Detect Keyboard Layout Pilih ‘No’
Pada Ubuntu ‘Installer Main Menu’ pilih USA
Pada ‘Keyboard Layout’ Pilih USA
Pilih ‘Continue’ pada ‘Configure The Network’
Pilih ‘Configure Network Manually’
Isi IP Address dengan 192.168.2.1 pilih ‘Continue’, lalu tekan Enter
Netmask 255.255.255.0 pilih ‘Continue’, lalu Enter
Pada Gateway sudah terdapat angka ‘192.168.2.2’, biarkan saja terus Tab Pilih ‘Continue’
Pada Name Server Addresses sudah terdapat angka ‘192.168.2.1’ abaikan dan Tab pilih ‘Continue’, lalu enter
Hotsname diisi dengan : anjelanet (terserah anda) terus pilih continue enter
Domain Name: kosongkan saja, pilih ‘Continue’ dan tekan enter
Pada pilihan ‘Configure The Clock’ pilih ‘Select From Worldwide List’ terus cari Jakarta, lalu tekan Enter
Pada menu ‘Partition Disk’ pilih ‘Manually’
(Penulis menggunakan 2 Harddisk 250 GB & 500 GB 7200 RPM, RAM 2 GB PC6400, HDD 500 GB dipersiapkan untuk men-cache Video Streaming & MP3. Jika HDD & RAM anda berbeda sesuaikan dengan kebutuhan, Pola Partition Nomor 1 & 3 tutorial ini mohon tidak di ubah, cukup penyesuaian pada option RAM saja)
Selanjutnya Jika menggunakan Harddisk bekas pakai, Langkahnya kita hapus partisi yang ada terlebih dahulu. Pilih Directory Partition yang akan dihapus, tekan enter dan pilih Delete The Partition (ULANGI PERINTAH INI UNTUK SEMUA PARTISI YG TERSISA).
Jika telah selesai pilih ‘Guided Partitioning’, kemudian pilih ‘Manually’ arahkan pada FREE SPACE. (UNTUK HARDDISK KOSONG LANGSUNG KE LANGKAH INI).
1. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition I adalah 256 MB, Jadikan sebesar itu. Pilih Continue, Enter (Usahakan untuk tidak merubah besaran Partisi Harddisk ini)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes, Format it’
- Mount point = /boot
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Bootable flag = on
- Pilih ‘Done Setting Up The Partition’
2. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition II adalah 30 GB (Sesuaikan kapasitas HDD anda, minimal 10 GB)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes, Format it’
- Mount point = /
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Pilih ‘Done Setting Up The Partition’

3. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besaran Partisi III adalah 4 GB (RAM 2 GB)
(Untuk RAM 1 GB Isikan Partisi III sebesar 2 GB. Rumus = RAM x 2 = Besar Partisi SWAP AREA)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Swap Area
- Pilih ‘Done Setting Up The Partition’
4. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition IV adalah keseluruhan sisa HDD 1 yang masih FREE SPACE (dalam hal ini Free Space HDD 1 saya 215,8 GB)
- Pilih Primary, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes, Format it’
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache1’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail & Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard,, untuk Ubuntu Server 64/Bit Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’

(PERHATIAN : JIKA MENGGUNAKAN 1 HARDDISK, ABAIKAN LANGKAH 5 & 6 BERIKUT INI)

5. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 300 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes, Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache2’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
6. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 200 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes, Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache3’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’

Pilih Finish Partitioning And Write Changes To Disk, tekan Enter
Pada pilihan Write The Changes To Disk pilih Yes, tekan Enter
Pada Full Name For The New User isi dg anjelanet, pilih continue & tekan Enter
Pada Username For Your Account isi dg anjelanet, terus continue & tekan Enter
Pada a password For The New User isi dg anjelanet, terus continue & tekan Enter
Pada Re-Enter Password To Verify isi dg anjelanet, terus continue & tekan Enter
Jika muncul pilihan Use Weak Password pilih Yes, tekan Enter
Pada pilihan Encrypt Your Home Directory pilih ‘No’, tekan Enter
Pada pilihan HTTP Proxy Information dikosongkan saja, pilih Continues, tekan Enter
Pada saat ‘Configuration apt’ mencapai 23% tekan enter, juga pada 72% tekan Enter
Pada saat pilihan updating pilih ‘No Automatic Update’
Pada Choose Software To Install pilih ‘OpenSSH Server’ dengan menekan tombol ‘SPACE’ pada keyboard, selanjutnya pilih Continues, tekan Enter
Pada Pilihan ‘Install GRUB Loader’ pilih Yes
Pada saat ‘Ejecting CD Ubuntu Server Installer’ ambil CD-nya tutup kembali CDROM dan pilih pilih Continues

‘FINISH THE INSTALLATION & CPU ON PROCEED REBOOT, DON’T TOUCH ANYTHING’
‘NOW WAKE UP… PROXY SERVER UBUNTU IS READY FOR NEXT STAGE’

Login pada Ubuntu Server (Isikan sesuai User & Password anda)
- Login as : anjelanet
- Password : anjelanet
Untuk proses agar bisa Login di @root :
- Ketikan perintah : sudo su – dan tekan enter
- Isikan Password : anjelanet
- Ketikan perintah : passwd dan tekan enter
- Isikan Password Baru : anjelanet
- Isikan kembali Password Baru : anjelanet
- Reboot PC dengan mengetikan perintah = reboot –h now

Read more

Pengaturan Proxy Eksternal Dengan Mikrotik

Written by Bima Firewall 0 comments Posted in:

Mikrotik routerboard memiliki built-in proxy didalamnya, namun memiliki kendala yakni keterbatasan kapasitas penyimpanan. Oleh karena itu, kebanyakan administrator jaringan yang menggunakan mikrotik akan menggunakan proxy eksternal untuk mengatasi kendala ini.
Program atau daemon yang paling banyak digunakan untuk proxy eksternal adalah squid atau turunannya (lusca). Ada beberapa keuntungan dalam penggunaan squid proxy eksternal antara lain :
  1. Mudah untuk di sesuaikan konfigurasinya sesuai dengan kebutuhan.
  2. Penggunaan access control lists (ACL) yang dapat digunakan untuk keperluan tertentu.
  3. Squid (khususnya versi 2.7) dapat “dipersenjatai” dengan url redirector. Pada suatu kondisi, redirector dapat digunakan untuk menangani akses konten dinamik (seperti video Youtube).
  4. Kapasitas penyimpanan yang lebih besar karena pada umumnya komputer menggunakan harddisk sebagai media penyimpanan.
Dalam posting ini, saya akan sedikit menjabarkan integrasi proxy eksternal dengan mikrotik menggunakan pengaturan NAT atau mangle dengan diagram jaringan seperti gambar berikut ini :
Keterangan :
  • IP address mikrotik menuju proxy : 192.168.90.1
  • IP address proxy menuju mikrotik : 192.168.90.2
  • IP address klien-klien : 192.168.1.0/24
Skenario pertama : menggunakan NAT.
Kita dapat menggunakan NAT untuk “membelokkan” akses browsing klien (port 80/HTTP) menuju IP dan port proxy eksternal. Monggo di copas script berikut ini :
Keterangan :
Terlebih dahulu kita mendeskripsikan kelas IP address yang digunakan untuk komunikasi antara mikrotik – proxy.
/ip firewall address-list
add address=192.168.90.0/24 list=ip-proxy
Kemudian, akses browsing klien (HTTP port 80) kita belokkan menuju proxy eksternal port 3128
/ip firewall nat
add action=dst-nat chain=dstnat comment=”transparent proxy” dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
Skenario kedua : menggunakan mangle.
Saya secara pribadi menyukai penggunaan skenario kedua ini. Berikut script nya :

/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
/ip firewall mangle
add action=mark-routing chain=prerouting comment="mark routing to proxy" dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24


Keterangan :
Sebelumnya, tambahkan route menuju proxy eksternal untuk routing yang akan kita tandai di mangle.

/ip route
add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
Setelah itu, akses browsing klien kita tandai dengan routing mark pada mangle, sehingga semua akses browsing akan “bermuara” langsung ke proxy eksternal sebagaimana telah kita tentukan sebelumnya pada route.
/ip firewall mangle
add action=mark-routing chain=prerouting comment=”mark routing to proxy” dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
Catatan :
Jangan lupa menambahkan pengaturan pada proxy eksternal agar akses klien dapat berjalan dengan baik antara lain menentukan default gateway proxy dan mengizinkan akses port 3128 pada iptables. Simpan baris-baris berikut ini kedalam file /etc/rc.local :

route add default gateway 192.168.90.1
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.90.2 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.90.2 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT 
 
sumber : http://fazar.web.id/2012/04/pengaturan-proxy-eksternal-dengan-mikrotik/

 

Read more

Fix /var/lib/apt/lists/lock

Written by Bima Firewall 0 comments Posted in:


Ketika sedang mau update muncul seperti ini :

E: Could not get lock /var/lib/apt/lists/lock – open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/

Cara Menanggulanginya sebagai berikut :

1. Masuk pada terminal ubuntu atau bisa menggunakan putty
2. ketik  : sudo rm /var/lib/apt/lists/lock
3. Selesai. Update Ulang dengan : sudo apt-get update 

 ~ Selamat Mencoba ~

Read more

Cara Install Webmin di Ubuntu 12.04

Written by Bima Firewall 0 comments Posted in:

Cara install webmin di Ubuntu 12.04, buka terminal tambahkan repository :

1-  Edit /etc/apt/sources.list file

sudo vi /etc/apt/sources.list
 
2- Tambahkan barisan ini di bawahnya :

deb http://download.webmin.com/download/repository sarge contrib 
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
 
Simpan dan Keluar 

3- Import GPG key Webmin

wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
 
4- Update source list

sudo apt-get update
 
5- Sekarang install webmin

sudo apt-get install webmin
 
Sekarang bisa akses webmin buka browser anda dan masukkan :  http://serveripanda:10000/

Terima Kasih,



Read more
Powered by Blogger.

Komentar