tag:blogger.com,1999:blog-46508005939258717092012-01-12T13:52:16.483+07:00Internet Network TroubleshootThis blog content Internet and Network Troubleshoot guide, tips and trick based on my experience from day to day activities as Network AdministratorHarijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.comBlogger921100tag:blogger.com,1999:blog-4650800593925871709.post-59668643559675346862011-08-24T16:06:00.008+07:002011-08-24T17:05:10.488+07:00ACK Time Out and Distance for Sectoral AP / PTMP<div><span style="text-decoration: underline;">S</span>ekedar info untuk Access Point dengan antena Sectoral khususnya UBNT Family ada yang berpendapat di forum luar sbb:
<br /><div><div><div>
<br /><span style="font-size:85%;">Auto ACK is having way too many problems. Set everything to manual.
<br />
<br />Set the AP to 10% greater than the farthest client's actual distance.
<br />Set the stations to 10% greater than distance back to the AP.
<br />
<br />HOWEVER...I'm beginning to think that 10% number shouldn't be written in stone. I had one station with a 40% CCQ jump to 100% CCQ when I increased ACK from 10% to 15%. And it dropped down to around 40% when I set the ACK back to 10%. </span>
<br />
<br /><a href="http://208.68.95.4/forum/showthread.php?t=15162">http://208.68.95.4/forum/showthread.php?t=15162
<br /></a>
<br />apa itu ACK Time Out? bisa baca-baca di :
<br />
<br /><a href="http://www.air-stream.org.au/ACK_Timeouts">http://www.air-stream.org.au/ACK_Timeouts</a>
<br /></div>
<br /><div>Kenapa jangan auto? ini penjelasannya:</div><span style="font-size:85%;">
<br />For AP configuration you want to disable auto ACK because it would be readjusting for every client on the fly which I bet would waste CPU and possibly allow the AP to miss a few packets.
<br />
<br />For clients, which should be the same ACK since your AP does not move, auto ACK should be OK. Since hopefully you have waaaaaay more clients than APs, most of your configs should be auto ack, thus it is the default option.
<br />
<br />For point to point shots what I have done is enable auto ack, let the link go for a bit, then observe the main screen to see what value it settles into. Then I disable auto ack and put that value plus 10% in there as a static value. I only do this because I figure it would be more CPU efficient if the AP does not have to perform the ack finding code execution.
<br />
<br />In theory, the link should be faster since the main bottleneck for these units when used as a backbone is CPU from what I read. The less CPU you use means the more you have available to pass packets I assume. I have not taken the time to confirm this however. I just think it sounds good on paper. </span>
<br />
<br /><a href="http://www.ubnt.com/forum/showpost.php?p=45051&postcount=2">http://www.ubnt.com/forum/showpost.php?p=45051&postcount=2</a>
<br />
<br />Nah jadi sebagai contoh di salah satu sectoral yang menggunakan ubnt rocket saya bisa lihat melalui aplikasi yang Ok banget dari ubnt = <a href="http://www.ubnt.com/wiki/AirControl#Installation">AirControl </a>bisa dilihat jarak terjauh dari client yang terhubung ke Access Point tsb.
<br />
<br /><a href="http://1.bp.blogspot.com/-cOG8bH11SII/TlTI5gnYUhI/AAAAAAAAAjw/mfSe6OSJXlg/s1600/aircontrols2.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 162px;" id="BLOGGER_PHOTO_ID_5644357123335279122" alt="" src="http://1.bp.blogspot.com/-cOG8bH11SII/TlTI5gnYUhI/AAAAAAAAAjw/mfSe6OSJXlg/s320/aircontrols2.PNG" border="0" /></a>
<br /><div style="text-align: center;">contoh web interface pake java aircontrol
<br />
<br /><div style="text-align: left;">Dari client terjauh menurut forum diatas tambahkan 15% dari jarak client terjauh jadi dalam contoh ini 1400meter + 1400meter * 15% = 1610meter di contoh ini saya jadikan 1miles ~ 1,7Km
<br />
<br /><a href="http://3.bp.blogspot.com/-aOeM6ch2c_E/TlTI59lRPjI/AAAAAAAAAj4/8LGFqxl2qg4/s1600/ack-distance-rocket.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 162px;" id="BLOGGER_PHOTO_ID_5644357131111054898" alt="" src="http://3.bp.blogspot.com/-aOeM6ch2c_E/TlTI59lRPjI/AAAAAAAAAj4/8LGFqxl2qg4/s320/ack-distance-rocket.PNG" border="0" /></a>
<br />Hasilnya bisa dilihat di Tab Main
<br /></div></div>
<br /><a href="http://3.bp.blogspot.com/-Gykx-P1NiQ4/TlTI6LScB3I/AAAAAAAAAkA/RVRofQGsG50/s1600/main-status.PNG"><img style="text-align: center; margin: 0px auto 10px; width: 320px; display: block; height: 245px;" id="BLOGGER_PHOTO_ID_5644357134790166386" alt="" src="http://3.bp.blogspot.com/-Gykx-P1NiQ4/TlTI6LScB3I/AAAAAAAAAkA/RVRofQGsG50/s320/main-status.PNG" border="0" /></a>
<br />
<br />Diharapkan dengan tidak menggunakan auto-ACK tetapi ACK mengikuti parameter jarak/Distance CCQ station-station yang terhubung ke Access Point bisa lebih stabil
<br />
<br />Nah teori ini harus di buktikan dalam 1-2 hari kedepan , karena belum diuji :)
<br />
<br />oh ya satu lagi dengan menggunakan AirControl maka setiap radio UBNT bisa di atur jadwal rebootnya agar memory UBNT tidak jenuh , selain itu configurasi nya juga bisa di backup secara berkala secara otomatis, untuk menggunakan AirControl tinggal download install di Ms.Windows yang sudah ada Java Virtual Machine nya lalu tinggal dibuka pake web browser .
<br />
<br />AirControl ini ya semacam Dude kalau di Mikrotik kurang-lebih begitu ada mapnya juga
<br />
<br />
<br />
<br />
<br /><div>
<br />
<br /></div></div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5966864355967534686?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-72290208591919882902011-04-14T18:12:00.001+07:002011-04-14T18:14:01.307+07:00Visio Shape for Mikrotik and Ubnt<a href="http://h1x.com/mt/Mikrotik-Visio.zip">http://h1x.com/mt/Mikrotik-Visio.zip<br /></a><br /><a href="http://www.ubnt.com/downloads/UBNT-visio-shapes.zip">http://www.ubnt.com/downloads/UBNT-visio-shapes.zip</a><br /><br />download and extract to My Document/My Shapes<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-7229020859191988290?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-90337710953525394082011-04-09T08:31:00.002+07:002011-04-09T08:33:46.401+07:00Yahoo Messenger address-list for MikrotikReference:<br /><a href="http://forums.miranda-im.org/showthread.php?2810-Problem-connecting-to-Yahoo-Messenger-server">http://forums.miranda-im.org/showthread.php?2810-Problem-connecting-to-Yahoo-Messenger-server<br /></a><br /><br />C:\Users\Harijanto>nslookup scsc.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.101<br /> 98.136.48.67<br /> 98.136.48.111<br /> 98.136.48.79<br /> 98.136.48.80<br /> 98.136.48.141<br /> 98.136.48.102<br /> 98.136.48.100<br />Aliases: scsc.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scs.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.67<br /> 98.136.48.79<br /> 98.136.48.110<br /> 98.136.48.112<br /> 98.136.48.107<br /> 98.136.48.80<br /> 98.136.48.108<br /> 98.136.48.74<br />Aliases: scs.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsa.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.78<br /> 98.136.48.70<br /> 98.136.48.67<br /> 98.136.48.107<br /> 98.136.48.114<br /> 98.136.48.80<br /> 98.136.48.104<br /> 98.136.48.81<br />Aliases: scsa.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsb.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Name: scsb.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto>nslookup scsc.msg.yahoo.com<br />Server: google-public-dns-a.google.com<br />Address: 8.8.8.8<br /><br />Non-authoritative answer:<br />Name: vcs0.msg.g03.yahoodns.net<br />Addresses: 98.136.48.111<br /> 98.136.48.81<br /> 98.136.48.77<br /> 98.136.48.102<br /> 98.136.48.116<br /> 98.136.48.70<br /> 98.136.48.76<br /> 98.136.48.110<br />Aliases: scsc.msg.yahoo.com<br /><br /><br />C:\Users\Harijanto><br /><br />/ ip firewall address-list<br />add list=yahoo-messenger address=98.136.48.119 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.102 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.101 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.67 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.111 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.79 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.80 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.141 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.100 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.110 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.112 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.107 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.108 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.74 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.70 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.114 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.104 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.81 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.77 comment="" disabled=no<br />add list=yahoo-messenger address=98.136.48.116 comment="" disabled=no<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-9033771095352539408?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-72955054301014414372011-03-20T18:44:00.004+07:002011-03-20T18:57:03.382+07:00Good Reference when you need migrate your cpanel server to new one<a href="http://www.webhostinguniverse.com/tutorials/migratecpanel.htm">http://www.webhostinguniverse.com/tutorials/migratecpanel.htm</a><br /><br /><a href="http://www.crucialp.com/resources/tutorials/dedicated-server/how-to-install-installing-fantastico-cpanel-whm.php">http://www.crucialp.com/resources/tutorials/dedicated-server/how-to-install-installing-fantastico-cpanel-whm.php</a><br /><br /><a href="http://forum.likg.org.ua/server-side-actions/cphulkd-management-t94.html">http://forum.likg.org.ua/server-side-actions/cphulkd-management-t94.html</a><br /><a href="http://forums.cpanel.net/f5/change-ttl-multiple-dns-zones-76580.html"><br />http://forums.cpanel.net/f5/change-ttl-multiple-dns-zones-76580.html</a><br /><br /><a href="http://linuxproblem.org/art_9.html">http://linuxproblem.org/art_9.html</a><br /><br />and this is my tips:<br /><br />1. when install cpanel dnsonly with new OS like Centos 5.5 I modify the file:<br /><br /><span style="font-size:85%;">more /etc/sysconfig/named<br /># BIND named process options<br /># ~~~~~~~~~~~~~~~~~~~~~~~~~~<br /># Currently, you can use the following options:<br />#<br /># ROOTDIR="/some/where" -- will run named in a chroot environment.<br /># you must set up the chroot environment<br /># (install the bind-chroot package) before<br /># doing this.<br />#<br /># OPTIONS="whatever" -- These additional options will be passed to named<br /># at startup. Don't add -t here, use ROOTDIR instead.<br />#<br /># ENABLE_ZONE_WRITE=yes -- If SELinux is disabled, then allow named to write<br /># its zone files and create files in its $ROOTDIR/var/named<br /># directory, necessary for DDNS and slave zone transfers.<br /># Slave zones should reside in the $ROOTDIR/var/named/slaves<br /># directory, in which case you would not need to enable zone<br /># writes. If SELinux is enabled, you must use only the<br /># 'named_write_master_zones' variable to enable zone writes.<br />#<br /># ENABLE_SDB=yes -- This enables use of 'named_sdb', which has support<br /># -- for the ldap, pgsql and dir zone database backends<br /># -- compiled in, to be used instead of named.<br />#<br /># DISABLE_NAMED_DBUS=[1y]-- If NetworkManager is enabled in any runlevel, then<br /># the initscript will by default enable named's D-BUS<br /># support with the named -D option. This setting disables<br /># this behavior.<br />#<br /># KEYTAB_FILE="/dir/file" -- Specify named service keytab file (for GSS-TSIG)<br />ENABLE_ZONE_WRITE=yes<br />OPTIONS="-4"</span><br /><br />and because cpanel not using bind-chroot so better you remove bind-chroot with command:<br /><br />yum remove bind-chroot<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-7295505430101441437?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-4105915464461124952011-02-26T19:57:00.005+07:002011-02-26T21:38:09.012+07:00Bonding Two ADSL<!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>IN</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} </style> <![endif]--> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Because I must wait 1-2 months to upgrade my Intercity Leased Line (LL) between Indonesia Internet Exchange (IIX) locate in Cyber Building, South Jakarta with my remote site with distance 266km so i try using Mikrotik Interface Bonding Solution, and it works.<br /><br />So this is the configuration for Mikrotik Router locate in remote site:<br /><br />I used two ADSL connection<br /><br />/interface pppoe-client<br />add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \<br /> dial-on-demand=no disabled=no interface=ether1_adsl1 max-mru=1480 max-mtu=\<br /> 1480 mrru=disabled name=telkom1 password=123456 profile=pppoe \<br /> service-name="" use-peer-dns=no user=adsl1@telkom.net<br />add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \<br /> dial-on-demand=no disabled=no interface=ether3_adsl2 max-mru=1480 max-mtu=\<br /> 1480 mrru=disabled name=telkom2 password=123456 profile=pppoe \<br /> service-name="" use-peer-dns=no user=adsl2@telkom.net<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">password=123456 , this is just example you must using your own password</span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">user=adsl1@telkom.net, this is just example you must using your own user</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">[Me@RemoteSite] /ip address print detail<br />Flags: X - disabled, I - invalid, D - dynamic<br /> 0 ;;; BONDING PDA1 D3<br /> address=1.2.3.62/30 network=1.2.3.60<br /> interface=BONDING_PDA1_D3_EOIP actual-interface=BONDING_PDA1_D3_EOIP<br /><br />5 D address=1.2.255.218/32 network=1.2.255.1 interface=telkom2<br /> actual-interface=telkom2<br /><br /> 6 D address=1.2.251.170/32 network=1.2.250.1 interface=telkom1<br /> actual-interface=telkom1<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">address=1.2.3.63/30 , this is point-to-point ip address between bonding interface jakarta with remote site</span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">address=1.2.255.218/32 and address=1.2.250.170/32, this is ip address from ADSL provider, this is good because between telkom1 and telkom2 using different gateway and network so we can create different routing statick for two eoip connection for each ADSL </span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/ip route<br />add check-gateway=ping comment="DEFAULT GATEWAY via BONDING RO JAKARTA" \<br /> disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.2.3.61 scope=30 \<br /> target-scope=10<br />add comment="ROUTING To LOOPBACK1 RO JAKARTA via ADSL 1" \<br /> disabled=no distance=1 dst-address=1.2.3.38/32 gateway=1.2.250.1 \<br /> scope=30 target-scope=10<br />add comment="ROUTING To LOOPBACK2 RO JAKARTA via ADSL 2" \<br /> disabled=no distance=1 dst-address=1.2.3.41/32 gateway=1.2.255.1 \<br /> scope=30 target-scope=10<br />add comment="DNS ADSL1" disabled=no distance=1 dst-address=202.134.0.155/32 \<br /> gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10<br />add comment="DNS ADSL2" disabled=no distance=1 dst-address=202.134.1.10/32 \<br /> gateway=1.2.250.1,118.96.255.1 scope=30 target-scope=10<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">LOOPBACK1 and LOOPBACK2 is the ip address on lobridge1 and lobridge2 interface at Jakarta Router, just to make sure each eoip interface have their remote-address</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">/interface eoip<br />add arp=enabled comment="remote address 1.2.3.38 ip loopback rb1000 jkt" \<br /> disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\<br /> EOIP_PDA1_D3_4793 remote-address=1.2.3.38 tunnel-id=4793<br />add arp=enabled comment="remote address 1.2.3.41 ip loopback rb1000 jkt" \<br /> disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\<br /> EOIP_PDA1_D3_7814 remote-address=1.2.3.41 tunnel-id=7814<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">I using two EOIP interface , each EOIP connected using ADSL to Jakarta Router, because my Jakarta Router directly connected to IIX so from Jakarta Router to RemoteSite Router connected through IIX to ADSL provider</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/interface bonding<br />add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.61 disabled=no \<br /> down-delay=0ms lacp-rate=30secs link-monitoring=arp mii-interval=100ms \<br /> mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP primary=none slaves=\<br /> EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 transmit-hash-policy=layer-2 up-delay=\<br /> 0ms<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">arp-ip-targets=1.2.3.61, this is ip monitoring on Jakarta Router </span></li><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">mode=balance-rr, this is bonding mode i used, balance-rr its mean the data will tx and rx using round-robin and give balance and fail-over between slave interface</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">I using NAT to masquerade all traffic out through Bonding interface to make sure the src-address from my remote-site is replace with IP 1.2.3.62<br /><br />/ip firewall nat<br />add action=masquerade chain=srcnat comment="NAT via BONDING" disabled=no \<br /> out-interface=BONDING_PDA1_D3_EOIP<br /><br /><br />And this is configuration for Mikrotik Router locate in Jakarta:<br /><br />/interface bridge<br />add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \<br /> comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \<br /> mtu=1500 name=lobridge1 priority=0x8000 protocol-mode=none \<br /> transmit-hold-count=6<br />add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \<br /> comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \<br /> mtu=1500 name=lobridge2 priority=0x8000 protocol-mode=none \<br /> transmit-hold-count=6<br /><br />note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">lobridge interface using for ip loopback for remote-address eoip from RemoteSite</span></li></ol> <p class="MsoNormal" style="margin-bottom: 0.0001pt; line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br />/interface eoip<br />add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\<br /> 02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_4793 remote-address=\<br /> 1.2.251.170 tunnel-id=4793<br />add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\<br /> 02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_7814 remote-address=\<br /> 1.2.255.218 tunnel-id=7814<br /><br /><br />/interface bonding<br />add arp=enabled arp-interval=100ms arp-ip-targets=1.2.3.62 comment="" \<br /> disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \<br /> mii-interval=100ms mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP \<br /> primary=none slaves=EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 \<br /> transmit-hash-policy=layer-2 up-delay=0s<br /><br /><br />[Me@Jakarta] > /ip address print<br />Flags: X - disabled, I - invalid, D - dynamic<br />1 ;;; IIX BGP Peering<br /> 1.2.3.22/30 1.2.3.20 1.2.3.23 ether2_OIXP <br />5 ;;; IP Loopback1<br /> 1.2.3.38/32 1.2.3.38 1.2.3.38 lobridge1 <br />6 ;;; IP Loopback2<br /> 1.2.3.41/32 1.2.3.41 1.2.3.41 lobridge2 <br />11 ;;; BONDING<br /> 1.2.3.61/30 1.2.3.60 1.2.3.63 BONDING_PDA1_D3_EOIP <br /><br /><br />Note:</span></p> <ol start="1" type="1"><li class="MsoNormal" style="line-height: normal;"><span style="font-size: 12pt; font-family: "Times New Roman","serif";">Jakarta Router directly connected to IIX so routing table from Jakarta to ADSL at RemoteSite is through IIX and the routing table is using BGP protocol between Jakarta Router to IIX Router</span></li></ol> <p class="MsoNormal"> </p> <br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/-ZzWL-VN9slo/TWkQJJt8EuI/AAAAAAAAAjE/iWcRgCv1fGw/s1600/bonding-traffic.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 123px;" src="http://4.bp.blogspot.com/-ZzWL-VN9slo/TWkQJJt8EuI/AAAAAAAAAjE/iWcRgCv1fGw/s320/bonding-traffic.png" alt="" id="BLOGGER_PHOTO_ID_5578007362888536802" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-o_L0lO43hSU/TWkPOFgCT8I/AAAAAAAAAi8/ilB88BeZtS8/s1600/bonding-traffic.png"><br /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-YbOGuzICNBM/TWkOVEkeB_I/AAAAAAAAAi0/sWg_NjGS6DU/s1600/mrtg-bonding.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 206px;" src="http://2.bp.blogspot.com/-YbOGuzICNBM/TWkOVEkeB_I/AAAAAAAAAi0/sWg_NjGS6DU/s320/mrtg-bonding.png" alt="" id="BLOGGER_PHOTO_ID_5578005368641816562" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-410591546446112495?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-51924698290397789062011-02-25T16:33:00.010+07:002011-03-02T12:20:41.074+07:00Youtube IP Address and how to manipulate Youtube routing in Mikrotik RouterIf you have more then one ISP you can manipulate routing for Youtube traffic to ISP with the best download rate for Youtube content<br /><br />/ip firewall address-list<br />add address=74.125.0.0/16 comment=Google disabled=no list=youtube<br />add address=114.112.182.156 comment=TuDou disabled=no list=youtube<br />add address=221.12.89.120 comment=TuDou disabled=no list=youtube<br />add address=64.15.112.0/20 comment=YouTube disabled=no list=youtube<br />add address=64.15.120.0/21 comment=YouTube disabled=no list=youtube<br />add address=208.65.152.0/22 comment=YouTube disabled=no list=youtube<br />add address=208.117.224.0/19 comment=YouTube disabled=no list=youtube<br />add address=209.85.128.0/17 comment=Google disabled=no list=youtube<br /><br /><br />/ip firewall mangle<br />add action=mark-routing chain=prerouting \<br />comment="Routing Mark Youtube" disabled=no \<br />dst-address-list=youtube new-routing-mark=youtube passthrough=no<br /><br />correction:<br />because if you mangle routing-mark all protocol and you have email server inside your network the email from gmail will failed to received so better you just mangle routing-mark for protocol tcp dst-port 80, like this:<br /><br />/ip firewall mangle<br />add action=mark-routing chain=prerouting comment="Routing Mark Youtube" \<br /> disabled=no dst-address-list=youtube dst-port=80 new-routing-mark=\<br /> youtube passthrough=no protocol=tcp<br /><br />/ip route<br />add comment="Routing Youtube" disabled=no dst-address=0.0.0.0/0 \<br />gateway=1.2.3.4 routing-mark=youtube<br /><br />/ip firewall nat<br />add action=masquerade chain=srcnat \<br />comment="NAT Youtube via ISP Youtube" \<br />disabled=no out-interface=INTERFACE_TO_ISP_YOUTUBE<br /><br /><br />Note:<br /><ol><li>gateway=1.2.3.4, you must using your ISP gateway for Youtube traffic depend on your choice whic one of your ISP is best for Youtube traffic</li><li>out-interface=INTERFACE_TO_ISP_YOUTUBE, change to your ISP interface at your mikrotik router</li></ol><br />To avoid problem if your ISP for Youtube down you can copy-paste this script to mikrotik terminal:<br /><br />/system script<br />add name=check_youtube policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\<br /> :if ( [/ping 1.2.3.4 count=1]=1) do={\r\<br /> \n:log info \"Youtube Up\";\r\<br /> \n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\<br /> t \$i disable=no};\r\<br /> \n/tool e-mail send to=\"your@email.net\" subject=([/system ident\<br /> ity get name] . \" Youtube Up \" . [/system clock get date]) body=\"Youtub\<br /> e Routing Mark Enable\";\r\<br /> \n} else={\r\<br /> \n:log info \"Youtube Down\";\r\<br /> \n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\<br /> t \$i disable=yes};\r\<br /> \n/tool e-mail send to=\"your@email.net\" subject=([/system ident\<br /> ity get name] . \" Youtube Down \" . [/system clock get date]) body=\"Yout\<br /> ube Routing Mark Disable\";\r\<br /> \n}"<br /><br />and activate this script from Netwatch<br /><br />/tool netwatch<br />add comment="Youtube Check" disabled=no down-script=check_youtube host=\<br /> 1.2.3.4 interval=1m timeout=25ms up-script=check_youtube<br /><br /><br /><br />Source:<br /><a href="http://www.robtex.com/as/as36561.html#bgp">http://www.robtex.com/as/as36561.html#bgp</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5192469829039778906?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-90734135476812374402011-02-24T15:21:00.006+07:002011-02-24T15:38:29.468+07:00Jika Paket Data Tidak mau jalan lewat tunnel<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-de3VuvYFZ1w/TWYX1IgBVTI/AAAAAAAAAis/joudGPPaQFQ/s1600/esham-forward-mangle-in-eoip-action.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://2.bp.blogspot.com/-de3VuvYFZ1w/TWYX1IgBVTI/AAAAAAAAAis/joudGPPaQFQ/s320/esham-forward-mangle-in-eoip-action.png" alt="" id="BLOGGER_PHOTO_ID_5577171390127232306" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/-GoApYXOgArs/TWYXuU-1dFI/AAAAAAAAAik/yYwAz7_Eg5c/s1600/esham-forward-mangle-in-eoip-advance.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/-GoApYXOgArs/TWYXuU-1dFI/AAAAAAAAAik/yYwAz7_Eg5c/s320/esham-forward-mangle-in-eoip-advance.png" alt="" id="BLOGGER_PHOTO_ID_5577171273218618450" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/-RdqjNxtVbzE/TWYXuFW3GwI/AAAAAAAAAic/lQ3HGZtYCyQ/s1600/esham-forward-mangle-in-eoip-general.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/-RdqjNxtVbzE/TWYXuFW3GwI/AAAAAAAAAic/lQ3HGZtYCyQ/s320/esham-forward-mangle-in-eoip-general.png" alt="" id="BLOGGER_PHOTO_ID_5577171269024422658" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/-I58ymRYOi-M/TWYXt8ibFCI/AAAAAAAAAiU/U_mUcRl08Kc/s1600/esham-forward-mangle-out-eoip-action.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/-I58ymRYOi-M/TWYXt8ibFCI/AAAAAAAAAiU/U_mUcRl08Kc/s320/esham-forward-mangle-out-eoip-action.png" alt="" id="BLOGGER_PHOTO_ID_5577171266656998434" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/-doV9Hjac1T8/TWYXtc8he5I/AAAAAAAAAiM/rVT-Vd8YPGE/s1600/esham-forward-mangle-out-eoip-advance.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/-doV9Hjac1T8/TWYXtc8he5I/AAAAAAAAAiM/rVT-Vd8YPGE/s320/esham-forward-mangle-out-eoip-advance.png" alt="" id="BLOGGER_PHOTO_ID_5577171258176535442" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/-EbzTpSzXpVo/TWYXtSjMp8I/AAAAAAAAAiE/bnnvgCE1Jes/s1600/esham-forward-mangle-out-eoip-general.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://2.bp.blogspot.com/-EbzTpSzXpVo/TWYXtSjMp8I/AAAAAAAAAiE/bnnvgCE1Jes/s320/esham-forward-mangle-out-eoip-general.png" alt="" id="BLOGGER_PHOTO_ID_5577171255385958338" border="0" /></a><br />Kadang kala pengiriman data via tunnel mengalami kendala khususnya paket-paket TCP, jika anda menghadapi masalah tersebut jangan pusing solusinya adalah buat mangle di chain forward utk tcp syn action change mss clamp to pmtu, tujuannya agar tunnel tersebut bisa mengatur parameter MTU (Maximum Transfer Unit) yang mungkin berbeda diantara end-point tersebut<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-9073413547681237440?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-80373854396059647252010-11-06T17:57:00.010+07:002010-11-06T18:56:42.440+07:00Cek IP Akamai yang ada di daftar NICESemakin hari semakin banyak ISP Indonesia yang dipercaya Akamai untuk meng-cache konten-konten akamai , permasalahan timbul karena ISP seperti Idola/Lintas Arta, Telkom, Indosat dll mengadvertise blok IP Akamai Server mereka ke OpenIXP/IIX sehingga daftar nice.rsc juga akan menyertakan blok IP Akamai sebagai prefix lokal Indonesia padahal traffic Akamai yang di host di ISP Indonesia tsb tidak selalu dapat di download dari OpenIXP/IIX biasanya hanya outgoing routingnya saja via OpenIXP/IIX tetapi incoming routingnya tetap melalui pipa International kecuali para pelanggan Speedy atau Firstmedia "mungkin" mereka dapat mendownload konten Akamai secara khusus dari jaringan Speedy / Firstmedia .<br /><br />berikut bukti akamai Idola/LintasArta di download melalui interface international sedangkan outgoingnya melalui interface lokal dan prefix 202.152.0.0/19 terdaftar di address-list = nice<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNVB52POwUI/AAAAAAAAAg0/lWHV079e2-o/s1600/akamai-idola.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 228px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNVB52POwUI/AAAAAAAAAg0/lWHV079e2-o/s320/akamai-idola.PNG" alt="" id="BLOGGER_PHOTO_ID_5536403778989637954" border="0" /></a><br /><div><br /></div><div>Permasalahan ini sudah pernah saya tulis juga dalam artikel blog saya terdahulu: <a href="http://inetshoot.blogspot.com/2008/11/pemisahan-traffic-ke-ip-akamai-indosat.html">http://inetshoot.blogspot.com/2008/11/pemisahan-traffic-ke-ip-akamai-indosat.html</a> , dimana kerancuan prefix Akamai di nice.rsc akan mengakibatkan limitasi bandwidth lokal dan international bisa tidak sesuai pada para pengguna mikrotik yang memanfaatkan nice.rsc</div><div><br /></div><div>sehingga akan terjadi traffic international akan dianggap iix sehingga bandwidth International akan selalu mentok terpakai karena biasanya limitasi untuk iix akan lebih longgar / lebih besar bandwidthnya padahal umumnya bandwidth International yang di dapat lebih kecil dari pada bandwidth lokal Indonesia.</div><div><br /></div><div>Untuk itu saya coba menangkap IP Akamai Server yang di advertise oleh ISP Indonesia di OpenIXP/IIX agar para pengguna nice.rsc bisa lebih lanjut mengkondisikan agar traffic Akamai tidak tercampur dengan mangle / queue traffic IIX, atau bisa jadi dikembangkan untuk memanipulasi agar traffic Akamai tsb di redirect ke proxy yang terhubung langsung dengan speedy atau firstmedia hehehe peace....</div><div><br /></div><div>Langka1:</div><div>Buat /ip firewall layer7-protocol<br /></div><div><br /></div><div><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TNU8DE6gPII/AAAAAAAAAgM/PsvVDoaOA7I/s1600/layer7-akamai.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 206px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TNU8DE6gPII/AAAAAAAAAgM/PsvVDoaOA7I/s320/layer7-akamai.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397340478291074" border="0" /></a></div><div><br /></div><div>Langka2:</div><div>Buat /ip firewall filter forward</div><div><br /><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TNU8DZybvwI/AAAAAAAAAgU/8XDgQ5uQRoo/s1600/filter-akamai1.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 217px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TNU8DZybvwI/AAAAAAAAAgU/8XDgQ5uQRoo/s320/filter-akamai1.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397346081586946" border="0" /></a><br /></div><div><br /></div><div><a href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TNU8DWTFa7I/AAAAAAAAAgc/qUMkMhCc9qE/s1600/filter-akamai2.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 220px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TNU8DWTFa7I/AAAAAAAAAgc/qUMkMhCc9qE/s320/filter-akamai2.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397345144794034" border="0" /></a></div><div><br /></div><div><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNU8D0eOnNI/AAAAAAAAAgk/5WGBaiWECVA/s1600/filter-akamai3.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 222px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNU8D0eOnNI/AAAAAAAAAgk/5WGBaiWECVA/s320/filter-akamai3.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397353244597458" border="0" /></a></div><div><br /></div><div>Hasilnya akan terdapat pada address-list = "akamai-indonesia"</div><div><br /></div><div><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNU8D_0iowI/AAAAAAAAAgs/7oAfutP0PFs/s1600/akamai-address-list.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TNU8D_0iowI/AAAAAAAAAgs/7oAfutP0PFs/s320/akamai-address-list.PNG" alt="" id="BLOGGER_PHOTO_ID_5536397356290974466" border="0" /></a></div><div><br /></div><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8037385439605964725?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com6tag:blogger.com,1999:blog-4650800593925871709.post-6677578360247959722010-10-31T17:52:00.004+07:002010-10-31T18:00:13.413+07:00Petunjuk singkat menjadikan gmail sebagai smtp outlookSeringkali anda harus bepergian ke berbagai tempat dan pada waktu akan mengirim email menggunakan email client seperti outlook kesulitan mengakses smtp, karena sebagian besar smtp dibatasi aksesnya hanya untuk jaringan internal perusahaan atau intranet atau hanya dapat diakses melalui jaringan ISP yang digunakan di kantor<br /><p class="MsoNormal">Salah satu solusi praktis bagi anda yang sering bepergian adalah menjadikan smtp.gmail.com untuk outoging smtp di outlook agar tidak perlu melakukan perubahan konfigurasi smtp jika notebook dibawa ke tempat manapun selama ada akses Internet dan smtp.gmail.com port 587 di izinkan oleh firewall hotspot atau router dimana anda terkoneksi dengan Internet.<br /></p> <p class="MsoNormal">Petunjuk dari google dapat di lihat pada url berikut untuk outlook 2003</p> <p class="MsoNormal"><a href="http://mail.google.com/support/bin/answer.py?answer=75291">http://mail.google.com/support/bin/answer.py?answer=75291</a></p> <p class="MsoNormal">smtp.gmail.com bisa digunakan untuk outgoing mail server (smtp) semua mailbox yang kita miliki dengan klik “More Settings” pada account yang akan kita set , lalu pada tab “Outgoing Server” ceklist “My outgoing server (SMTP) requires authenctication” dan pilih “Log on using” masukkan username gmail yang anda daftarkan di gmail dan masukkan password gmail anda , agar tidak selalu meminta passwrod ceklist “Remember password”<br /></p><p class="MsoNormal">Gambar dibawah adalah tampilan outlook 2007 tetapi harusnya tidak jauh berbeda dengan outlook 2003<br /></p> <p class="MsoNormal"><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TM1Lv40O1VI/AAAAAAAAAfU/rFXi5OoPvo0/s1600/outlook1.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TM1Lv40O1VI/AAAAAAAAAfU/rFXi5OoPvo0/s320/outlook1.PNG" alt="" id="BLOGGER_PHOTO_ID_5534162803185603922" border="0" /></a></p><p class="MsoNormal"><br /></p> <p class="MsoNormal">Pada tab “Advanced” set “Outgoing server (SMTP) dengan port: 587” dan pilih “Use the following type of encrypted connection = TLS” lalu Klik “OK”</p> <p class="MsoNormal"><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TM1LwJLQ7GI/AAAAAAAAAfc/R8269mM5j4k/s1600/outlook2.PNG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TM1LwJLQ7GI/AAAAAAAAAfc/R8269mM5j4k/s320/outlook2.PNG" alt="" id="BLOGGER_PHOTO_ID_5534162807577177186" border="0" /></a></p> <p class="MsoNormal">Dengan demikian maka notebook anda bisa mengirim email menggunakan SMTP : smtp.gmail.com dimanapun bisa mengakses Internet.</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-667757836024795972?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-21925867647866221982010-10-07T18:26:00.008+07:002010-10-07T19:20:25.136+07:00Langkah langkah upgrade firmware Switch Procurve 2650Berikut adalah langkah-langkah untuk uprgrade firmware switch HP Procurve 2650<br /><br />Untuk melakukan upgrade firmware siapkan:<br /><br />1. Kabel konsol<br />2. USB to Serial untuk notebook baru sudah tidak menyediakan port serial<br />3. Kabel UTP untuk proses upload / download OS dari ke switch<br />4. TFTP Server bisa di download dari solarwind:<a href="http://www.solarwinds.com/register/registration.aspx?program=52&c=70150000000CcH2&INTCMP=ILC-TFTP_Top_DL"> http://www.solarwinds.com/register/registration.aspx?program=52&c=70150000000CcH2&INTCMP=ILC-TFTP_Top_DL<br /></a>5. Download putty.exe untuk telnet, ssh dan serial koneksi : <a href="http://www.putty.org/">http://www.putty.org/</a><br /><br /><span style="font-weight: bold;">Langkah1</span><br /><br />Download firmware switch dari:<br /><br /><a href="http://h10144.www1.hp.com/customercare/support/software/summarypages/h-j4900-c.htm">http://h10144.www1.hp.com/customercare/support/software/summarypages/h-j4900-c.htm<br /></a><br />simpan di direktori misal :<br /><br />C:\Users\Harijanto\Downloads\2600-Software-H1083\<br /><br /><span style="font-weight: bold;">Langkah2</span><br /><br />Jika switch belum di konfigure IP nya pasang kabel konsol + usb to serial , lalu gunakan aplikasi hyperterminal atau putty.exe , jangan lupa nyalakan switchnya juga.<br /><br />Untuk mengetahui di COM berapa kabel serial tersebut terpasang caranya cek di device-manager , cara paling praktis klik kanan di my computer lalu pilih manage<br /><br /><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2vm4olgjI/AAAAAAAAAdU/XVlbZLIJUYc/s1600/howto-uprade-procurve-firmware-1.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2vm4olgjI/AAAAAAAAAdU/XVlbZLIJUYc/s320/howto-uprade-procurve-firmware-1.png" alt="" id="BLOGGER_PHOTO_ID_5525265400425972274" border="0" /></a><br />di contoh ini usb to serial di com13<br /><br />setelah mengetahui di com berapa jalankan program putty.exe<br /><br /><a href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2vnSh2FbI/AAAAAAAAAdc/qpBDHp3u8mA/s1600/howto-uprade-procurve-firmware-2.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2vnSh2FbI/AAAAAAAAAdc/qpBDHp3u8mA/s320/howto-uprade-procurve-firmware-2.png" alt="" id="BLOGGER_PHOTO_ID_5525265407377020338" border="0" /></a><br />pilih serial dan ketik com13 lalu klik Open<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2vnv0DJcI/AAAAAAAAAdk/hrX-xJ-arV8/s1600/howto-uprade-procurve-firmware-3.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2vnv0DJcI/AAAAAAAAAdk/hrX-xJ-arV8/s320/howto-uprade-procurve-firmware-3.png" alt="" id="BLOGGER_PHOTO_ID_5525265415238002114" border="0" /></a><br />enter -> enter maka putty akan mendetek kecepatan baud-ratenya kalau sudah bisa komunikasi makan akan muncul CLI dari switch procurve tersebut<br /><br /><a href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2vn_qQzyI/AAAAAAAAAds/aI8C_G-k8ew/s1600/howto-uprade-procurve-firmware-4.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2vn_qQzyI/AAAAAAAAAds/aI8C_G-k8ew/s320/howto-uprade-procurve-firmware-4.png" alt="" id="BLOGGER_PHOTO_ID_5525265419491921698" border="0" /></a><br />ketik : sh run<br />maka akan muncul konfigurasi switch tersebut, di contoh ini switch belum di beri IP statik , untuk itu setup ip statik di vlan1 caranya ketik:<br /><br />config t<br />vlan1<br />ip address 192.168.0.1 255.255.255.0<br /><br />untuk menyimpan konfigurasi ketik:<br /><br />write mem<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2voMAZzJI/AAAAAAAAAd0/pU6PxMA9kpE/s1600/howto-uprade-procurve-firmware-5.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2voMAZzJI/AAAAAAAAAd0/pU6PxMA9kpE/s320/howto-uprade-procurve-firmware-5.png" alt="" id="BLOGGER_PHOTO_ID_5525265422806011026" border="0" /></a><br /><span style="font-weight: bold;">Langkah 3</span><br /><br />kemudian set ip 192.168.0.2 mask 255.255.255.0 di interface ethernet pada notebook seperti berikut ini:<br /><br /><br /><a href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wG0ew7zI/AAAAAAAAAd8/QJPm4jqvgEQ/s1600/howto-uprade-procurve-firmware-6.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wG0ew7zI/AAAAAAAAAd8/QJPm4jqvgEQ/s320/howto-uprade-procurve-firmware-6.png" alt="" id="BLOGGER_PHOTO_ID_5525265949066850098" border="0" /></a><br />setelah notebook diset ip 192.168.0.2 netmask 255.255.255.0 maka harusnya dari notebook sudah bisa ping ke 192.168.0.1<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wHJWVRoI/AAAAAAAAAeE/XVT8G8Y0elg/s1600/howto-uprade-procurve-firmware-7.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wHJWVRoI/AAAAAAAAAeE/XVT8G8Y0elg/s320/howto-uprade-procurve-firmware-7.png" alt="" id="BLOGGER_PHOTO_ID_5525265954668627586" border="0" /></a><br /><span style="font-weight: bold;">Langkah 4</span><br /><br />lalu aktfikan tftp solarwind , arahkan direktori ke path dimana file firmware / os switch berada dengan cara klik file->configure->storage klik browse arahkan ke direktori dimana file firmware / os berada kalau sudah klik OK<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wHX-YOFI/AAAAAAAAAeM/4Ri4fIUu8DE/s1600/howto-uprade-procurve-firmware-8.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wHX-YOFI/AAAAAAAAAeM/4Ri4fIUu8DE/s320/howto-uprade-procurve-firmware-8.png" alt="" id="BLOGGER_PHOTO_ID_5525265958594689106" border="0" /></a><br />jangan lupa klik "Start" agar tftp server dijalankan<br /><br /><a href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TK2wHmH8YtI/AAAAAAAAAeU/qVumRIiTKnw/s1600/howto-uprade-procurve-firmware-9.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TK2wHmH8YtI/AAAAAAAAAeU/qVumRIiTKnw/s320/howto-uprade-procurve-firmware-9.png" alt="" id="BLOGGER_PHOTO_ID_5525265962392904402" border="0" /></a><br /><span style="font-weight: bold;">Langkah 5</span><br /><br />di konsole putty ketik: menu maka akan muncul menu dan pilih "Download OS"<br /><br /><a href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TK2wH78zNWI/AAAAAAAAAec/OINZ50a3UAM/s1600/howto-uprade-procurve-firmware-10.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TK2wH78zNWI/AAAAAAAAAec/OINZ50a3UAM/s320/howto-uprade-procurve-firmware-10.png" alt="" id="BLOGGER_PHOTO_ID_5525265968251745634" border="0" /></a><br />masukkan ip tftp server dalam contoh ini: 192.168.0.2 dan nama file dalam contoh ini: H_10_83.swi , kemudian pilih execute<br /><br /><a href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wbWHiTyI/AAAAAAAAAek/BK-7C9pNkR4/s1600/howto-uprade-procurve-firmware-11.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wbWHiTyI/AAAAAAAAAek/BK-7C9pNkR4/s320/howto-uprade-procurve-firmware-11.png" alt="" id="BLOGGER_PHOTO_ID_5525266301693611810" border="0" /></a><br />jika semua benar maka proses download os akan dilaksanakan<br /><br /><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2wb2edVcI/AAAAAAAAAes/wbKanO_OUsk/s1600/howto-uprade-procurve-firmware-12.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2wb2edVcI/AAAAAAAAAes/wbKanO_OUsk/s320/howto-uprade-procurve-firmware-12.png" alt="" id="BLOGGER_PHOTO_ID_5525266310379689410" border="0" /></a><br />Jika sudah selesai maka akan ada pesan sbb:<br /><br /><a href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2wcfCT8eI/AAAAAAAAAe8/Gi5VHEcYmLw/s1600/howto-uprade-procurve-firmware-14.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TK2wcfCT8eI/AAAAAAAAAe8/Gi5VHEcYmLw/s320/howto-uprade-procurve-firmware-14.png" alt="" id="BLOGGER_PHOTO_ID_5525266321267487202" border="0" /></a><br />selanjutnya switch harus di reboot, jika tidak boot otomatis ketik: boot, maka switch akan melakukan proses reboot<br /><br /><a href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wc0KyO3I/AAAAAAAAAfE/V0TzT0mTAPA/s1600/howto-uprade-procurve-firmware-15.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TK2wc0KyO3I/AAAAAAAAAfE/V0TzT0mTAPA/s320/howto-uprade-procurve-firmware-15.png" alt="" id="BLOGGER_PHOTO_ID_5525266326940171122" border="0" /></a><br />dan jika sudah berhasil maka kalau di : sh run , maka tampilannya aka sbb:<br /><br /><a href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wyq99YAI/AAAAAAAAAfM/5eC8xKeXeio/s1600/howto-uprade-procurve-firmware-16.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TK2wyq99YAI/AAAAAAAAAfM/5eC8xKeXeio/s320/howto-uprade-procurve-firmware-16.png" alt="" id="BLOGGER_PHOTO_ID_5525266702427578370" border="0" /></a><br />di sini bisa dilihat bahwa firmware/os switch sudah menggunakan versi baru yang tadi di download<br /><br />Selamat mencoba<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2192586764786622198?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-60892832656593039242010-09-10T12:37:00.002+07:002010-09-10T12:55:41.691+07:00Perbedaan Pseudo Bridge dengan WDSSetelah mencari-cari penjelasan pseudobridge vs WDS akhirnya kutemukan artikel ini:<br /><br /><a href="http://forum.mikrotik.com/viewtopic.php?f=13&t=41165">http://forum.mikrotik.com/viewtopic.php?f=13&t=41165<br /></a><br />psudo only allows one active mac address to be behind the client.<br /><br />so if you have a CPE with a customers router or single PC behind it, it works great. If the customer plugs in a switch and tries to hook up two computers that try to get online, it won't work as expected for them, and only one device at a time can receive packets.<br /><br />Additionally it has less overhead than WDS, and reconnects to the AP faster in the event of a disconnect (WDS has to connect once regular, probe the AP to determine if WDS is supported, then reconnect as a WDS connection), Plus the option of turning off default forwarding on the AP works (To accomplish the same when using WDS you have to get creative and use a bunch of bridge rules).<br /><br />For a backhaul, you should really avoid using WDS (or psudobridge), you should be using regular station and bridge mode, with no other devices connected, and then routing the data across a /30 subnet, preferably using OSPF (and a redundant path available), but static routing can be used if necessary.<br /><br />Thanks Brian:<br /><span class="postbody">-Brian<br /><br /><a href="http://www.thehostingnews.com/" class="postlink">http://www.thehostingnews.com</a><br />gawkwire.com<br />sailingit.com<br /><br />Penjelasannya kurang lebih sbb:<br /><br />Kalau pake pseudo bridge hanya satu mac-address yang bisa aktif dibelakang access-point-client (APC) , alias di sisi router distribusi yang arp-tablenya hanya bisa kenal satu mac-address router sisi clientnya (semoga ngerti yang saya maksud)<br /><br />jadi kalau Client Permissive Equipment (CPE) hanya dihubungkan ke satu router client menggunakan pseudobridge akan sangat bagus, tapi kalau CPE dihubungkan ke switch lalu ada lebih dari satu komputer maka hanya salah satu komputer saja yang arp nya masuk di arp-table router ISP , jadi kalau clientnya gak punya router dari CPE langsung ke switch lalu masuk beberapa komputer sisi APC harus dijadiin station-wds<br /><br />Tapi dijelaskan oleh Brian, bahwa pseudobridge overheadnya lebih kecil dari WDS, alias lebih efisien dibanding WDS , dan pseodobridge kalau disconnect , connect lagi ke AP nya lebih cepat dibanding WDS.<br /><br />Untuk backhaul kata Brian, sebaiknya menghindari pakai WDS tapi pakai mode station dan bridge biasa lalu lakukan routing per /30 subnet bisa pakai ospf atau static routing.<br /><br />Semoga penjelasan ini bermanfaat<br /><br />Salam<br />Harijanto P.<br />http://htsolusi.net<br />http://pt-pda.net<br /><br /><br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6089283265659303924?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-2630523775099481042010-09-08T09:12:00.004+07:002010-09-08T09:28:08.798+07:00Bridging Pada Ubiquiti RocketBaru-baru ini saya mencoba produk ubiquiti rocket yang digunakan sebagai bridging antar BTS, maklum masih newbie dengan produk ini jadi belum paham benar karakternya.<br /><br />Kasus yang saya hadapi:<br /><br />Untuk menghubungkan satu router mikrotik ke router mikrotik lainnya melalui ubiquiti rocket saya harus membuat eoip-tunnel agar ospf antar router berfungsi dengan baik, entah mengapa harus menggunakan eoip-tunnel kalau menggunakan dynamic routing ospf karena kalau ping ptp dan static routing bisa berfungsi<br /><br />kalau dari hasil baca-baca wiki ubiquiti sbb:<br /><a href="http://www.ubnt.com/wiki/How_to_bridge_internet_connections">http://www.ubnt.com/wiki/How_to_bridge_internet_connections</a><br /><br />Sepertinya antar ubiquiti rocket harus menggunakan access-point wds dengan station wds kalau ingin menjalankan transparent bridge, kalau dari hasil pengamatan antara ubiquiti rocket yang menggunakan wds dan tidak di tabel arp yang ada di router mikrotik jelas kalau ubiquiti rocket yang menggunakan wds arp tablenya antara ap-wds, station-wds dan router mikrotik mac-addressnya masing-masing terpisah sedangkan kalau ubiquiti rocket yang non wds arp tablenya antara ap, station dan router mikrotik mac-address station dan router sama-sama menggunakan mac-address ubiquiti jadi seperti mac clonning pada radio senao , arp tablenya bisa dilihat pada gambar berikut:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TIbz5BgYJNI/AAAAAAAAAcc/m5VsirAhgJc/s1600/mac-ubnt-station-station-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 80px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TIbz5BgYJNI/AAAAAAAAAcc/m5VsirAhgJc/s320/mac-ubnt-station-station-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362954744079570" border="0" /></a><br />berikut adalah screen capture ubiquiti rocket dengan ap-wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TIbz5zlkodI/AAAAAAAAAck/fJAIWmwIlxM/s1600/ubng-ap-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 152px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TIbz5zlkodI/AAAAAAAAAck/fJAIWmwIlxM/s320/ubng-ap-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362968187642322" border="0" /></a><br /><br />berikut adalah screen capture ubiquiti rocket dengan station-wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TIbz6aXnhnI/AAAAAAAAAcs/5Id4E6TGfp8/s1600/ubng-station-wds.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TIbz6aXnhnI/AAAAAAAAAcs/5Id4E6TGfp8/s320/ubng-station-wds.png" alt="" id="BLOGGER_PHOTO_ID_5514362978598094450" border="0" /></a><br /><br />berikut adalah screen capture ubiquiti dengan ap non wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TIbz7AUy3KI/AAAAAAAAAc0/KUq0WmJwhKg/s1600/ubnt-ap.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TIbz7AUy3KI/AAAAAAAAAc0/KUq0WmJwhKg/s320/ubnt-ap.png" alt="" id="BLOGGER_PHOTO_ID_5514362988786801826" border="0" /></a><br />berikut adalah screen capture ubiquiti dengan station non wds:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TIbz776kmkI/AAAAAAAAAc8/6T3ENYdNLxo/s1600/ubnt-station.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 153px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TIbz776kmkI/AAAAAAAAAc8/6T3ENYdNLxo/s320/ubnt-station.png" alt="" id="BLOGGER_PHOTO_ID_5514363004782942786" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-263052377509948104?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-57018803744062320452010-08-20T00:44:00.004+07:002010-08-20T01:03:49.442+07:00RSTP Bridge failover layer2 menggunakan Mikrotik<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1wBFEAN5I/AAAAAAAAAcU/uimCiaDYvCg/s1600/IMG00215-20100820-0025.jpg"><br /></a>Hari ini saya kedatangan kawan lama , seperti biasa dia minta bantuan ngoprek Mikrotik<br />masalahnhya dia ingin memasang server penyaring spam virus dll dalam mode bridge tetapi kalau suatu saat server penyaring tsb bermasalah maka traffic harus di bypass melalui port lainnya<br /><br />kurang lebih topologinya spt ini:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TG1unaZxnwI/AAAAAAAAAbk/X7CEcelDGL8/s1600/topologi.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 109px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TG1unaZxnwI/AAAAAAAAAbk/X7CEcelDGL8/s320/topologi.jpg" alt="" id="BLOGGER_PHOTO_ID_5507179542725369602" border="0" /></a><br />Jadi semisal link ether2 putus maka data akan mengalir melalui ether1 , sedangkan jika link ether1 putus data akan mengalir melalui ether2, jika kedua link tidak putus maka data akan mengalir melalui ether1 menggunakan mekanisme RSTP: <a href="http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge">http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge</a><br /><br />dalam percobaan ini saya menggunakan RB750G yang terdiri dari RSTP-A dan RSTP-B, dimana RSTP-A pada ether3 terhubung langsung dengan router / koneksi Internet sedangkan RSTP-B terhubung dengan notebook<br /><br />Berikut adalah foto RSTP-A<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1wAhzKnVI/AAAAAAAAAcM/UCdc0Vz8AWk/s1600/IMG00214-20100820-0024.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1wAhzKnVI/AAAAAAAAAcM/UCdc0Vz8AWk/s320/IMG00214-20100820-0024.jpg" alt="" id="BLOGGER_PHOTO_ID_5507181073719270738" border="0" /></a><br />Berikut adalah foto RSTP-B<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1wBFEAN5I/AAAAAAAAAcU/uimCiaDYvCg/s1600/IMG00215-20100820-0025.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1wBFEAN5I/AAAAAAAAAcU/uimCiaDYvCg/s320/IMG00215-20100820-0025.jpg" alt="" id="BLOGGER_PHOTO_ID_5507181083185133458" border="0" /></a><br />Pada RSTP-A Konfigurasi bisa dilihat sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/TG1unuRLpBI/AAAAAAAAAbs/r2e0dNE4zCI/s1600/RSTP-A.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/TG1unuRLpBI/AAAAAAAAAbs/r2e0dNE4zCI/s320/RSTP-A.png" alt="" id="BLOGGER_PHOTO_ID_5507179548058035218" border="0" /></a><br />Pada RSTP-B konfigurasi bisa dilihat sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1un5npR_I/AAAAAAAAAb0/vn2sRmqozZ4/s1600/RSTP-B.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TG1un5npR_I/AAAAAAAAAb0/vn2sRmqozZ4/s320/RSTP-B.png" alt="" id="BLOGGER_PHOTO_ID_5507179551105042418" border="0" /></a><br />Yang membedakannya hanya pada :<br /><br />[admin@RSTP-B] /interface bridge port> /interface bridge port set path-cost=20 interface=ether2<br /><br />jadi di RSTP-A dan RSTP-B untuk interface=ether2 path-cost dibuat 20 sedangkan ether1 path-cost = 10<br /><br />sehingga pada keadaan normal data akan dialirkan melalui ether1 ke ether3 melalui bridge<br /><br />untuk uji coba saya lakukan ping ke dns google 8.8.8.8 dari notebook lalu salah satu kabel misal ether1 saya cabut maka data akan mengalir lewat ether2<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/TG1uolJhRrI/AAAAAAAAAcE/PSNk5nrZyIg/s1600/RSTP-B-ETHER2-PLUG.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/TG1uolJhRrI/AAAAAAAAAcE/PSNk5nrZyIg/s320/RSTP-B-ETHER2-PLUG.png" alt="" id="BLOGGER_PHOTO_ID_5507179562789848754" border="0" /></a><br />dan ketika kabel ether1 di pasang lagi maka data akan kembali melalui ether1<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TG1uofK5k_I/AAAAAAAAAb8/n2ahkEmER38/s1600/RSTP-B-ETHER2-UNPLUG.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 180px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TG1uofK5k_I/AAAAAAAAAb8/n2ahkEmER38/s320/RSTP-B-ETHER2-UNPLUG.png" alt="" id="BLOGGER_PHOTO_ID_5507179561185022962" border="0" /></a><br />atau sebaliknya<br /><br />jadi kesimpulannya dua RB750G tersebut bisa menjadi bridge RSTP yang menjadi solusi fail-over layer2 yang ekonomis dan praktis<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5701880374406232045?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com2tag:blogger.com,1999:blog-4650800593925871709.post-70816758638779494322010-06-21T23:26:00.008+07:002010-06-21T23:52:08.202+07:00Analisa Paket Data Game Point Blank pada waktu melakukan Patch dibantu cache dari Squid ProxyWah sudah lama gak nulis di blog , kebetulan malam ini iseng pengen tahu karakter game Point Blank http://pb.gemscool.com/<br /><br />Setelah mendownload aplikasi dan patch dan mendaftar user di gemscool lalu selanjutnya saya coba mainkan mh.... ya seperti Counter Strike permainannya tapi karena tangan sudah lama gak dibuat untuk main game jadi ya kaku kaku gitu harus menghafalkan tombol2 navigasi lagi yang kurang lebih seperti CS.<br /><br />yang menarik pada waktu iseng saya klik tombol Check sebelum mengklik Start yang dilakukan oleh PB adalah melakukan download patch dan ternyata bandwidth 10Mbps di sikat habis wak....<br />waduh ini game kalau lagi ngepatch sadis punya ternyata mh... iseng saya torch di mikrotik ternyata patchnya via port 80 alias http wah ini bisa di bantu squid nih.<br /><br />Benar saja setelah saya redirect port 80 ke squid hasilnya sesuai dengan yang saya inginkan yaitu file2 patch bisa di cache di squid proxy sehingga trafficnya sekarang yang besar yang kearah squid proxy<br /><br />Gambar berikut adalah bukti bahwa proses patch bisa di bantu squid dengan hasil tail -f /var/log/squid/access.log banyak sekali TCP_HIT maupun TCP_MEM_HIT untuk file2 .zip artinya sekarang patch PB diambil dari cache yang ada di squid<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-UFn5A1dI/AAAAAAAAAbE/poyqSnzkqqM/s1600/squid-hit-patch-pb.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 216px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-UFn5A1dI/AAAAAAAAAbE/poyqSnzkqqM/s400/squid-hit-patch-pb.png" alt="" id="BLOGGER_PHOTO_ID_5485265695488923090" border="0" /></a><br />Berikut adalah tampilan torch mikrotik pada interface wlan1 untuk ip source 10.5.50.232 ternyata pada waktu patch Tx Rate sangat tinggi sekali mencapai 8.2Mbps , untungnya saat ini sudah di dst-nat ke squid sehingga Data Rate yang menuju ke Jakarta tidak sampai 8.2Mbps karena sebagian besar file patching telah ada di squid proxy<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/TB-Ujz-1wYI/AAAAAAAAAbM/beILnjlh_KI/s1600/kantor-pda-t-proxy.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 199px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/TB-Ujz-1wYI/AAAAAAAAAbM/beILnjlh_KI/s400/kantor-pda-t-proxy.png" alt="" id="BLOGGER_PHOTO_ID_5485266214130663810" border="0" /></a><br /><br />Ini adalah buktinya pada waktu PB melakukan patching dan port 80 diredirect ke squid proxy di mikrotik backbone Jakarta-Cirebon tidak terjadi lonjakan traffic sd 8Mbps lebih seperti yang terjadi pada mikrotik distribusi hotspot di kantor.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-WQ-fDwmI/AAAAAAAAAbU/NN7pmVRgHNE/s1600/pda1-torch.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 217px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-WQ-fDwmI/AAAAAAAAAbU/NN7pmVRgHNE/s400/pda1-torch.png" alt="" id="BLOGGER_PHOTO_ID_5485268089555894882" border="0" /></a><br /><br />Jadi kesimpulannya traffic patch Point Blank sangat bisa di bantu oleh mekanisme cache squid proxy, sedangkan pada saat permainan berlangsung dengan skenario notebook saya sebagai client yang joint ke server public PB , data rate yang terjadi sangat kecil sekitar 15Kbps-16Kbps<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-W1yX74NI/AAAAAAAAAbc/m8OCDNiTqDg/s1600/pb-on-war.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 134px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/TB-W1yX74NI/AAAAAAAAAbc/m8OCDNiTqDg/s400/pb-on-war.png" alt="" id="BLOGGER_PHOTO_ID_5485268721959952594" border="0" /></a><br />Jadi kesimpulannya:<br /><br />1. Proses Patch game Point Blank yang sangat berat bisa di bantu dengan mekanisme cache dari squid<br />2. Pada saat permainan berlangsung alokasi bandwidth per PC game bisa diset dari 32Kbps - 128Kbps<br />3. Buat alokasi bandwidth khusus yang berasal dari PC Game menuju ke squid proxy<br /><br />adapun di /etc/squid/squid.conf saya coba set parameter berikut:<br /><br />maximum_object_size 300000 KB<br />store_avg_object_size 5000 KB<br /><br />karena dari beberapa forum dan blog, ada yang berkomentar maximum objectnya di besarkan jadi 300MB agar file2 patch PB bisa di cache oleh squid<br /><br />Semoga hasil analisa ini bisa berguna bagi yang memerlukannya<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-7081675863877949432?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com3tag:blogger.com,1999:blog-4650800593925871709.post-89953029316178785892010-01-05T14:24:00.006+07:002010-01-05T14:48:17.435+07:00Max-Term + SATA DOM + Mikrotik 4.4 Level 4 alternatif RB1000Hari ini dapet mainan dari seorang teman sebuah Komputer Max-Term / Maxspeed dengan spesifikasi sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LqLPt3JaI/AAAAAAAAAas/BfuBsp5Ut28/s1600-h/maxterm.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 353px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LqLPt3JaI/AAAAAAAAAas/BfuBsp5Ut28/s400/maxterm.JPG" alt="" id="BLOGGER_PHOTO_ID_5423154380225848738" border="0" /></a><br /><br />Penasaran mau tahu bisa menangani paket sebanyak apa saya lakukan percobaan dengan menggunakan btest.exe dari notebook dengan spesifikasi sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/S0Lq8SZnPzI/AAAAAAAAAa0/5HUuOQZKcmU/s1600-h/winxp.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 351px; height: 400px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/S0Lq8SZnPzI/AAAAAAAAAa0/5HUuOQZKcmU/s400/winxp.JPG" alt="" id="BLOGGER_PHOTO_ID_5423155222759817010" border="0" /></a><br /><span style="font-weight: bold;">Percobaan 1: </span>Max-Term dijalankan BTest-Server lalu dari notebook lenovo menjalankan btest.exe sebanyak 15 windows dengan kombinasi udp dan tcp packet, hasilnya:<br /><br />Tx Packet mencapai 8.658 pps dan Rx Packet 14.304 pps pada Tx 76.5 Mbps dan Rx 91.1 Mbps dengna latency mencapai 50 ms - 80 ms cpu 100%<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0Lplz8EfiI/AAAAAAAAAac/EhQ1ITpV-yA/s1600-h/max-term-test-packet.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0Lplz8EfiI/AAAAAAAAAac/EhQ1ITpV-yA/s400/max-term-test-packet.JPG" alt="" id="BLOGGER_PHOTO_ID_5423153737114091042" border="0" /></a><br /><br /><span style="font-weight: bold;">Percobaan 2:</span> Notebook menjalankan btest.exe sebagai server dan Max-Term melakukan bandwidth-test ke notebook sebanyak 25 terminal dengan protocol udp hasilnya:<br /><br />Tx Packet mencapai 3.280 pps dan Rx Packet 8.061 pps pada Tx 38.7Mbps dan Rx 97.1Mbps dengna latency mencapai 3 ms cpu 18%<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LpmD0LHaI/AAAAAAAAAak/GmTA39LAWdY/s1600-h/max-term-test-packet-udp-to-notebook.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LpmD0LHaI/AAAAAAAAAak/GmTA39LAWdY/s400/max-term-test-packet-udp-to-notebook.JPG" alt="" id="BLOGGER_PHOTO_ID_5423153741375937954" border="0" /></a><br />Kesimpulan:<br />Harusnya dengan MaxTerm / Maxspeed + Mikrotik 4.4 Level 4 bisa mem-forward packet 0 - 10000 pps pada throughput <input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"> 0 - 20 Mbps dengan lancar<br /><br />Berikut adalah gambar MaxTerm / Maxspeed :<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LplbUO6YI/AAAAAAAAAaM/j1PMqto4xcw/s1600-h/IMG00048-20100105-1357.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LplbUO6YI/AAAAAAAAAaM/j1PMqto4xcw/s400/IMG00048-20100105-1357.jpg" alt="" id="BLOGGER_PHOTO_ID_5423153730504550786" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LplmddewI/AAAAAAAAAaU/tfR6JzIZfAA/s1600-h/IMG00047-20100105-1356.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/S0LplmddewI/AAAAAAAAAaU/tfR6JzIZfAA/s400/IMG00047-20100105-1356.jpg" alt="" id="BLOGGER_PHOTO_ID_5423153733496044290" border="0" /></a><br />yang mau cari barangnya cek aja di : <a href="http://www.edccomp.com/product.php?id_product=175">http://www.edccomp.com</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8995302931617878589?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com2tag:blogger.com,1999:blog-4650800593925871709.post-39986839264403530672010-01-02T10:26:00.034+07:002010-01-02T11:45:51.586+07:00BGP Failover antar BTSHalo apakabar? Selamat Tahun Baru 2010 sudah lama saya tidak menulis blog saya ini, kebetulan lagi liburan Tahun Baru saya coba tulis contoh kasus BGP Failover antar BTS.<br /><br />Dalam contoh kasus BGP Failover antar BTS skenarionya adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz6-LJHurZI/AAAAAAAAAXE/VZbxl7eRQTI/s1600-h/bgp-failover-cyber-meruya-slipi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 352px; height: 400px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz6-LJHurZI/AAAAAAAAAXE/VZbxl7eRQTI/s400/bgp-failover-cyber-meruya-slipi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421980100036832658" border="0" /></a><br />Dengan skenario diatas maka BTS Slipi dan BTS Meruya menjadi full-protection (bahasa kerennya XL / Moratel / Icon+ untuk backbone fiber-optic mereka di pulau Jawa)<br /><br />Dengan demikian ada 4 BGP Router yang terlibat dalam skenario ini, yaitu: Router International dan Router OIXP/IIX yang keduanya ada di Gedung Cyber dan Router Mikrotik di BTS Slipi dan BTS Meruya<br /><br />Adapun link yang antara Gedung Cyber ke Slipi menggunakan Fiber Optic sedangkan antara Gedung Cyber ke Meruya menggunakan Microwave 15Ghz (Pake ISR tentunya) dan Dari Meruya ke Slipi menggunakan WiFi IEEE 802.11 tentunya pake Mikrotik RB600<br /><br />Ok langsung saja berikut adalah screen capturenya semoga bermanfaat bagi yang membacanya, oh ya dalam screen capture ip-ip publik yang relevan tidak saya sensor agar bisa menjadi contoh nyata karena semangat saya nulis adalah untuk berbagi jadi mohon agar tidak di serang ya "semoga".<br /><br /><span style="font-weight: bold;">Konfigurasi di Router IIX di Cyber pada Cisco 7206VXR G2:</span><br /><br />neighbor ke Mikrotik Meruya<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7BPpV77pI/AAAAAAAAAXM/oVHBc92dGSM/s1600-h/bgp-failover-cisco-bgp-peers-meruya.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 77px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7BPpV77pI/AAAAAAAAAXM/oVHBc92dGSM/s400/bgp-failover-cisco-bgp-peers-meruya.jpg" alt="" id="BLOGGER_PHOTO_ID_5421983475940716178" border="0" /></a><br />neighbor ke Mikrotik Slipi<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7BliYHDhI/AAAAAAAAAXU/aB0aRGHPGiE/s1600-h/bgp-failover-cisco-bgp-peers-peninsula.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 72px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7BliYHDhI/AAAAAAAAAXU/aB0aRGHPGiE/s400/bgp-failover-cisco-bgp-peers-peninsula.jpg" alt="" id="BLOGGER_PHOTO_ID_5421983852027907602" border="0" /></a><br />route-map IIXNICEONLY-EXPORT<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7B2D5fUuI/AAAAAAAAAXc/7_ParKrfA1g/s1600-h/bgp-failover-cisco-route-map.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 325px; height: 131px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7B2D5fUuI/AAAAAAAAAXc/7_ParKrfA1g/s400/bgp-failover-cisco-route-map.jpg" alt="" id="BLOGGER_PHOTO_ID_5421984135904187106" border="0" /></a><br />as-path 2 , tujuannya untuk memfilter hanya prefix dari AS7597 (IIX) dan AS7717 (NICE/OIXP) yang akan di advertise ke BGP Meruya dan Slipi, untuk di implementasikan ke route-map IIXNICEONLY-EXPORT diatas<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7CPdOsi-I/AAAAAAAAAXk/eXAPXeeTAMQ/s1600-h/bgp-failover-cisco-as-path-2.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 326px; height: 49px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7CPdOsi-I/AAAAAAAAAXk/eXAPXeeTAMQ/s400/bgp-failover-cisco-as-path-2.jpg" alt="" id="BLOGGER_PHOTO_ID_5421984572200750050" border="0" /></a><br />access-list 100, tujuannya selain prefix dari AS7597 (IIX) dan AS7717 (NICE/OIXP) juga prefix asli milik Datautama di advertise ke BGP Meruya dan Slipi, untuk di implementasikan ke route-map IIXNICEONLY-EXPORT diatas<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7C4LH7VXI/AAAAAAAAAXs/LaU9X1oGobw/s1600-h/bgp-failover-cisco-access-list.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 361px; height: 400px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7C4LH7VXI/AAAAAAAAAXs/LaU9X1oGobw/s400/bgp-failover-cisco-access-list.jpg" alt="" id="BLOGGER_PHOTO_ID_5421985271715157362" border="0" /></a><br />Dengan demikian maka BGP Meruya dan Slipi akan menerima prefix/routing table IIX+OIXP+Datautama<br /><br />Jika konfigurasi ke 4 BGP tersebut telah berfungsi maka hasil "sh ip bgp sum" di router IIX/OIXP di cyber adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7ECa1maEI/AAAAAAAAAX0/bEjGhlKZJOk/s1600-h/bgp-failover-cisco-bgp-sum.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 327px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7ECa1maEI/AAAAAAAAAX0/bEjGhlKZJOk/s400/bgp-failover-cisco-bgp-sum.jpg" alt="" id="BLOGGER_PHOTO_ID_5421986547243575362" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Internatinoal di Cyber:<br /></span><span><br />neighbor ke Mikrotik Meruya</span><span style="font-weight: bold;"><br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7EfCeefiI/AAAAAAAAAX8/WfwnuSiEIxw/s1600-h/bgp-failover-ibm-bgp-peers-meruya.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 93px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7EfCeefiI/AAAAAAAAAX8/WfwnuSiEIxw/s400/bgp-failover-ibm-bgp-peers-meruya.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987038920343074" border="0" /></a><br />neighbor ke Mikrotik Slipi<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7EqLzE-EI/AAAAAAAAAYE/eM4Y-WmlThg/s1600-h/bgp-failover-ibm-bgp-peers-slipi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 87px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7EqLzE-EI/AAAAAAAAAYE/eM4Y-WmlThg/s400/bgp-failover-ibm-bgp-peers-slipi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987230401230914" border="0" /></a><br />route-map KOSONG<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7E8Xf98zI/AAAAAAAAAYM/O_Yhdhmoe_s/s1600-h/bgp-failover-ibm-route-map.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 355px; height: 130px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7E8Xf98zI/AAAAAAAAAYM/O_Yhdhmoe_s/s400/bgp-failover-ibm-route-map.jpg" alt="" id="BLOGGER_PHOTO_ID_5421987542779949874" border="0" /></a><br />tujuan dari as-path access-list 11 deny .* pada route-map KOSONG adalah untuk memfilter semua prefix dari International agar tidak di advertise ke BTS Meruya dan Slipi, karena Mikrotik Meruya dan Slipi hanya perlu prefix IIX/OIXP agar routing menuju ke IIX/OIXP langsung belok ke Router IIX/OIXP di Cyber sedangkan default-route menuju ke Router International.<br /><br />Sebagai catatan: hal terpenting dalam bermain BGP maupun OSPF adalah pemahaman tentang filtering as-path , access-list, prepend, subnet dan supernet.<br /><br />Jika konfigurasi ke 4 BGP tersebut telah berfungsi maka hasil "sh ip bgp sum" di router International di cyber adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7GAzIeIMI/AAAAAAAAAYU/61iLSn1O5S8/s1600-h/bgp-failover-ibm-bgp-sum.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 230px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7GAzIeIMI/AAAAAAAAAYU/61iLSn1O5S8/s400/bgp-failover-ibm-bgp-sum.jpg" alt="" id="BLOGGER_PHOTO_ID_5421988718428692674" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Mikrotik Meruya:</span><br /><br />ip-address, interface backhaul adalah interface yang menghadap ke Cyber menggunakan Microwave 15Ghz<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7Ga7PZHDI/AAAAAAAAAYc/pea8Zax7BzI/s1600-h/bgp-failover-meruya-ipaddress.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 107px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7Ga7PZHDI/AAAAAAAAAYc/pea8Zax7BzI/s400/bgp-failover-meruya-ipaddress.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989167281806386" border="0" /></a><br />bgp-instance<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7Gy4rVQ_I/AAAAAAAAAYk/c0yugyoLbFI/s1600-h/bgp-failover-meruya-bgp-instance.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 363px; height: 400px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7Gy4rVQ_I/AAAAAAAAAYk/c0yugyoLbFI/s400/bgp-failover-meruya-bgp-instance.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989578910548978" border="0" /></a><br />bgp-peers Meruya ke International Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7HH6PsEUI/AAAAAAAAAYs/YT982AkHeZc/s1600-h/bgp-failover-meruya-bgp-peers-inter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 349px; height: 400px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7HH6PsEUI/AAAAAAAAAYs/YT982AkHeZc/s400/bgp-failover-meruya-bgp-peers-inter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421989940108726594" border="0" /></a><br />bgp-peers Meruya ke IIX Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7Ha8psjlI/AAAAAAAAAY0/BdPOqFRx7GU/s1600-h/bgp-failover-meruya-bgp-peers-iix.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 350px; height: 400px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7Ha8psjlI/AAAAAAAAAY0/BdPOqFRx7GU/s400/bgp-failover-meruya-bgp-peers-iix.jpg" alt="" id="BLOGGER_PHOTO_ID_5421990267172195922" border="0" /></a><br />bgp-peers Meruya ke Slipi, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7HqYNzRqI/AAAAAAAAAY8/vkvmZwVE_wM/s1600-h/bgp-failover-meruya-bgp-peers-peninsula.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 351px; height: 400px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/Sz7HqYNzRqI/AAAAAAAAAY8/vkvmZwVE_wM/s400/bgp-failover-meruya-bgp-peers-peninsula.jpg" alt="" id="BLOGGER_PHOTO_ID_5421990532269426338" border="0" /></a><br />Berikut adalah konfigurasi routing-filter yang merupakan bagian terpenting dan paling rumit untuk dipahami, pada bagian BGP Prepend tujuannya agar ke arah PENINSULA-EXPORT di prepend 2 kali agar ke arah AS24521-EXPORT lebih pendek sehingga menjadi prioritas, kecuali jika link Meruya ke Cyber putus baru akan menggunakan link Meruya-Slipi-Cyber.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7IXU1pTJI/AAAAAAAAAZE/4o3W6p2rRkw/s1600-h/bgp-failover-meruya-routing-filter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 231px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7IXU1pTJI/AAAAAAAAAZE/4o3W6p2rRkw/s400/bgp-failover-meruya-routing-filter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421991304456916114" border="0" /></a><br /><span style="font-weight: bold;">Konfigurasi di Router Mikrotik Slipi:<br /><br /></span>ip-address, interface ether1 adalah interface yang menghadap ke Cyber menggunakan Fiber Optic<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7IzPm6gpI/AAAAAAAAAZM/0DVWoDqUryE/s1600-h/bgp-failover-rb1000-ipaddress.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 133px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7IzPm6gpI/AAAAAAAAAZM/0DVWoDqUryE/s400/bgp-failover-rb1000-ipaddress.jpg" alt="" id="BLOGGER_PHOTO_ID_5421991784089289362" border="0" /></a><br />bgp-instance<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7JJYmNFPI/AAAAAAAAAZU/OU9V9FlEpLU/s1600-h/bgp-failover-rb1000-bgp-instance.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 382px; height: 400px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7JJYmNFPI/AAAAAAAAAZU/OU9V9FlEpLU/s400/bgp-failover-rb1000-bgp-instance.jpg" alt="" id="BLOGGER_PHOTO_ID_5421992164459353330" border="0" /></a><br />bgp-peers Slipi ke International Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7JvzY6DCI/AAAAAAAAAZc/BOw5mWndojs/s1600-h/bgp-failover-rb1000-bgp-peers-inter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 314px; height: 400px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/Sz7JvzY6DCI/AAAAAAAAAZc/BOw5mWndojs/s400/bgp-failover-rb1000-bgp-peers-inter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421992824486366242" border="0" /></a><br />bgp-peers Slipi ke IIX Cyber, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7J_xbjY6I/AAAAAAAAAZk/BuPXTidSbn8/s1600-h/bgp-failover-rb1000-bgp-peers-iix.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 313px; height: 400px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7J_xbjY6I/AAAAAAAAAZk/BuPXTidSbn8/s400/bgp-failover-rb1000-bgp-peers-iix.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993098838500258" border="0" /></a><br />bgp-peers Slipi ke Meruya, hold time di buat 20 agar BGP lebih responsif terhadap kondisi link antar BGP up atau down<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7KQEtb65I/AAAAAAAAAZs/XYfhU-oZpvw/s1600-h/bgp-failover-rb1000-bgp-peers-presisi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 312px; height: 400px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7KQEtb65I/AAAAAAAAAZs/XYfhU-oZpvw/s400/bgp-failover-rb1000-bgp-peers-presisi.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993378891688850" border="0" /></a><br /><br />Berikut adalah konfigurasi routing-filter yang merupakan bagian terpenting dan paling rumit untuk dipahami, pada bagian BGP Prepend tujuannya agar ke arah PRESISI-EXPORT di prepend 2 kali agar ke arah INTL-CYBER-EXPORT lebih pendek sehingga menjadi prioritas, kecuali jika link Slipi ke Cyber putus baru akan menggunakan link Slipi-Meruya-Cyber.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7KiVL-F9I/AAAAAAAAAZ0/F6uaz4_HY9s/s1600-h/bgp-failover-rb1000-routing-filter.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 343px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7KiVL-F9I/AAAAAAAAAZ0/F6uaz4_HY9s/s400/bgp-failover-rb1000-routing-filter.jpg" alt="" id="BLOGGER_PHOTO_ID_5421993692552370130" border="0" /></a><br />Dengan demikian maka pada kondisi Fiber Optic Slipi-Cyber normal default-route pada Mikrotik di Slipi adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7L8VX1leI/AAAAAAAAAZ8/RFrqPrAdUVY/s1600-h/bgp-failover-rb1000-ip-route.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 170px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/Sz7L8VX1leI/AAAAAAAAAZ8/RFrqPrAdUVY/s400/bgp-failover-rb1000-ip-route.jpg" alt="" id="BLOGGER_PHOTO_ID_5421995238790370786" border="0" /></a><br />DAb Destination 0.0.0.0/0 gateway 203.89.26.49 adalah entry bgp yang di terima, sedangkan Db Destination 0.0.0.0/0 gateway 203.89.24.185 dengan warna biru adalah entry bgp yang tidak diterima atau dengan kata lain standby kalau sampai gateway 203.89.26.49 putus maka gateway 203.89.24.185 akan digunakan melalui interface ipip-P6toP2 yang merupakan ipip-tunnel dari Mikrotik Slipi ke Mikrotik Meruya melalui link WiFi IEEE 802.11 menggunakan RB600<br /><br />Sedangkan untuk kondisi Microwave 15Ghz Meruya-Cyber normal default-route pada Mikrotik Meruya adalah sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7L8om5grI/AAAAAAAAAaE/TTqP400E2vY/s1600-h/bgp-failover-meruya-ip-route.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 205px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/Sz7L8om5grI/AAAAAAAAAaE/TTqP400E2vY/s400/bgp-failover-meruya-ip-route.jpg" alt="" id="BLOGGER_PHOTO_ID_5421995243953816242" border="0" /></a><br />DAb Destination 0.0.0.0/0 gateway 203.89.26.1 adalah entry bgp yang di terima, sedangkan Db Destination 0.0.0.0/0 gateway 203.89.24.186 dengan warna biru adalah entry bgp yang tidak diterima atau dengan kata lain standby kalau sampai gateway 203.89.26.1 putus maka gateway 203.89.24.186 akan digunakan melalui interface ipip-P2toP6 yang merupakan ipip-tunnel dari Mikrotik Meruya ke Mikrotik Slipi melalui link WiFi IEEE 802.11 menggunakan RB600<br /><br />Demikian kiranya sedikit sharing ilmu semoga bermanfaat bagi semua yang membacanya<br /><br /><div id="refHTML"></div><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3998683926440353067?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com4tag:blogger.com,1999:blog-4650800593925871709.post-53445474496646076802009-08-10T12:22:00.000+07:002009-08-10T12:23:14.038+07:00Blacklists/Blocklists<p>Blacklists or blocklists are lists of <acronym title="Internet Protocol">IP</acronym> addresses, domain names, email addresses or content of the headers or the body, or some combination of these different types, that can be used to help identify spam. A special subset of IP address and domain name lists exist which can be queried using <acronym title="Domain Name Service">DNS</acronym>, which are called <acronym title="Domain Name Service">DNS</acronym> Blackhole Lists or <a href="http://spamlinks.net/filter-dnsbl.htm" class="locallink" title="DNS Blackhole Lists">DNSBLs</a>. Blacklists can be unverified and cause “collateral damage”; their criteria for listing may not be clear.</p> <p>Those blacklists listed here are just a tiny subset of all of the private access lists and <acronym title="Access Control Lists">ACLs</acronym> that exist to block spam from private networks; that larger set is the source of the death of a thousand cuts that any spam friendly provider should eventually experience. They may not have the clout of SPEWS, but they may last even longer.</p><br />From:<br /><a href="http://spamlinks.net/filter-bl.htm">http://spamlinks.net/filter-bl.htm</a><br /><br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5344547449664607680?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-57700994701181111032009-08-10T10:58:00.000+07:002009-08-10T10:59:20.569+07:00Postfix blacklist or reject an email address<p><strong><span style="color: rgb(255, 0, 0);">Q</span></strong>. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.</p> <p><strong><span style="color: rgb(0, 153, 0);">A</span></strong>. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table. </p> <p>Open /etc/postfix/sender_access file<br /><code># cd /etc/postfix<br /># vi sender_access </code><br />Append sender email id as follows:<br /><code>user@abadboy.com REJECT</code><br />Save and close the file. Use postmap command to create a database:<br /><code># postmap hash:sender_access </code><br />Now open main.cf and add code as follows:<br /><code>smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access</code><br />Save and close the file. Restart / reload postfix MTA:<br /><code># /etc/init.d/postfix restart</code></p> <p>You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:<br /><code># vi /etc/mail/spamassassin/local.cf</code><br />Append blacklist as follows:<br /><code>blacklist_from user@abadboy.com</code><br />Save and close the file. Restart spamassassin:<br /><code># /etc/init.d/spamassassin restart</code></p> <p>spamassassin will marke mail as SPAM instead of rejecting the same.</p>From:<a href="http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/"><br />http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/</a><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5770099470118111103?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-69315145045351788972009-08-09T12:01:00.001+07:002009-08-09T12:04:41.170+07:00Lindungi jaringan anda dari daftar ip yang terindentifikasi pada dshield dan spamhausPagi ini lagi-lagi smtp ku di buat mabok oleh traffic spam , iseng aku cari di google bagaimana fetch daftar ip sumber spam langsung di mikrotik ternyata ketemu link berikut:<br /><a href="http://forum.mikrotik.com/viewtopic.php?f=9&t=24427"><br />http://forum.mikrotik.com/viewtopic.php?f=9&t=24427</a><br /><br />berikut adalah contoh script + scheduling + firewall filter yang saya gunakan di router mikrotik 3.25:<br /><br /><br /><span style="font-size:85%;"># aug/09/2009 11:27:24 by RouterOS 3.25<br />#<br />/system script<br />add name=fetch-dshield-spamhaus policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff source="## Parse D\<br /> SHIELD & Spamhaus feed and build an address-list.\r\<br /> \n## Written by Sam Norris, ChangeIP.com 2008\r\<br /> \n## Any comments or suggestions welcome in the forums.\r\<br /> \n##\r\<br /> \n## 06/03/08 - Initial list parsing.\r\<br /> \n\r\<br /> \n/tool fetch address=feeds.dshield.org host=feeds.dshield.org mode=http s\<br /> rc-path=block.txt\r\<br /> \n/tool fetch address=www.spamhaus.org host=www.spamhaus.org mode=http src\<br /> -path=drop/drop.lasso\r\<br /> \n\r\<br /> \n##\r\<br /> \n## DSHIELD Drop List\r\<br /> \n##\r\<br /> \n\r\<br /> \n:if ( [/file get [/file find name=block.txt] size] > 0 ) do={\r\<br /> \n\r\<br /> \n /ip firewall address-list remove [/ip firewall address-list find list=\<br /> dshield]\r\<br /> \n\r\<br /> \n :global content [/file get [/file find name=block.txt] contents] ;\r\<br /> \n :global contentLen [ :len \$content ] ;\r\<br /> \n\r\<br /> \n :global lineEnd 0;\r\<br /> \n :global line \"\";\r\<br /> \n :global lastEnd 0;\r\<br /> \n\r\<br /> \n :do {\r\<br /> \n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\<br /> \n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\<br /> \n :set lastEnd ( \$lineEnd + 1 ) ;\r\<br /> \n\r\<br /> \n :if ( [:pick \$line 0 1] != \"#\" ) do={\r\<br /> \n\r\<br /> \n :if ([:typeof [:toip [:pick \$line 0 [:find \$line \"\\t\"] ] ] ] !=\<br /> \_\"nil\") do={\r\<br /> \n :local pos1 [:find \$line \"\\t\" 0]\r\<br /> \n :local pos2 [:find \$line \"\\t\" \$pos1]\r\<br /> \n :local pos3 [:find \$line \"\\t\" \$pos2]\r\<br /> \n :log info ( \"DShield Entry: \" . [:pick \$line 0 \$pos1 ] . \"/\"\<br /> \_. [:pick \$line (\$pos2+1) \$pos3 ] )\r\<br /> \n /ip firewall address-list add list=dshield address=( [:pick \$line\<br /> \_0 \$pos1 ] . \"/\" . [:pick \$line (\$pos2+1) \$pos3 ] )\r\<br /> \n } \r\<br /> \n\r\<br /> \n }\r\<br /> \n\r\<br /> \n } while (\$lineEnd < \$contentLen)\r\<br /> \n\r\<br /> \n}\r\<br /> \n\r\<br /> \n##\r\<br /> \n## SPAMHAUS.ORG Drop List\r\<br /> \n##\r\<br /> \n\r\<br /> \n:if ( [/file get [/file find name=drop.lasso] size] > 0 ) do={\r\<br /> \n\r\<br /> \n /ip firewall address-list remove [/ip firewall address-list find list=\<br /> spamhaus.lasso]\r\<br /> \n\r\<br /> \n :global content [/file get [/file find name=drop.lasso] contents] ;\r\<br /> \n :global contentLen [ :len \$content ] ;\r\<br /> \n\r\<br /> \n :global lineEnd 0;\r\<br /> \n :global line \"\";\r\<br /> \n :global lastEnd 0;\r\<br /> \n\r\<br /> \n :do {\r\<br /> \n :set lineEnd [:find \$content \"\\n\" \$lastEnd ] ;\r\<br /> \n :set line [:pick \$content \$lastEnd \$lineEnd] ;\r\<br /> \n :set lastEnd ( \$lineEnd + 1 ) ;\r\<br /> \n\r\<br /> \n :if ( [:pick \$line 0 1] != \";\" ) do={\r\<br /> \n\r\<br /> \n :if ([:len [:pick \$line 0 [:find \$line \";\"] ] ] > 0 ) do={\r\<br /> \n :local pos1 [:find \$line \";\" 0]\r\<br /> \n :local entry [:pick \$line 0 (\$pos1-1) ]\r\<br /> \n :if ( [:len \$entry ] > 0 ) do={\r\<br /> \n :log info \"Lasso Entry: \$entry\"\r\<br /> \n /ip firewall address-list add list=spamhaus.lasso address=\$ent\<br /> ry\r\<br /> \n }\r\<br /> \n } \r\<br /> \n\r\<br /> \n }\r\<br /> \n\r\<br /> \n } while (\$lineEnd < \$contentLen)\r\<br /> \n\r\<br /> \n}"<br /># aug/09/2009 11:27:47 by RouterOS 3.25<br />#<br />/system scheduler<br />add comment="" disabled=no interval=12h name=fecth-dshield-spamhaus on-event=\<br /> fetch-dshield-spamhaus start-date=jan/01/1970 start-time=06:00:00<br /># aug/09/2009 11:33:37 by RouterOS 3.25<br />#<br />/ip firewall filter<br />add action=drop chain=forward comment="### DROP Spamhaus-Lasso" disabled=no \<br /> src-address-list=spamhaus.lasso<br />add action=drop chain=forward comment="### DROP Dshield" \<br /> disabled=no src-address-list=dshield<br />#</span><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6931514504535178897?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-33747291664986785882009-07-31T11:02:00.002+07:002009-07-31T12:19:00.112+07:00ISP dan Keamanan Jaringan InternetSaat ini Internet sudah mulai menjadi gaya hidup yang tanpa disadari diperlukan oleh hampir seluruh lapisan masyarakat seiring dengan kemajuan teknologi baik hardware maupun software.<br />Dengan fenomena layanan Facebook, Blog, Email dan Instant Messaging yang dapat diakses melalui berbagai macam gadget maka layanan Internet bukan lagi monopoli orang yang mampu menggunakan komputer dengan 101 tombol saja tetapi hampir semua lapisan masyarakat dapat mengakses layanan Internet dengan sangat mudah.<br /><br />Internet Service Provider yang merupakan gerbang bagi para pengguna Internet saat ini menghadapi tantangan untuk dapat tetap memberikan layanan Internet yang berkualitas, terjangkau dan aman bagi penggunanya.<br /><br />Bicara tentang keamanan Internet tidak terlepas dari Sistem Keamanan Jaringan Komputer yang sangat komplek dan banyak lapisan walaupun dapat di rangkum dalam tiga hal besar saja yaitu:<br /><br />Confidentiality (kerahasiaan data)<br />Integrity (Integritas / keutuhan / keaslian, termasuk pengaturan hak akses)<br />Availability (Ketersediaan layanan)<br /><br />selain itu bicara tentang keamanan jaringan komputer mau tidak mau tunduk terhadap model segitiga yang memiliki tiga sisi:<br /><br />sisi kemanan<br />sisi kenyamanan/kemudahan<br />sisi fungsi<br /><br />dimana ketiga sisi tersebut saling bertolak belakang, artinya mengutamakan salah satu berarti mengurangi yang lainnya dengan demikian yang dapat dicapai adalah mencari komposisi yang paling dapat diterima oleh pengguna, dengan demikian menurut saya visi keamanan di ISP adalah:<br /><br />Menciptakan Internet yang aman, nyaman dan berfungsi dengan baik<br /><br />visi diatas sangat sederhana tetapi untuk mencapi hal tersebut terus terang tidak mudah dan butuh banyak pemikiran pertimbangan dan pemahaman dari semua stake holder sbb:<br /><br />1. Pengguna Internet<br />2. Internet Service Provider (ISP) termasuk Network Access Provider<br />3. Content Provider termasuk penyelenggara e-Bussines/e-Commerce dan infrastruktur pendukungnya yaitu: Bank, penerbit Certified Authorization (CA) dan logistik.<br />4. Penyelenggara Jaringan<br />5. Pemerintah<br /><br />tentunya tidak semua aspek dapat diakomodir oleh ISP, karena sejatinya ISP minimal memiliki layanan standar sbb:<br /><br />1. DNS server / nameserver sebagai sarana resolve domain ke IP atau sebaliknya<br />2. Email server sebagai outgoing dan atau incoming server<br />3. Proxy server sebagai perantara akses web sekaligus sebagai cache dan filtering konten pada lapisan aplikasi<br />4. Webhosting sebagai sarana untuk mempublikasikan halaman web<br />5. RADIUS Server sebagai Authentication Authorization Accounting (AAA) untuk Billing Server<br />6. Routing Alamat IP agar user/pengguna dapat mengkakses layanan-layanan tersebut melalui protocol TCP/IP yang dihubungkan satu dengan lainnya secara terbuka atau dengan kata lain jaringan Publik (Internet)<br />7. Sistem Monitoring dan manajemen Jaringan<br /><br />Dengan demikian bagian keamanan yang harus di akomodir oleh ISP setidaknya adalah:<br />1. Menyediakan Nameserver yang handal dan aman yang bebas dari dns poisoning / spoofing<br />2. Menyediakan Email server yang mampu menyaring email sampah (Spam), virus dan mallware lainnya<br />3. Menyediakan Proxy Server yang mampu menyaring pishing dan membatasi konten-konten mallware lainnya.<br />4. Menyediakan Webhosting yang aman yang tidak menyimpan kode-kode jahat seperti pishing, virus, trojan, mallware dan konten-konten yang mengandung unsur SARA (Suku Agama Ras)<br />5. Menyediakan RADIUS Server yang handal, aman dan tidak merugikan pelanggan baik secara finansial maupun secara kerahasiaan username password pelanggan tersebut.<br />6. Menyediakan sistem routing paket TCP/IP yang handal, aman dan terbebas dari serangan: Spoofing, Distributed Denial of Service, Worm dll.<br />7. Memiliki sistem monitoring dan manajemen jaringan untuk dapat menganalisa dan mengatasi permasalahan jika terjadi hal-hal yang disebut diatas.<br /><br />adapun layanan-layanan lainnya selain tujuh hal yang disebutkan diatas lebih sebagai tanggung jawab pengelola konten baik itu bagi ISP yang memiliki konten, maupun institusi yang menyediakan konten bagi pengguna Internet termasuk: E-Banking/Bank, Pengelola E-Business/E-Commerce, E-Learning/Kampus, E-Goverment/Pemerintah, Pengelola Portal dll.<br /><br />Sedangkan untuk Warnet sejatinya adalah mini ISP yang menyediakan/menyewakan sarana bagi pengguna Internet yang tidak mengakses Internet dari perangkat pribadinya.<br /><br />Dalam hal terjadinya cybercrime ISP berperan untuk membantu perangkat hukum melakukan investigasi dan mencari bukti-bukti digital yang sekiranya dapat menjadi petunjuk dan bukti di pengadilan sesuai dengan perundang-undangan yang berlaku.<br /><br />Bentuk barang bukti dan petunjuk bisa berupa analisa header email, logfile aplikasi server-server yang telah disebutkan diatas dan analisa traffic.<br /><br />Khusus untuk analisa traffic tidaklah bijaksana untuk menganalisa semua taffic data secara paket pada lapisan 3 dan 4 (network layer dan transport layer) secara terus menerus karena akan mengganggu fungsi dan kenyamanan dari layanan Internet itu sendiri, adapun yang dapat dilakukan adalah analisa paket secara langsung pada saat insident keamanan terjadi atau biasa disebut sniffing. analoginya adalah jika tiap hari semua kendaraan di jalan raya diperiksa stnk dan kesesuaiannya dengan nomor mesin dan nomor rangka dan sim pengendaranya maka yang ada adalah kemacetan di sepanjang jalan sehingga kenyamanan dan fungsi dari kendaraan itu menjadi tidak ada artinya lagi, yang lumrah terjadi adalah pada saat terjadi laporan kehilangan mobil atau kasus penculikan atau kasus-kasus pidana lainnya termasuk kasus teroris yang terjadi belum lama ini terjadi maka jajaran kepolisian melakukan razia di titik rawan terhadap kendaraan bermotor tersebut bukan?<br /><br />Kesimpulan:<br />Untuk menciptakan layanan Internet yang aman, nyaman dan berfungsi sebagaimana mestinya diperlukan kerja sama semua pihak dan pemahaman yang benar terhadap aspek-aspek keamanan jaringan Internet tersebut baik secara teknis maupun non-teknis.<br /><br />masukan/saran dan pendapat dari berbagai pihak sangat diperlukan untuk mencapai visi tersebut.<br /><br />Wasalam<br />Harijanto Pribadi<br />Kabid. Internet Security APJII periode 2009 - 2012<br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3374729166498678588?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-52627064202301357022009-06-15T00:52:00.003+07:002009-06-15T01:11:41.496+07:00Jailbreak and/or unlock your iPhone 2G with version 2.2.1fuih , setelah baca sana baca sini akhirnya aku bisa men Jailbreak/Unlock iphone 2g ku dengan versi 2.2.1<br /><br />caranya aku baca di : <a href="http://www.iphonedownloadblog.com/2008/11/23/unlock-your-iphone-2g-22-using-quickpwn/">http://www.iphonedownloadblog.com/2008/11/23/unlock-your-iphone-2g-22-using-quickpwn/</a><br /><br />langkah-langkahnya kurang lebih sbb:<br /><br />download file-file berikut:<br /><br />1. <a href="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5830.20090127.Mmni6/iPhone1,1_2.2.1_5H11_Restore.ipsw">http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5830.20090127.Mmni6/iPhone1,1_2.2.1_5H11_Restore.ipsw</a><br />2. <a href="http://torrents.thepiratebay.org/4689995/QuickPwn-225-2.zip.4689995.TPB.torrent">http://torrents.thepiratebay.org/4689995/QuickPwn-225-2.zip.4689995.TPB.torrent</a><br />3. <a href="http://iphonefreakz.com/firmware/BL-39.bin">http://iphonefreakz.com/firmware/BL-39.bin</a><br />4. <a href="http://iphonefreakz.com/firmware/BL-46.bin">http://iphonefreakz.com/firmware/BL-46.bin</a><br /><br />langkah-langkahnya<br /><br />1. aktifkan itunes8 dan pasang kabel data+usb pc ke iphone<br />2. jika iphone sudah terdeteksi di itunes8 maka akan muncul disamping kanan pada bagian devices, lalu klik devices tsb maka akan muncul pada tab summary tombol restore.<br />3. tekan tombol shift + klik tombol restore maka kita dapat memilih firmware / file ipsw yang telah kita download (no.1) dan lakukan proses restore.<br />4. tunggu sampai proses restore selesai, setelah selesai (ditandai dengan iphone yang mereboot dirinya sendiri) tutup aplikasi itunes8 tsb dan jangan lakukan apapun pada iphone.<br />5. Jalankan QuickPwn.exe yang telah kita download (no.2) , oh ya downloadnya pake bittorrent ya.<br />6. Biarkan sampai tombol biru pada QuickPwn aktif artinya iphone telah terdeteksi lalu klik tombol tsb.<br />7. langkah selanjutnya adalah browse file ipsw / firmware yang sama yang tadi kita restore via itunes8 diatas (point no.3) lalu klik tombol biru lagi, jika firmware cocok akan ada tanda centrang hijau, ok klik lagi tombol biru.<br />8. selanjutnya diminta untuk browse file no.3 dan no.4 yang merupakan bootloader yang dibutuhkan lalu klik tombol biru lagi.<br />9. setelah itu biasanya ada konfirmasi untuk memastikan bahwa kabel data usb terpasang antara pc dan iphone, nah disini triknya pada saat keluar konfirmasi layar tsb coba untuk cabut dan pasang lagi kabel usb tsb di pc agar pc dipaksa mengidentifikasi device iphone tsb, kalau sudah terdengar bunyi ding-ding artinya usb terdektsi maka klik tombol biru<br />10. selanjutnya iphone akan masuk dalam mode recovery jangan alihkan perhatian anda dari layar monitor dan ikuti perintah berikut:<br /><span style="font-style: italic;">You will be asked to hold down the Power button for 5 seconds. Then you will have to also hold down the Home button for 10 seconds without letting go of the Power button. At the end of 10 seconds you will need to release only the Power button.</span><br /><br />ok jika anda dengan benar mengikuti perintah diatas maka iphone akan masuk dalam proses Jailbrake / Unlock<br /><br />dan trala..... akhirnya iphone 2g ku sudah siap digunakan dengan firmware 2.2.1 jadi bisa install facebook application dan yahoo messenger di iphone sayang masih 2g tapi mayanlah :)<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SjU9OagAiLI/AAAAAAAAAW8/qF2M9Ticlfc/s1600-h/iphone-2-2-1.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SjU9OagAiLI/AAAAAAAAAW8/qF2M9Ticlfc/s400/iphone-2-2-1.JPG" alt="" id="BLOGGER_PHOTO_ID_5347247450413369522" border="0" /></a><br /><br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5262706420230135702?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-50818204085425654962009-04-22T00:34:00.003+07:002009-04-22T00:42:51.148+07:00Aktifkan bpdu-filter di switch ProcurveSore ini lagi-lagi ada masalah dengan link DS3 ku :(<br />anehnya setelah link normal dan kabel DS3 dikembalikan paket tetap tidak mau mengalir padahal di test pake notebook udah jalan....<br /><br />Ternyata masalahnya di HP Procurve bpdu-filter belum aku aktifkan<br />apa itu BPDU bisa dibaca di<br /><a href="http://en.wikipedia.org/wiki/Spanning_tree_protocol#Bridge_Protocol_Data_Units_.28BPDUs.29">http://en.wikipedia.org/wiki/Spanning_tree_protocol#Bridge_Protocol_Data_Units_.28BPDUs.29</a><br /><br />sedangkan cara mengaktifkan bpdu-filter di HP Procurve bisa dibaca di:<br /><br /><a href="http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/">http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/</a><br /><br />semoga bermanfaat<br /><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5081820408542565496?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-60548655022600764462009-03-26T12:56:00.002+07:002009-03-26T13:02:56.099+07:00No more "overrun: No buffer space available"Setelah berhari-hari mencari akhirnya ketemu juga jawabannya agar quagga di fedora 9 tidak muncul error "netlink-listen: overrun: No buffer space available"<br /><br />ternyata di fedora 9 configurasinya ada di /etc/sysconfig/quagga yang isinya:<br /><br /><span style="font-size:78%;"><span style="font-family: courier new;">#</span><br /><span style="font-family: courier new;"># Default: Bind all daemon vtys to the loopback(s) only</span><br /><span style="font-family: courier new;">#</span><br /><span style="font-family: courier new;">QCONFDIR="/etc/quagga"</span><br /><span style="font-family: courier new;">BGPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/bgpd.conf"</span><br /><span style="font-family: courier new;">OSPF6D_OPTS="-A ::1 -f ${QCONFDIR}/ospf6d.conf"</span><br /><span style="font-family: courier new;">OSPFD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ospfd.conf"</span><br /><span style="font-family: courier new;">RIPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ripd.conf"</span><br /><span style="font-family: courier new;">RIPNGD_OPTS="-A ::1 -f ${QCONFDIR}/ripngd.conf"</span><br /><span style="font-family: courier new;">#ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"</span><br /></span><span style="font-family: courier new; font-weight: bold;font-size:78%;" >ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"</span><span style="font-size:78%;"><br /><br /><span style="font-family: courier new;">ISISD_OPTS="-A ::1 -f ${QCONFDIR}/isisd.conf"</span><br /><br /><span style="font-family: courier new;"># Watchquagga configuration (please check timer values before using):</span><br /><span style="font-family: courier new;">WATCH_OPTS=""</span><br /><span style="font-family: courier new;">WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd"</span><br /><span style="font-family: courier new;"># To enable restarts, uncomment this line (but first be sure to edit</span><br /><span style="font-family: courier new;"># the WATCH_DAEMONS line to reflect the daemons you are actually using):</span><br /><span style="font-family: courier new;">#WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"</span></span><br /><br />pada baris ZEBRA_OPTS rubah menjadi<br /><span style="font-family: courier new; font-weight: bold;font-size:78%;" ><br />ZEBRA_OPTS="-A 127.0.0.1 --nl-bufsize 200000 -f ${QCONFDIR}/zebra.conf"</span><span style="font-size:78%;"><br /> </span><br />aslinya<br /><br /><span style="font-size:78%;"><span style="font-family: courier new;">ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"</span></span><br /><br />setelah /etc/sysconfig/quagga diedit lalu restart service zebra dan bgpd<br /><br />sumber:<br /><a href="http://lists.quagga.net/pipermail/quagga-users/2005-May/004524.html">http://lists.quagga.net/pipermail/quagga-users/2005-May/004524.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6054865502260076446?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-53546235499336149872009-03-20T16:05:00.004+07:002009-03-25T18:41:06.434+07:00Solve Problem with nf_conntrack: table full, dropping packetWhen i have the problem with "nf_conntrack: table full, dropping packet"<br />the problem was solved after i read this article from: <br /><br /><br />http://paulroberts69.spaces.live.com/blog/cns!665BC38F152E1206!1645.entry <br /><br />nf_conntrack: table full, dropping packet.<br /><br />If you see this message "nf_conntrack: table full, dropping packet" in your syslog on a Linux box, it's likely that it's having comms problems. I saw this recently on a DNS server that looked like it was being attacked. The problem is that when this happens, normal DNS resolution is interrupted.<br /><br />I haven't found a decent solution yet, but it seems that if the system has lots of RAM then you can increase the nf_conntrack_max kernel parameter (my system is running iptables, which I assume the "netfilter" module has something to do with).<br /><br />On a 2.6 kernel, you can go to /proc/sys/net/netfilter and check some of the values. For instance, nf_conntrack_count shows you the current value while nf_conntrack_max is the maximum value that is set.<br /><br />You can just cat these values or use sysctl to view them:<br /><br /># sysctl net.netfilter.nf_conntrack_max<br />net.netfilter.nf_conntrack_max = 65536<br /><br /># sysctl net.netfilter.nf_conntrack_count<br />net.netfilter.nf_conntrack_count = 45033<br /><br />To change the value, use the -w switch (in this example I've doubled the value):<br /><br /># sysctl -w net.netfilter.nf_conntrack_max=131072<br /><br />I think that in order to make this permanent across reboots, you'll need to add this line to the bottom of /etc/sysctl.conf:<br /><br />net.netfilter.nf_conntrack_max=131072<br /><br /><br />another reference<br />TCP Tuning Guide:<br /><a href="http://fasterdata.es.net/TCP-tuning/linux.html"><br />http://fasterdata.es.net/TCP-tuning/linux.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5354623549933614987?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-20463042767700851622009-03-01T17:52:00.005+07:002009-03-01T18:23:03.745+07:00Fail Over Layer 2 tanpa STP menggunakan script dan bridgeSeringkali kita membutuhkan link yang bisa fail-over di layer 2 tetapi tidak memungkinkan menggunakan STP maka cara demikian bisa menjadi pilihan.<br /><br />Skenario<br /><br /><pre><br /><br /> |-[Link-1]-|eth1 comment "backhaul"|<br />[Internet]-[R1 1.1.1.1/30]-| [R2 1.1.1.2 Distribusi ]->[To User]<br /> |-[Link-2]-|eth2 comment "backup" |<br /></pre><br /><br />Keterangan:<br />----------<br />1. R2 Distribusi memiliki minimal dua interface untuk link ke R1, misal eth1 diberi comment="backhaul" dan eth2 diberi comment="backup", lalu eth1 dan eth2 tsb di jadikan satu bridge misal dengan nama bridge1 <br />2. IP point to point R2 ke R1 di pasang di interface bridge1<br /><br />Contoh Scipt check_backhaul dan schedulernya bisa diimport dari script dibawah ini<br /><br />Script:<br />------<br /><pre><br /># mar/01/2009 17:27:17 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system script<br />add name=check_backhaul policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff source="/interface\<br /> disable [/interface find comment=\"backup\"]\r\<br /> \n/interface enable [/interface find comment=\"backhaul\"]\r\<br /> \n:log info \"Waiting 15s Backhaul Forward Packet\";\r\<br /> \n:delay 15s;\r\<br /> \n:if ( [/ping 1.1.1.1 count=1]=1) do={\r\<br /> \n:log info \"Backhaul Up\"\r\<br /> \n} else={\r\<br /> \n:log info \"Backhaul Down\";\r\<br /> \n\<br /> \n/interface disable [/interface find comment=\"backhaul\"]\r\<br /> \n/interface enable [/interface find comment=\"backup\"]\r\<br /> \n:delay 15s;\r\<br /> \n\<br /> \n/tool e-mail send to=\"support@domain.anda\" subject=([/system ide\<br /> ntity get name] . \" Microwave Down \" . [/system clock get date]) body=\"\<br /> Backup with Mikrotik!\";\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\r\<br /> \n}"<br /><br /><br /># mar/01/2009 17:30:30 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system scheduler<br />add comment="" disabled=no interval=5m name=sched_check_backhaul on-event=\<br /> check_backhaul start-date=jan/01/1970 start-time=00:00:00<br /></pre><br /><br />Keterangan:<br />----------<br />Setiap 5 menit sekali script check_backhaul dijalankan dengan mengenable interface dengan comment "backhaul" lalu melakukan ping ke 1.1.1.1 jika rto maka interface dengan comment "backhaul" akan di disable lalu meng-enable interface dengan comment "backup"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2046304276770085162?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-8893073083467928082009-03-01T17:39:00.004+07:002009-03-01T18:23:52.831+07:00Disable Redirect Proxy Jika Proxy RTOJika suatu saat proxy server down maka redirect ke proxy harus didisable<br />berikut adalah contoh script agar per 5 menit sekali mikrotik melakukan ping ke proxy (dalam contoh ini proxy server menggunakan ip = 1.2.3.4) jika ip 1.2.3.4 tidak bisa diping maka script "check_proxy" akan mendisable semua redirect ke ip 1.2.3.4<br /><br /><br /><pre><br /># mar/01/2009 17:27:17 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system script<br />add name=check_proxy policy=\<br /> ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ( [/pi\<br /> ng 1.2.3.4 count=1]=1) do={\r\<br /> \n:log info \"Proxy Up\";\r\<br /> \n:foreach i in=[/ip firewall nat find action=\"dst-nat\" to-addresses=\"1\<br /> .2.3.4\"] do={/ip firewall nat set \$i disable=no};\r\<br /> \n} else={\r\<br /> \n:log info \"Proxy Down\";\r\<br /> \n:foreach i in=[/ip firewall nat find action=\"dst-nat\" to-addresses=\"1\<br /> .2.3.4\"] do={/ip firewall nat set \$i disable=yes};\r\<br /> \n/tool e-mail send to=\"support@domain.anda\" subject=([/system ide\<br /> ntity get name] . \" Proxy Down \" . [/system clock get date]) body=\"Prox\<br /> y Redirect Disable\";\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\<br /> \n\r\<br /> \n}"<br /><br /># mar/01/2009 17:30:30 by RouterOS 3.13<br /># software id = 9CS2-87N<br />#<br />/system scheduler<br />add comment="" disabled=no interval=5m name=sched_check_proxy on-event=\<br /> check_proxy start-date=jan/01/1970 start-time=00:00:00<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-889307308346792808?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-16970738233459229712008-12-17T17:29:00.009+07:002008-12-18T15:40:56.384+07:00Mengatasi Worm Worm:Win32/Conficker.A (MS OneCare), W32.Downadup (Symantec) dengan MikrotikHuh...<br />dua hari sudah aku dikerjain worm<br />dimulai dari telepon Mr. Denis MIT Hotel Menara Peninsula Tgl 17 Des 2008 yang melaporkan jaringan hotel kena virus yang mengakses url http:// trafficconverter . biz beliau minta url tersebut di blok disisi ISP Datautama.<br /><br />Ok langkah pertama lempar semua traffic 80 ke proxy squid lalu saya filter url tersebut, berhasil?<br />ternyata tidak itu hanya sementara<br /><br />Hari ini Tanggal 18 Des 2008 dapat email dari Mas Priyo bahwa limiter international dua kali di reboot karena CPU Loadnya tinggi sekali mh..... ada apa ini? pasti flood wah ini serangan<br />tapi sampe jam 14 lebih masih belum juga ditemukan siapa yang ngeflood semua normal2 saja di torch mh... kenapa ya, belum lagi selesai Mas Firman Pasuruan nanyain RB433AH nya sudah di pasang belum di cyber :( , belum makan pula , ditambah email internal yang menjengkelkan pingin rasanya matiin handphone terus kabur ke S*A huehehehehe , ya uda makan dulu di warteg terdekat kantor, krismon nih cari minuman import aja kagak ade hiks.<br /><br />Ternyata memang makanan memberikan kekuatan baru dan ide-ide baru , ok baca lagi deh penjelasan tentang tingkah laku worm sialan itu di : <a href="http://www.ca.com/securityadvisor/virusinfo/virus.aspx?id=75911">http://www.ca.com/securityadvisor/virusinfo/virus.aspx?id=75911</a><br /><br />atau kalau mau referensi yang sudah berbahasa Indonesia bisa dibaca di:<br /><a href="http://vaksin.com/2008/1208/conficker/conficker.htm">http://vaksin.com/2008/1208/conficker/conficker.htm</a><br />thanks Pak Alfons atas artikelnya, padahal bos vaksin sudah menyampaikan ke saya adanya serangan virus ini hehehe tapi baru sadar kalau sudah kena getahnya hehehe.<br /><br />mh...<br />ada ide "tuing"<br />ok kalau mengandung loadadv . exe dst-addressnya cemplungin aja ke address-list terus di drop di firewall chain forward ok mainkan<br /><br />berikut adalah screenshootnya<br /><br />1. buat mangle<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SUjnq9JGZfI/AAAAAAAAAVk/Fy5G-g_C_LE/s1600-h/mangleloadadv.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SUjnq9JGZfI/AAAAAAAAAVk/Fy5G-g_C_LE/s400/mangleloadadv.png" alt="" id="BLOGGER_PHOTO_ID_5280725288245159410" border="0" /></a><br />in interface adalah interface dalam yang menghadap ke jaringan kita<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SUjnrLW_iJI/AAAAAAAAAVs/l_sIxGi8CZg/s1600-h/mangleloadadv6.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SUjnrLW_iJI/AAAAAAAAAVs/l_sIxGi8CZg/s400/mangleloadadv6.png" alt="" id="BLOGGER_PHOTO_ID_5280725292061526162" border="0" /></a><br /><br />isi content dengan " loadadv . exe " lihat gambar , di destination address-list isi ! ournetwork, maksudnya agar content tsb hanya di cek kalau destinationnya bukan address-list ournetwork.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SUjnrbFl_wI/AAAAAAAAAV0/p4GX_EKsSjY/s1600-h/mangleloadadv3.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SUjnrbFl_wI/AAAAAAAAAV0/p4GX_EKsSjY/s400/mangleloadadv3.png" alt="" id="BLOGGER_PHOTO_ID_5280725296283516674" border="0" /></a><br />kalau ada content " loadadv . exe " masukkin ke dst-address-list = worm-dst<br /><br />2. Buat firewall rule chain forward<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SUjnrpDlXoI/AAAAAAAAAV8/HRx5opf3gW0/s1600-h/firewallloadadv.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SUjnrpDlXoI/AAAAAAAAAV8/HRx5opf3gW0/s400/firewallloadadv.png" alt="" id="BLOGGER_PHOTO_ID_5280725300033183362" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjnr79RpQI/AAAAAAAAAWE/1lysVONNufA/s1600-h/firewallloadadv2.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjnr79RpQI/AAAAAAAAAWE/1lysVONNufA/s400/firewallloadadv2.png" alt="" id="BLOGGER_PHOTO_ID_5280725305106998530" border="0" /></a><br />dst-address-list pilih "worm-dst"<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn86eNh5I/AAAAAAAAAWM/4d9sECMscpc/s1600-h/firewallloadadv3.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn86eNh5I/AAAAAAAAAWM/4d9sECMscpc/s400/firewallloadadv3.png" alt="" id="BLOGGER_PHOTO_ID_5280725596766046098" border="0" /></a><br />action drop<br />lalu ok<br />jangan lupa taro di paling atas ya<br /><br />dengan demikian maka kalau ada destination address yang ditangkap karena digunakan untuk mendownload file " loadadv . exe " maka akan didrop sehingga proses download file jahanam tersebut tidak dapat dilakukan.<br /><br />hasilnya:<br />1. MRTG turun ke level 10-11Mbps<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn9lM2DNI/AAAAAAAAAWc/dxRf9Dc060c/s1600-h/hasilnya-mrtg.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn9lM2DNI/AAAAAAAAAWc/dxRf9Dc060c/s400/hasilnya-mrtg.png" alt="" id="BLOGGER_PHOTO_ID_5280725608235928786" border="0" /></a><br />2. di address-list terdapat ip2 yang digunakan untuk download loadadv . exe . tapi hati-hati, sistem mangle dengan content "loadadv . exe" ini juga cukup galak jadi kalau ada yang mengetikkan " loadadv . exe " dengan titik antara loadadv dan exe tanpa spasi pasti kena cekal juga destination addressnya hehehe makanya saya tulis " loadadv spasi . spasi exe " biar gak kecekal :)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn9MVwtmI/AAAAAAAAAWU/FD36f9Rq2ZE/s1600-h/hasilnya-address-list.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjn9MVwtmI/AAAAAAAAAWU/FD36f9Rq2ZE/s400/hasilnya-address-list.png" alt="" id="BLOGGER_PHOTO_ID_5280725601562441314" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SUjdOYfbBkI/AAAAAAAAAVc/qOWsBR3WjA4/s1600-h/hasilnya-address-list.png"><br /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-1697073823345922971?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com10tag:blogger.com,1999:blog-4650800593925871709.post-39132638310233337462008-11-10T10:46:00.005+07:002008-11-10T11:11:09.121+07:00Pemisahan Traffic ke IP Akamai IndosatSehubungan dengan adanya blok IP Akamai Indosat di advertise juga ke OpenIXP/NICE maka dalam implementasi <a href="http://inetshoot.blogspot.com/2008/11/simple-queue-iix-dan-international.html">http://inetshoot.blogspot.com/2008/11/simple-queue-iix-dan-international.html</a><br /><br /><span style="font-weight: bold;">IP Blok Akamai tersebut harus di pisahkan dari traffic IIX , kenapa?</span><br /><ol><li>Karena traffic yang menuju ke IP Akamai tersebut akan dianggap traffic IIX sehingga terjadi ketidak efetifan dalam melimit traffic ke situs2 sbb: yahoo, microsoft, msn, symantech dll yang beberapa objectnya tersedia di Akamai tersebut dianggap sebagai traffic IIX.</li><li>Dengan termarkingnya traffic menuju ke IP Akamai sebagai packet-iix maka queue terhadap packet-iix tersebut termasuk juga traffic menuju ke IP Akamai, yang jadi masalah Indosat mengadvertise IP Akamainya ke OpenIXP/NICE tetapi tidak mengizinkan object dari Akamai tersebut diambil (download) melalui OpenIXP/NICE , jadi outgoingnya saja (upload) melalui OpenIXP/NICE tapi incoming tetap lewat link International , nah ini yang jadi biang keroknya :(</li><li>Berdasarkan penjelasan di point 2, artinya bandwidth International akan terutilize tidak sesuai dengan keinginan kita karena traffic dari IP Akamai tidak terlimit sesuai dengan queue Internationalnya tetapi sesuai dengan queue IIX karena paket2 tersebut termarking sebagai packet-iix.</li></ol><br />Oleh karena itu caranya menurut saya adalah sbb:<br /><br /><span style="font-weight: bold;">1. Buat dulu address-list "akamai-indosat" , untuk akamai dari telkom atau upstream lainnya yang punya akamai silahkan cari sendiri :)</span><br /><br /><pre style="font-family:times new roman;"><span style="font-size:85%;">/ ip firewall address-list<br />add list=akamai-indosat address=219.83.124.0/23 comment="" disabled=no<br />add list=akamai-indosat address=124.195.0.0/17 comment="" disabled=no</span></pre><span style="font-weight: bold;">2. Kemudian rubah manglenya menjadi sbb:</span><br /><br /><span style=";font-family:times new roman;font-size:85%;" >/ ip firewall mangle<br />add chain=prerouting action=mark-connection new-connection-mark=con-iix \<br />passthrough=yes in-interface=!backhaul-to-cyber dst-address-list=nice \<br />comment="con-iix" disabled=no<br />add chain=prerouting action=mark-connection \<br />new-connection-mark=con-akamai-indosat passthrough=yes \<br />in-interface=!backhaul-to-cyber dst-address-list=akamai-indosat \<br />comment="con-akamai-indosat" disabled=no<br />add chain=prerouting action=mark-packet new-packet-mark=packet-iix \<br />passthrough=no connection-mark=con-iix comment="packet-iix" disabled=no<br />add chain=prerouting action=mark-packet new-packet-mark=packet-intl \<br />passthrough=no comment="packet-intl" disabled=no </span><br /><br /><br />atau tambahkan saja rule tepat dibawah "con-iix" yang dapat dilihat pada screen shoot berikut:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRex91YIvVI/AAAAAAAAAUE/LeOgKL4Y57Q/s1600-h/mangle-rule-akamai-advanced.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 158px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRex91YIvVI/AAAAAAAAAUE/LeOgKL4Y57Q/s400/mangle-rule-akamai-advanced.JPG" alt="" id="BLOGGER_PHOTO_ID_5266873965091536210" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRex-WATTII/AAAAAAAAAUM/pOL5MZMTmLM/s1600-h/mangle-rule-akamai-action.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 167px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRex-WATTII/AAAAAAAAAUM/pOL5MZMTmLM/s400/mangle-rule-akamai-action.JPG" alt="" id="BLOGGER_PHOTO_ID_5266873973849934978" border="0" /></a><br />Semoga rule yang saya buat ini benar :) . maklum belum pernah ikut training mikrotik, selama ini cuman baca2 dan percobaan sendiri. Kadang saya senyum2 kalau dianggap sebagai master mikrotik hehehehe peace.<br /><br />Special Thanks untuk Mr. Ivan <a href="http://www.innovatn.net/">http://www.innovatn.net/</a> atas masukkannya perihal blok IP Akamai tersebut.<br /><br />Salam<br />Harijanto Pribadi<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3913263831023333746?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com4tag:blogger.com,1999:blog-4650800593925871709.post-3030889043976772182008-11-05T19:50:00.008+07:002008-11-10T11:06:17.696+07:00Simple Queue IIX dan International dengan Satu RouterSebelumnya luangkan waktu untuk baca blog bos baba berikut ini<br /><a href="http://baba.blogdetik.com/2008/11/05/ajakan-jangan-asal-copy-paste-apaan-tuwh/">http://baba.blogdetik.com/2008/11/05/ajakan-jangan-asal-copy-paste-apaan-tuwh/</a><br /><br />Pada blog ini saya mencoba memberikan contoh bagaimana mengatur bandwidth iix/nice menggunakan pc router mikrotik menggunakan teknik mangle yang sebenarnya sudah sering dibahas di forum-forum maupun di blog-blog. Tulisan ini hanya sebagai tambahan saja untuk melengkapi blog / artikel yang ada terdahulu. Jadi artikel ini "ASLI" saya buat sendiri bukan "Copy Paste" hehehe. Jujur saya juga akhirnya ikut-ikutan copy paste blog / artikel orang, soalnya blog ini saya jadikan kumpulan catatan juga, tujuannya kalau saya lupa sesuatu tinggal cari di blog sendiri hehehe. Jadi mohon maaf jika di blog saya juga ada beberapa artikel dari blog orang lain yang saya copy paste , tapi pasti saya tulis linknya dibawah atau diatasnya. Tapi emang lebih baik kalau orang yang mau baca artikel aslinya di hantarkan ke URL aslinya , atau artikelnya di terjemahkan dulu katanya bos baba, tapi emang gue tukang translate dari jalan pramuka heheheh :)<br /><br />Tapi kalau teman-teman mau copy paste ya monggo sih asal ditulis asalnya dari mana gitu aja cukup kalau buat gue, tapi kalau buat orang bule gak cukup loh hehehe.<br /><br />Mari kita bahas permasalahan yang sebenarnya<br /><br /><span style="font-weight: bold;">Skenario dari Simple Queue IIX dan International berikut ini adalah satu router dengan minimal dua Interface:</span><br />1. Backhaul -> yang mendapat IP Public dari ISP atau IP Point-to-Point biasanya sih /30 dari ISP<br />2. Distribution -> Interface yang menghadap ke pelanggan / user<br /><br />Dalam contoh ini saya tidak melakukan NAT karena IP yang di routing semuanya IP Public karena kebetulan saya punya ISP sendiri , masa ISP pake IP Private , kalau ISP itu punya ASN dan IP Public sendiri hehehe peace (FYI: saya cuman Direktor Operasional bukan pemilikinya tapi what ever lah emang gue pikirin)<br /><span style="font-weight: bold;">Gambaran Sederhananya:</span><br /><br /><span style="font-family:times new roman;">[Internet IIX dan Intl]-[(Interface Backhaul) Mikrotik (Interface Distribution)]-[Router Kantor / Pelanggan]</span><br /><br /><span style="font-weight: bold;">Catatan:</span><br />Karena di interface distribution saya banyak vlan untuk memisah-misahkan link pelanggan (idealnya mah satu pelanggan satu vlan biar lebih aman), maka dalam contoh ini<br /><br />in-interface=!backhaul-to-cbyer<br /><br />artinya interface inputnya adalah semua interface selain selain "backhaul-to-cyber"<br /><span style="font-weight: bold;">Skrip Manglenya</span><br /><br /><pre><span style="font-size:85%;"># nov/05/2008 19:39:55 by RouterOS 2.9.50<br /># software id = 9CS2-87N<br />#<br />/ ip firewall mangle<br />add <span style="font-weight: bold;">chain=prerouting</span> action=mark-connection new-connection-mark=con-iix \<br /><span style="font-weight: bold;">passthrough=yes</span> <span style="font-weight: bold;">in-interface=!backhaul-to-cyber</span> dst-address-list=nice \<br />comment="con-iix" disabled=no<br />add <span style="font-weight: bold;">chain=prerouting</span> action=mark-packet new-packet-mark=packet-iix \<br /><span style="font-weight: bold;">passthrough=no</span> connection-mark=con-iix comment="packet-iix" disabled=no<br />add <span style="font-weight: bold;">chain=prerouting</span> action=mark-packet new-packet-mark=packet-intl \<br /><span style="font-weight: bold;">passthrough=no</span> comment="packet-intl" disabled=no </span><br /></pre><br />Skrip diatas adalah hasil export dari Mikrotik v 2.9.50, perhatikan tulisan yang saya <span style="font-weight: bold;">bold </span><br />dari hasil percobaan yang paling bener itu adalah chain=prerouting karena kalau chain=forward nanti di queue-simplenya hanya Rx-Rate yang efektif sedangkan Tx-Rate nya tidak , tetapi kalau dengan chain "prerouting" Rx dan Tx Ratenya efektif, kalau mau lebih jelasnya baca aja referensi tentang iptables di link berikut misalnya:<br /><br /><a href="http://rootbox.or.id/tips/iptables.html">http://rootbox.or.id/tips/iptables.html</a><br /><br />baca sendiri ya udah bahasa Indonesia tuh, Thanks to:<br /><span style="font-size:100%;">Lukman HDP/s3trum (lukman_hdp@yahoo.com)</span><br />supaya gue gak di gugat lagi hehehe.<br /><br />Kemudian untuk bagian <span style="font-weight: bold;">action=mark-connection new-connection-mark=con-iix, passthrought=yes</span> supaya setelah di marking new-connection-mark packetnya diteruskan ke rule dibawahnya lagi (ini sih menurut pengertian gue semoga aja bener)<br /><br />baru rule berikutnya <span style="font-weight: bold;">action=mark-packet new-packet-mark=packet-iix, passthrought=no</span> supaya setelah di marking new-packet-mark=packet-iix paket-paket tersebut tidak diteruskan ke rule selanjutnya. Dengan demikian kalau udah jadi paket-iix tidak usah di di marking lagi di paket-intl , ya kalau dimarking lagi jadi paket-intl semuanya jadi paket-intl donk bos :)<br /><br />jadi tujuannya passthrought=no itu menurut gue nih ya supaya paket2 itu gak usah di teruskan ke proses lebih lanjut dibawahnya semoga aja bener :)<br /><br />referensinya baca aja sendiri di:<br /><a href="http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php">http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php</a><br />Thaks to Mikrotik Developer :)<br /><br /><span style="font-weight: bold;">Setelah di mangle selanjutnya set di Queue Simplenya</span><br /><br /><pre><span style=";font-family:times new roman;font-size:85%;" ># nov/05/2008 19:44:39 by RouterOS 2.9.50<br /># software id = 9CS2-87N<br />#<br />/ queue simple<br />add name="JKT-OFFICE" target-addresses=203.89.24.71/32 dst-address=0.0.0.0/0 \<br />interface=all parent=none direction=both priority=8 \<br />queue=default-small/default-small limit-at=2000000/2000000 \<br />max-limit=2000000/3000000 total-queue=default disabled=no<br />add name="JKT-OFFICE-IIX" target-addresses=203.89.24.71/32 \<br />dst-address=0.0.0.0/0 interface=all parent=JKT-OFFICE \<br />packet-marks=packet-iix direction=both priority=8 \<br />queue=default-small/default-small limit-at=0/0 max-limit=0/0 \<br />total-queue=default-small disabled=no<br />add name="JKT-OFFICE-INTL" target-addresses=203.89.24.71/32 \<br />dst-address=0.0.0.0/0 interface=all parent=JKT-OFFICE \<br />packet-marks=packet-intl direction=both priority=8 \<br />queue=default-small/default-small limit-at=0/0 max-limit=0/0 \<br />total-queue=default-small disabled=no</span><br /></pre><br />contoh skrip diatas juga adalah hasil export dari Mikrotik 2.9.50<br />Jadi JKT-OFFICE-IIX dan JKT-OFFICE-INTL parent ke JKT-OFFICE<br />JKT-OFFICE-IIX untuk memantau penggunaan IIX sedangkan JKT-OFFICE-INTL untuk memantau penggunaan International , kalau mau dilimit di child nya juga bisa kalau mau, hanya saja di contoh ini saya cuman mau mantau penggunaan antara IIX dan Internationalnya.<br />target-address=203.89.24.71 adalah IP WAN Router Kantor / IP WAN Router Pelanggan.<br /><br />ini screen capturenya di winbox<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRGitSHdPuI/AAAAAAAAATE/EAfX5HDbgL4/s1600-h/simple-queue-jkt-office.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 75px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRGitSHdPuI/AAAAAAAAATE/EAfX5HDbgL4/s400/simple-queue-jkt-office.JPG" alt="" id="BLOGGER_PHOTO_ID_5265168338213748450" border="0" /></a><br /><br />Bisa dilihat bahwa JKT-OFFICE adalah gabungan antara traffic JKT-OFFICE-IIX dan JKT-OFFICE-INTL<br /><br />Dah beres!<br />Tapi jangan lupa address-list=nice harus di import ya!<br /><br />nah supaya address-list=nice setiap pagi di update cara yang saya lakukan adalah sbb:<br />(catatan ini beneran gue oprek sendiri gak nyontoh wong idenya dari buku ku sendiri kok:<br /><a href="http://inetshoot.blogspot.com/2008/08/buku-firewall-melindungi-jaringan-dari.html">http://inetshoot.blogspot.com/2008/08/buku-firewall-melindungi-jaringan-dari.html</a> sekalian promosi buku ke tiga saya jadi jangan lupa sisihkan Rp. 19.500 untuk beli buku saya hehehe mayan buat ke SPA kalau dah kemeng sama Mikrotik)<br /><br />Nah caranya gini ni:<br /><span style="font-weight: bold;">Buat script "nice-address-list-downloader" yang isinya sbb: </span><br /><br /><span style=";font-family:times new roman;font-size:85%;" >#!/bin/sh<br />lynx -dump -nolist http://ixp.mikrotik.co.id/download/nice.rsc > /var/www/apf/nice.rsc<br /></span><br />taro di mesin linux<br />misal di /var/www/apf/nice-address-list-downloader<br /><br />jangan lupa di chmod 755 supaya bisa eksekusi, hasil dari script tersebut adalah file nice.rsc yang berisi daftar prefix yang ada di NICE/IIX , keterangan lebih lanjut baca di:<br /><a href="http://www.mikrotik.co.id/artikel_lihat.php?id=23">http://www.mikrotik.co.id/artikel_lihat.php?id=23</a><br />Thanks to Pak Valens Riadi dkk.<br /><br /><span style="font-weight: bold;">Buat lagi script "nice-address-list-update" yang isinya sbb:</span><br /><br /><span style=";font-family:times new roman;font-size:85%;" >#!/bin/sh<br /># Rubah http://localhost sesuai dengan URL server uploader Anda<br />#<br />lynx -dump http://localhost/apf/nice-ftp-uploader.php</span><br /><br /><span style="font-weight: bold;">Nah script nice-ftp-uploader.php nya sbb:</span><br /><span style=";font-family:times new roman;font-size:85%;" ><br /></span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGuoaBo87I/AAAAAAAAAT8/4VYBPwQcjEg/s1600-h/script-ftp-uploder.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 313px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGuoaBo87I/AAAAAAAAAT8/4VYBPwQcjEg/s400/script-ftp-uploder.JPG" alt="" id="BLOGGER_PHOTO_ID_5265181448577020850" border="0" /></a><br /><br /><span style="font-weight: bold;">catatan misal:</span><br /><span style="font-weight: bold;">$ftp_user_name="nice";</span><br /><span style="font-weight: bold;">$ftp_user_pass="123456";<br /><br /></span>sesua<span style="font-weight: bold;"></span>ikan dengan username dan password di mikrotiknya tar dijelasin dibawah ya sabar.<br />nah file <span style="font-weight: bold;">nice-ftp-uploader.php </span>karena disitu ada informasi user dan password lebih baik dibuat chmod 640 , dan jangan lupa di buat chown root:www-data supaya user root dan group www-data (yang merupakan user apache) boleh baca tapi orang lain "NO ACCESS".<br /><br />masukkan IP mesin mikrotik yang mau diupload file nice.rsc di file:<br />/var/www/apf/nice-target.list<br /><br />yang isinya misal:<br /><br />192.168.0.1<br /><br />jadi isinya cuman daftar ip mesin2 mikrotik yang mau diupload file nice.rsc tersebut<br /><br />Berikutnya buat user "nice" dengan password "123456" misalnya (jangan nekat pake password "123456" banyak brute force sekarang di IIX hehehe) di router mikrotiknya.<br /><br />untuk user nice tersebut baiknya dibuat group "nice" juga di mikrotiknya contohnya bisa dilihat di screen capture berikut:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SRGofz4pnFI/AAAAAAAAATU/CIA7SgGerpk/s1600-h/group-nice-di-mikrotik.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 370px; height: 326px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SRGofz4pnFI/AAAAAAAAATU/CIA7SgGerpk/s400/group-nice-di-mikrotik.JPG" alt="" id="BLOGGER_PHOTO_ID_5265174703830047826" border="0" /></a><br />terus buat user "nice" screen capturenya bisa dilihat sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGofkIjnMI/AAAAAAAAATM/yVOmkY3kjFY/s1600-h/user-nice-di-mikrotik.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 392px; height: 365px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGofkIjnMI/AAAAAAAAATM/yVOmkY3kjFY/s400/user-nice-di-mikrotik.JPG" alt="" id="BLOGGER_PHOTO_ID_5265174699601796290" border="0" /></a><br />nah baiknya dibatasi "allowed address" dari IP Linux yang akan mengambil nice.rsc dan menguploadnya ke mikrotik tersebut.<br /><br /><span style="font-weight: bold;">selanjutnya tinggal di jalankan saja script:</span><br /><br />/var/www/apf/nice-address-list-downloader<br />/var/www/apf/nice-address-list-update<br /><br /><span style="font-weight: bold;">menggunakan crond, masukkan baris berikut ke /etc/crontab</span><br /><br />00 6 * * * * root /var/www/apf/nice-address-list-downloader<br />15 6 * * * * root /var/www/apf/nice-address-list-update<br /><br />lalu restart crond misal kalau pake debian<br /><br />/etc/init.d/cron restart<br /><br />kalau pake fedora<br /><br />service crond restart<br /><br />dengan demikian tiap jam 6.00 nice-address-list-downloader di jalankan menghasilnya nice.rsc<br />dan tiap jam 6.15 nice-address-list-update dieksekusi untuk mengupload nice.rsc ke mesin-mesin mikrotik yang ip-nya tertera di nice-target.list , gampang kan jadi dengan demikian bisa update ke beberapa mesin mikrotik sekaligus , tapi ingat buat user "nice" dulu di tiap router mikrotiknya.<br /><br />ini daftar file-file yang harus ada di dalam satu directory, dan directory tersebut harus bisa diakses lewat http://localhost/apf/<br /><br />/var/www/apf# ls -l nice*<br />-rwxr-xr-x 1 root root 97 2008-11-05 18:40 nice-address-list-downloader<br />-rwxr-xr-x 1 root root 131 2008-11-05 18:42 nice-address-list-update<br />-rw-r----- 1 root www-data 708 2008-11-05 19:21 nice-ftp-uploader.php<br />-rw-r--r-- 1 root root 24986 2008-11-05 19:19 nice.rsc<br />-rw-r--r-- 1 root root 37 2008-11-05 19:24 nice-target.list<br /><br />directory apf itu hanya contoh aja jadi silahken di taro dimana aja suka-suka.<br /><br />sudah selesai ? belum la yau<br /><br />selanjutnya perlu buat script "nice" di mikrotik yang isinya "/import nice.rsc;" dengan cara klik system->scripts<br />ini contoh screen capturenya:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGof6KykHI/AAAAAAAAATc/LMkm4ZXxcpI/s1600-h/system-script-import-nice.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 385px; height: 400px;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SRGof6KykHI/AAAAAAAAATc/LMkm4ZXxcpI/s400/system-script-import-nice.JPG" alt="" id="BLOGGER_PHOTO_ID_5265174705516744818" border="0" /></a><br />berikutnya script tersebut dieksekusi secara periodik dengan scheduler, buat scheduler dengan cara klik system->scheduler , isinya lihat aja di screen shoot nya berikut ini:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SRGogGukVNI/AAAAAAAAATk/YBT8wHvNBJc/s1600-h/system-sched-nice.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 288px;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SRGogGukVNI/AAAAAAAAATk/YBT8wHvNBJc/s400/system-sched-nice.JPG" alt="" id="BLOGGER_PHOTO_ID_5265174708888032466" border="0" /></a><br />Jadi setiap jam 7.00 script "nice" yang menjalankan "/import nice.rsc;" dieksekusi per hari<br /><br />dah beres , tapi jangan lupa coba di run dulu jalankan:<br /><br />1. /var/www/apf/nice-address-list-downloader -> mesti menghasilkan file nice.rsc<br />2. /var/www/apf/nice-address-list-update -> mengupload file nice.rsc ke mikrotik<br />3. jalankan script "nice" dari menu System->scrips , pilih nice lalu klik "Run Script"<br />4. cek di /ip firewall address-list apakah "nice" sudah terimport dengan baik, contohnya bisa dilihat di screen capture berikut:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRGr4XKJLCI/AAAAAAAAATs/Xx4EsXIjI0U/s1600-h/address-list-nice.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 278px;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SRGr4XKJLCI/AAAAAAAAATs/Xx4EsXIjI0U/s400/address-list-nice.JPG" alt="" id="BLOGGER_PHOTO_ID_5265178424150404130" border="0" /></a><br />Done!<br />Semoga bermanfaat dan gak ada yang complaint :)<br /><br />Salam<br />Harijanto Pribadi<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-303088904397677218?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com3tag:blogger.com,1999:blog-4650800593925871709.post-6550328843185196592008-10-28T16:27:00.001+07:002008-10-28T16:27:50.285+07:00IPv6 di Router Cisco<div class="snap_preview"><p>Contoh Sederhana Configure IPv6 di Cisco..</p><p><a href="http://oprekan.wordpress.com/2007/09/26/contoh-sederhana-configure-ipv6-di-cisco/">http://oprekan.wordpress.com/2007/09/26/contoh-sederhana-configure-ipv6-di-cisco/</a><br /></p> <p>Kemampuan Router Cisco untuk bisa mendukung operasional IPv6 salah satunya versi IOS yang lebih baru dan umumnya sudah stable pada versi IOS 12.2 keatas, serta module supervisor engine (SUP) untuk cisco 6500 & 7600 untuk support ipv6 (Thx to Fjr)</p> <address>Referensi dari web www.cisco.com untuk IOS yang sudah support IPv6 adalah :</address> <address>12.0S, 12.xT, 12.2S, 12.2 SB, 12.2SRA, 12.3, dan 12.4</address> <p>Berikut list Seri Router yang sudah pernah dicoba IPv6 berikut IOS nya</p> <p>- Router Cisco 7200 (IOS 12.2 T & 12.3)<br />- Router Cisco 3660 (IOS 12.2 T)<br />- Router Cisco 3640 (IOS 12.2 T)</p> <p>Resources memory dan CPU juga perlu dipertimbangkan bila ingin mengembangkan dari Routing dasar ke Advance Routing (IGP & EGP).<br />Konfigurasi dasar IPv6 di Router Cisco :</p> <p>1. Contoh Konfigurasi IPv6 Address di Interface Fisik & Sub Interface</p> <p>gw-ipv6#conf t<br />gw-ipv6(config)# ipv6 unicast-routing<br />! untuk mengaktifkan forwarding paket antar interface Router<br />gw-ipv6(config)# ipv6 cef<br />! untuk mengaktifkan fitur express forwarding paket IPv6<br />gw-ipv6(config)#int ethernet 0<br />gw-ipv6(config-if)#no shutdown<br />gw-ipv6(config-if)#ipv6 enable<br />! Untuk mengaktifkan IPv6 di interface<br />gw-ipv6(config-if)#ipv6 address 2404:177:0253::1/123<br />gw-ipv6(config-if)#^Z</p> <p>gw-ipv6#sh run int ethernet 0<br />! untuk menampilkan konfigurasi khusus Ethernet 0 saja</p> <p>Building configuration…<br />!<br />Current configuration : 189 bytes<br />!<br />interface Ethernet3/0<br />no ip address<br />ipv6 enable<br />ipv6 address 2404:177:253::1/123<br />end</p> <p>gw-ipv6#wr<br />! untuk menyimpan konfigurasi di NVRAM</p> <p>2. Contoh Konfigurasi IPv6 Address di Interface Virtual (Tunnel)</p> <p>gw-ipv6#conf t<br />gw-ipv6(config)#int tunnel 100<br />gw-ipv6(config-if)#ipv6 enable<br />gw-ipv6(config-if)#ipv6 address 2404:177:A::1/126<br />gw-ipv6(config-if)#tunnel source ipv4 address/nama interface<br />! Tunnel Source merupakan ipv4 address disisi router ini / nama interfacenya<br />gw-ipv6(config-if)#tunnel destin<br />ation ipv4address<br />! Tunnel Destination merupakan ipv4 address disisi router lawan yang akan kita bangun tunnel.<br />! IPv4 tunnel source disisi pertama merupakan IPv4 tunnel destination di router kedua.<br />! Demikian juga sebaliknya.<br />gw-ipv6(config-if)#tunnel mode ipv6ip<br />! ipv6ip merupakan mode tunnel IPv6 langsung (direct).</p> <p>3. Contoh Konfigurasi Routing Static IPv6</p> <p>gw-ipv6#conf t<br />gw-ipv6(config)#ipv6 route 2404:175::/32 tunnel100<br />! untuk me route paket ke prefix 2404:175::/32 lewat tunnel100<br />! routing ke nama interface bisa diganti dengan ipv6 address tunnel di seberang</p> <p>Wassalam,</p> <p>a. rahman isnaini r. sutan [2404:170:ee02::10]</p> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-655032884318519659?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-5211162510213932972008-10-28T16:25:00.000+07:002008-10-28T16:26:43.065+07:00Pengenalan Internet Protokol versi 6 (IPv6)<pre>Author: pangeran_biru<br />Online @ www.echo.or.id :: http://ezine.echo.or.id<br /><a href="http://ezine.echo.or.id/ezine7/ez-r07-pangeran_biru-pengenalan%20IPv6.txt"><br />http://ezine.echo.or.id/ezine7/ez-r07-pangeran_biru-pengenalan%20IPv6.txt</a><br /><br />=== Pengenalan Internet Protokol versi 6 (IPv6) [primbon #1] ===<br /> <br /><br />Assalamualaikum wr.wb<br /><br />Awalnya artikel ini saya tulis tentang implementasi IPv6 pada sistem operasi linux,<br />tetapi setelah saya tulis kok kepanjangan kalo hanya dijadikan satu primbon oleh<br />karena itu saya memutuskan menuliskannya kedalam 2 primbon (yaitu pengenalan IPv6 primbon #1,<br />dan Implementasi IPv6 pada sistem operasi linux primbon #2).<br /><br /><br />Dalam jaringan komputer dikenal adanya suatu protokol yang mengatur bagaimana<br />suatu node berkomunikasi dengan node lainnya didalam jaringan, protokol tersebut<br />berfungsi sebagai bahasa agar satu komputer dapat berkomunikasi satu dengan yang lainnya.<br />protokol yang merupakan standar de facto dalam jaringan internet yaitu protokol TCP/IP,<br />sehingga dengan adanya TCP/IP komputer yang dengan berbagai jenis hardware dan berbagai<br />jenis sistem operasi (linux,Windows X, X BSD, de el el) tetap dapat berkomunikasi.<br /><br />Internet Protocol (IP) merupakan inti dari protokol TCP/IP, seluruh data yang berasal dari<br />layer-layer diatasnya harus diolah oleh protokol ini agar sampai ketujuan.versi IP yang saat<br />ini telah dipakai secara meluas di internet adalah Internet Protocol versi 4 (IPv4).<br /><br />perkembangan internet yang sangat pesat sekarang ini menyebabkan alokasi alamat (IP addres)<br />IPv4 semakin berkurang, hal ini menyebabkan harga IP address legal sangat mahal<br />(kecuali maok!!!heu...heu...).Untuk mengatasi kekurangan alokasi IP address maka IETF<br />mendesain suatu IP baru yang disebut Internet Protocol versi 6 (IPv6).<br /><br />pada IPv6, panjang alamat terdiri dari 128 bit sedangkan IPv4 hanya 32 bit. sehingga IPv6<br />mampu menyediakan alamat sebanyak 2^128 [2 pangkat 128] atau 3X10^38 alamat, sedangkan IPv4<br />hanya mampu menyediakan alamat sebanyak 2^32 atau 4,5X10^10 alamat.<br /><br />oke, tadi cuma intro aja! sekarang kita lanjutkan ke yang lebih dalam lagi.<br />kemon baybeh!!!!!<br /><br />sekarang saya akan menjelaskan perbedaan yang lainnya antara IPv4 dengan IPv6.<br /><br />A.Struktur pengalamatan<br /><br />#IPv4<br /><br />pengalamatan IPv4 menggunakan 32 bit yang setiap bit dipisahkan dengan notasi titik.<br />notasi pengalamatan IPv4 adalah sebagai berikut:<br /><br /> XXXXXXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX<br /><br />dimana setiap simbol X digantikan dengan kombinasi bit 0 dan 1.misalnya:<br /><br /> 10000010.11001000.01000000.00000001 (dalam angka biner)<br /><br />cara penulisan lain agar mudah diinget adalah dengan bentuk 4 desimal yang dipisahkan<br />dengan titik. misal untuk alamat dengan kombinasi biner seperti diatas dapat dituliskan<br />sebagai berikut:<br /><br /> 130.200.127.254<br /><br />penulis sudah menganggap teman-teman semua dah bisa cara untuk mengkonversi dari bilangan<br />biner ke desimal:). cos' kalo harus dijelasakan lagi nanti tambah ruwet nih artikel:p<br />oke sekarang berlanjut ke struktur pengalamatan IPv6!<br /><br /><br />#IPv6<br /><br />Tidak seperti pada IPv4 yang menggunakan notasi alamat sejumlah 32 bit, IPv6 menggunakan<br />128 bit. dah tau khan kenapa jadi 128 bit? yup biar alokasinya bisa lebih banyak.<br />oke sekarang kita liat notasi alamat IPv6 adalah sebagai berikut:<br /> <br /> X:X:X:X:X:X:X:X<br /><br />kalo dalam bentuk biner ditulis sebagai berikut:<br /><br />1111111001111000:0010001101000100:1011111001000001:1011110011011010:<br />0100000101000101:0000000000000000:0000000000000000:0011101000000000<br /><br />(dua blok diatas sebenarnya nyambung tapi agar tidak memakan tempat maka ditulis kebawah)<br />itu notasi alamat IPv6 kalo dalam bentuk biner hal ini sengaja saya tulis bukan untuk membuat<br />pusing yang baca tetapi untuk menunjukkan betapa panjangnya alamat IPv6.<br />silahkan bandingkan dengan panjangnya IPv4.<br /><br />nah! agar lebih mudah diinget setiap simbol X digantikan dengan kombinasi 4 bilangan<br />heksadesimal dipisahkan dengan simbol titik dua [:]. untuk contoh diatas dapat ditulis sbb:<br /><br />FE78:2344:BE43:BCDA:4145:0:0:3A<br /><br />lebih enak diliatnya khan?nah sistem pengalamatan IPv6 dapat disederhanakan jika terdapat<br />berturut-turut beberapa angka "0". contohnya untuk notasi seperti diatas dapat ditulis:<br /><br />FE78:2344:BE43:BCDA:4145:0:0:3A -------> FE78:2344:BE43:BCDA:4145::3A<br /><br />contoh lagi:<br /><br />8088:0:0:0:0:0:4508:4545 -------->8088::4508:4545<br /><br /><br />B.Sistem pengalamatan<br /><br />#IPv4<br /><br />Sistem pengalamatan IPv4 dibagi menjadi 5 kelas, berdasarkan jumlah host yang dapat dialokasikan<br />yaitu:<br /><br />Kelas A : range 1-126<br />Kelas B : range 128-191<br />kelas C : range 192-223<br />kelas D : range 224-247<br />kelas E : range 248-255<br /><br />tapi yang lazim dipake hanya kelas A,B dan C sedangkan kelas D dipakai untuk keperluan alamat<br />multicasting dan kelas E dipake untuk keperluan eksperimental.<br /><br />selain itu pada IPv4 dikenal istilah subnet mask yaitu angka biner 32 bit yang digunakan untuk<br />membedakan network ID dan host ID, menunjukkan letak suatu host berada dalam satu jaringan<br />atau lain jaringan.contohnya kaya gini:<br /><br />IP address: 164.10.2.1 dan 164.10.4.1 adalah berbeda jaringan jika menggunakan netmask<br />255.255.254.0, tetapi akan jika netmasknya diganti menjadi 255.255.240.0 maka kedua<br />IP address diatas adalah berbeda jaringan. paham belom? kalo belom paham gini caranya:<br /><br /><br />164.10.2.1-------> 10100100.00001010.00000010.00000001<br />255.255.254.0----> 11111111.11111111.11111110.00000000<br /> ____________________________________ XOR<br /> 10100100.00001010.00000010.00000000-->164.10.2.0<br />dan<br />164.10.4.1-------> 10100100.00001010.00001000.00000001<br />255.255.254.0----> 11111111.11111111.11111110.00000000<br /> ____________________________________ XOR<br /> 10100100.00001010.00001000.00000000-->164.10.4.0<br /><br /><br />operasi XOR caranya seperti pertambahan waktu SD, cuman lebih mudah, gampangnya gini kalo<br />angka "1" jumlahnya genap hasilnya "1" kalo jumlah "1" ganjil hasilnya "0" (1+1=1, 1+0=0)<br />(heu...heu...).<br /><br />terlihat hasil operasi XOR dua IP address dengan netmask yang sama hasilnya beda berarti<br />kedua IP address tersebut berbeda jaringan. untuk contoh berikutnya yang menggunakan<br />netmask 255.255.240.0 silahkan coba sendiri.<br /> <br />#IPv6<br /><br />pada IPv6 tidak dikenal istilah pengkelasan, hanya IPv6 menyediakan 3 jenis pengalamatan<br />yaitu: Unicast, Anycast dan Multicast. alamat unicast yaitu alamat yang menunjuk pada sebuah<br />alamat antarmuka atau host, digunakan untuk komunikasi satu lawan satu. pada alamat unicast<br />dibagi 3 jenis lagi yaitu: alamat link local, alamat site local dan alamat global.<br />alamat link local adalah alamat yang digunakan di dalam satu link yaitu jaringan local yang<br />saling tersambung dalam satu level. sedangkan alamat Site local setara dengan alamat privat,<br />yang dipakai terbatas di dalam satu site sehingga terbatas penggunaannya hanya didalam satu<br />site sehingga tidak dapat digunakan untuk mengirimkan alamat diluar site ini.<br />alamat global adalah alamat yang dipakai misalnya untuk Internet Service Provider.<br /><br />alamat anycast adalah alamat yang menunjukkan beberapa interface (biasanya node yang berbeda).<br />paket yang dikirimkan ke alamat ini akan dikirimkan ke salahsatu alamat antarmuka yang paling<br />dekat dengan router. alamat anycast tidak mempunyai alokasi khusus, cos' jika beberapa<br />node/interface diberikan prefix yang sama maka alamat tersebut sudah merupakan alamat anycast.<br /><br />alamat multicast adalah alamat yang menunjukkan beberapa interface (biasanya untuk node yang<br />berbeda). Paket yang dikirimkan ke alamat ini maka akan dikirimkan ke semua interface yang<br />ditunjukkan oleh alamat ini. alamat multicast ini didesain untuk menggantikan alamat broadcast<br />pada IPv4 yang banyak mengkonsumsi bandwidth.<br /> <br /> Tabel alokasi alamat IPv6<br />__________________________________________________________________<br />|alokasi | binary prefix |contoh (16 bit pertama | <br />|_______________|__________________________|_______________________|<br />|Global unicast |001 | 2XXX ato 3XXX |<br />|link local |1111 1110 10 | FE8X - FEBx |<br />|site local |1111 1110 11 | FECx - FEFx |<br />|Multicast |1111 1111 | FFxx |<br />|_______________|__________________________|_______________________|<br /><br />selain alamat diatas tadi ada juga jenis pengalamatan lainnya diantaranya:<br /><br />#IPv4-compatible IPv6 address biasanya alamat ini digunakan untuk mekanisme transisi Tunelling<br />format alamatnya kaya gini:<br /> <br /> 80 bits |16 | 32 bits |<br />+-------------------+------+---------------------+<br />|0000...........0000| 0000 | IPv4 address |<br />+-------------------+------+---------------------+<br /><br />contohnya:<br /> = 0:0:0:0:0:0:192.168.30.1<br /> = ::192.168.30.1<br /> = ::C0A8:1E01<br />jadi 0:0:0:0:0:0:192.168.30.1=::c0AB:1E01 kok bisa dapat dari mane? gini caranya:<br />buat dulu alamat 0:0:0:0:0:0:192.168.30.1 jadi biner<br />::11000000.10101000.00011110.00000001 kemudian kelompokkan menjadi masing 16 bit<br />::[1100.0000.1010.1000]:[0001.1110.0000.0001] diubah ke heksa desimal--->::C0A8:1E01<br />tanda "." (titik) didalam kurung untuk mempermudah konversi dari biner ke heksadesimal.<br />sudah pahamkan? masih belum juga silahkan ulangi lagi dengan perlahan:p<br /><br />#IPv4-mapped IPv6 address biasanya digunakan untuk mekanisme transisi ISATAP.<br /> <br /> 80 bits |16 | 32 bits |<br />+-------------------+------+---------------------+<br />|0000...........0000| FFFF | IPv4 address |<br />+-------------------+------+---------------------+<br /><br />contohnya: =::FFFF:192.168.1.2<br /><br />#IPv6 over ethernet digunakan untuk stateless autoconfiguration (pemberian alamat IPv6<br />secara otomatis tanpa memerlukan server yang memberi alokasi IP address, mirip DHCP<br />cuman tanpa server).<br />contoh:<br /> 00:90:27:17:FC:0F<br /> /\<br /> / \<br /> FF FE<br />maka alamatnya menjadi 00:90:27:FF:FE:17:FC:0F kemudian diblok pertama bit ketujuh diinvers<br /> 00:90:27:17:FC:0F<br /> | <br /> |<br /> \|/<br /> 000000[0]0 bit yang dikurungi diinvers dari 0--->1<br />maka sekarang menjadi 02:90:27:FF:FE:17:FC:0F alamat tersebut adalah alamat IPv6 over ethernet.<br /><br />oke mungkin segitu dulu tulisan dari saya, sebagai dasar teori untuk IPv6 (ceile!!!!),<br />sebenarnya masih banyak yang ingin saya tulis cuman nanti terlalu panjang nih artikel takut<br />ga ada yang baca. (heu.....heu...)<br /><br />semoga tetap dalam semangat untuk berbagi!!!!!<br />Wassalam<br /><br /><br />kritik&saran silahkan kirim ke pan6eran_biru[at]yahoo.com<br /><br /><br /><br /><br />Referensi:-TCP/IP standard,desain dan Implementasi, Onno W.purbo dkk<br /> -Teori dan Implementasi IPv6 Protokol Internet Masa depan, Riza Taufan<br /> -Interkoneksi IPv6 dengan menggunakan DSTM, Dody Setiawan<br /> -Implementasi dan Analisa Teredo untuk interkoneksi jaringan IPv6/IPv4 dengan jaringan<br /> IPv6 yang melalui IPv4 NAT (Network Address Translation), Wahidi Somad<br /> -Introduction & Deployment IPv6 Tutorial,Che Rohani Ishak dkk<br /> <br /><br />[###############################################################################################]<br /><br /> thengkiyu tu :-aLL echo|staff,<br /><br /> GreetZ to :-temen-temen seperjuangan: |blo`on|,gorila,dragon CCNA, mbah harjo,ksj,<br /> st3alth (adeku yang baik!), all dech!!! <br /> -barudak #sunda (belegug [salam blemoh!!!],Hendi, al-mubarak,all dech!)<br /> -special Kanggo: Neng Wiharyanti Purnama Dewi(kapan maen ke kost lagi?)<br /> -buat orang-orang yang pernah mencaci gw, mentertawakan gw,<br /> kalian adalah pemacu semangatku heu....heu...<br /> <br />[###############################################################################################] <br /><br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-521116251021393297?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-45763564837155630462008-10-23T12:00:00.001+07:002008-10-23T12:02:01.718+07:00Linux Advanced Routing Mini HOWTOThis page is a small HOWTO about the advanced linux routing...<br /><p><br />First of all let me tell you where you can find the best source of information about the advanced routing under Linux. Most of you probably know or heard about the <a href="http://www.lartc.org/" target="_blank">Linux Advanced Routing & Traffic Control</a> site. There you can see a very comprehensive source of knowledge based not only on documentation but by easy to understand examples...<br /></p> <p><b>Credits:</b> <a href="http://www.lartc.org/" target="_blank">Linux Advanced Routing & Traffic Control</a>, Thea</p> Ok, then...<br />This page will show you how to set a linux box to use 2 different ISPs on the same time...<br /><br /><b><span style="font-size: 12pt;">First example:</span></b><br />Goal: To route packets that came from 4 network to different ISPs<br /><br />Let's presume that you have two ISPs. In the following examples I'll use RDS and ASTRAL (two large ISPs from my country)<br />For the ASCII art and lynx console browser fans I'll use this kind of chart: <pre> ________<br /> +-------------+ /<br /> | ISP 1 | /<br /> +-------------+ (RDS) +------+<br /> | | gw 10.1.1.1 | /<br /> +------+-------+ +-------------+ /<br />+----------------+ | eth1 | /<br />| | | | |<br />| Local networks +----+ Linux router | | Internet cloud<br />| | | | |<br />+----------------+ | eth2 | \<br /> +------+-------+ +-------------+ \<br /> | | ISP 2 | \<br /> +-------------+ (ASTRAL) +------+<br /> | gw 10.8.8.1 | \<br /> +-------------+ \________<br /></pre> We will work only on Linux router box. From the root prompter do: <pre class="gri">echo 1 RDS >> /etc/iproute2/rt_tables<br />echo 2 ASTRAL >> /etc/iproute2/rt_tables<br /></pre> The /etc/iproute2/rt_table content after previous commands: <pre class="gri">#<br /># reserved values<br />#<br />255 local<br />254 main<br />253 default<br />0 unspec<br />#<br /># local<br />#<br />#1 inr.ruhep<br />1 RDS<br />2 ASTRAL<br /></pre> Now we have three routing tables as follows: RDS table, ASTRAL table and the main table...<br />Let's fill up every table with the defaults routes:<br /><br /> The next step is to have some routing rules and routes:<br /><br /> For the RDS table: <pre class="gri">ip route add default via 10.1.1.1 dev eth1 table RDS<br />ip rule add from 10.11.11.0/24 table RDS<br />ip rule add from 10.12.12.0/24 table RDS<br /></pre> For the ASTRAL table: <pre class="gri">ip route add default via 10.8.8.1 dev eth2 table ASTRAL<br />ip rule add from 10.22.22.0/24 table ASTRAL<br />ip rule add from 10.33.33.0/24 table ASTRAL<br /></pre> To see the routing tables: <pre class="gri">ip route show table ASTRAL<br />ip route show table RDS<br />ip route show table main # it's the same as "route -n" but in different format...<br /></pre> To see the routing tables: <pre class="gri">ip rule show # all the rule list<br />ip rule show | grep ASTRAL # only for ASRAL<br />ip rule show | grep RDS # only for RDS<br /></pre> Let me explain the above rules.<br />The packets that came from the 10.11.11.0/24 and 10.12.12.0/24 networks will go to the RDS routing table and then (because we have a default route) will be passed to the RDS gateway. And similar, the packets that came from the 10.22.22.0/24 and 10.33.33.0/24 network will go to the ASTRAL gateway...<br />What is happening with the packets that came from other networks that are not shown in the above rules? Well, they just simply go to main routing table and follow the routing rules that reside there... If you want to block them to go to internet just delete the default route from the main table... (of course, doing that your router can not longer go to interent).<br /><br /><br /> <b><span style="font-size: 12pt;">Second example:</span></b><br />Goal: To route the packets having the destination port 22/tcp to the RDS and 80/tcp to the ASTRAL (no matter what network generates them).<br />This example it is almost the same as the first one except that we will use iptables to mark the packets.<br /><br /> Same chart... <pre> ________<br /> +-------------+ /<br /> | ISP 1 | /<br /> +-------------+ (RDS) +------+<br /> | | gw 10.1.1.1 | /<br /> +------+-------+ +-------------+ /<br />+----------------+ | eth1 | /<br />| | | | |<br />| Local networks +----+ Linux router | | Internet cloud<br />| | | | |<br />+----------------+ | eth2 | \<br /> +------+-------+ +-------------+ \<br /> | | ISP 2 | \<br /> +-------------+ (ASTRAL) +------+<br /> | gw 10.8.8.1 | \<br /> +-------------+ \________<br /></pre><br />Same /etc/iproute2/rt_table content: <pre class="gri">#<br /># reserved values<br />#<br />255 local<br />254 main<br />253 default<br />0 unspec<br />#<br /># local<br />#<br />#1 inr.ruhep<br />1 RDS<br />2 ASTRAL<br /></pre> Before you start check your iptables configuration. I strongly recommend to read about iptables if you are unsure about what you will doing next.<br />For more documentation go to <a href="http://www.iptables.org/" target="_blank">iptables home page</a> or you can download a good documentation from this site (<a href="http://www.linuxhorizon.ro/">Security & Privacy Section</a>) or directly from <a href="http://www.linuxhorizon.ro/files/iptables-tutorial.pdf.zip">here</a>.<br /><br /> To mark the packets that have the 22 and 80 as destination port we will use the MANGLE table... <pre class="gri">iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 22 -j MARK --set-mark 1<br />iptables -A PREROUTING -t mangle -i eth0 -p tcp --dprot 80 -j MARK --set-mark 2<br /></pre> For the RDS table: <pre class="gri">ip route add default via 10.1.1.1 dev eth1 table RDS # the same like in the first example<br /></pre> For the ASTRAL table: <pre class="gri">ip route add default via 10.8.8.1 dev eth2 table ASTRAL # the same like in the first example<br /></pre> The next step is to have some routing rules based by the marked packets:<br /><br /> For the RDS: <pre class="gri">ip rule add from all fwmark 1 table RDS<br /></pre> For the ASTRAL: <pre class="gri">ip rule add from all fwmark 2 table ASTRAL<br /></pre> You can use the same commands to see the routing tables and rule lists as in the first example.<br /> Now you have a routing solution based by the destination port...<br /><br /> <center> If you need additional infos or Q&A please go to <a href="http://www.linuxhorizon.ro/contact.html" target="_blank">Contact Page</a> for our e-mail addresses...<br /><br /><a href="http://www.linuxhorizon.ro/iproute2.html">http://www.linuxhorizon.ro/iproute2.html</a><br /></center><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-4576356483715563046?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-20033099103221877492008-10-22T19:44:00.003+07:002008-11-05T12:02:21.014+07:00Mikrotik policy routing implementation example<h2>Thanks to </h2>Butch Evans<br /><a href="http://blog.butchevans.com/">http://blog.butchevans.com</a><br /><br /><h2><a href="http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/" rel="bookmark" title="Permanent Link: Mikrotik policy routing implementation example">Mikrotik policy routing implementation example</a></h2> <div style="margin: 0pt 0pt 0pt 10px; float: right; width: 42px; padding-right: 10px;"><script type="text/javascript"> <!-- digg_url = 'http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/'; digg_bgcolor = '#FFFFFF'; digg_skin = ''; digg_window = 'new'; digg_title = 'Mikrotik policy routing implementation example'; digg_bodytext = 'In “normal” routing, you have a set of routes that tell the router about how to reach certain networks. Policy routing is a way to do the...'; digg_media = 'news'; digg_topic = ''; //--> </script> <script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script><iframe src="http://digg.com/tools/diggthis.php?u=http%3A//blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/&t=Mikrotik%20policy%20routing%20implementation%20example&w=new&b=In%20%26%238220%3Bnormal%26%238221%3B%20routing%2C%20you%20have%20a%20set%20of%20routes%20that%20tell%20the%20router%20about%20how%20to%20reach%20certain%20networks.%A0%20Policy%20routing%20is%20a%20way%20to%20do%20the...&m=news&c=&k=%23FFFFFF" scrolling="no" width="52" frameborder="0" height="80"></iframe> </div> <p>In “normal” routing, you have a set of routes that tell the router about how to reach certain networks. Policy routing is a way to do the same thing, but have different “paths” or routes for various types of traffic. In this article, we will explore the requirements for setting up policy routing and explain some of the concepts involved.</p> <p><span id="more-50"></span></p> <p>Policy routing is implemented in 3 parts. The first part is to define the routes and which policies will use those routes. The second part is the routing rules, which will define how the policies apply to certain traffic. The third is to define the actual policies. We’ll look at each of these individually.</p> <p>The network below is the one we will use for this example.</p> <p style="text-align: center;"><img class="aligncenter size-full wp-image-51" title="policy" src="http://blog.butchevans.com/wp-content/uploads/2008/09/policy.jpg" alt="" width="500" height="177" /></p> <p>We will assume that you already have the IP addresses set up on your router.</p> <p>Read more:</p><a href="http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/">http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2003309910322187749?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com3tag:blogger.com,1999:blog-4650800593925871709.post-9985959763961994322008-10-09T12:45:00.001+07:002008-10-09T12:45:51.639+07:00Optimasi Apache2<h3 class="post-title"> <a href="http://frankmash.blogspot.com/2005/11/optimize-apache-20-apache2-on-rhel.html" title="permanent link"> Optimize Apache 2.0 (Apache2) on RHEL - Track users using Clickstream</a> </h3> <p> </p><p>First, make a backup and then modify /etc/httpd.conf and change settings as follows</p><br /><p class="code"><br /># change Timeout 300 to<br />Timeout 45<br /># change KeepAlive Off to<br />KeepAlive On<br /># MaxKeepAliveRequests: The maximum number of requests to allow<br /># during a persistent connection. Set to 0 to allow an unlimited amount.<br /># We recommend you leave this number high, for maximum performance.<br /># -- change MaxKeepAliveRequests 100 to 500<br />MaxKeepAliveRequests 500<br /># KeepAliveTimeout: Number of seconds to wait for the next request from the<br /># same client on the same connection.<br /># change KeepAliveTimeout 15 to<br />KeepAliveTimeout 5<br /># Increase MaxClients after benchmarking. mine is<br />MaxClients 200<br /># Turn off ServerSignature<br />ServerSignature Off<br /><br />#ServerTokens Product<br />ServerTokens ProductOnly<br /></p><p class="code"><a href="http://frankmash.blogspot.com/2005/11/optimize-apache-20-apache2-on-rhel.html">http://frankmash.blogspot.com/2005/11/optimize-apache-20-apache2-on-rhel.html</a><br /><br /></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-998595976396199432?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-70371614466332688222008-09-23T18:26:00.002+07:002008-09-23T18:30:28.868+07:00Menghapus /var/www/sargSetelah server proxy berjalan selama 2 tahun lebih harddisknya cepat sekali habis setelah dicari-cari biang keroknya ada SARG, SARG ini aplikasi untuk mengolah log-nya squid.<br />dari pada harddisknya abis ya sudah SARGnya di remove tapi file-file hasil sarg ini tetap bercokol di harddisk di path /var/www/sarg<br /><br />untuk menghapusnya pakai perintah<br /><br />#cd /var/www<br />#rm -rf sarg/<br /><br />beres deh harddisk proxy jadi luega buanget<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-7037161446633268822?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-39299366059324054332008-09-23T14:07:00.004+07:002008-09-23T14:47:26.115+07:00Solusi Akses Internet On DemandSeiring dengan perkembangan jaringan Internet di Indonesia saat ini dimana semakin banyak ISP yang menawarkan akses Internet IIX only pada game-game online dan perusahaan-perusahaan yang memang hanya membutuhkan akses ke Internet domestik di Indonesia. Tetapi suatu saat mungkin ada keperluan untuk mengakses Internet Global misalnya untuk cek email di yahoo.com gmail.com atau sekedar mencari informasi di google.com untuk itu mungkin solusi akses Internet on demand bisa menjadi pilihan.<br /><br />Demikian juga bagi mahasiswa-mahasiswa yang memiliki koneksi Internet di kamar kost-nya melalui jaringan RTRWNet dengan harga sangat terjangkau tetapi umumnya bandwidth menuju ke Internet Global sangat terbatas maka jika suatu saat membutuhkan akses Internet Global yang lebih cepat maka solusi akses Internet on demand bisa menjadi pilihan.<br /><br /><span style="font-weight: bold;">Apa itu akses Internet on demand?</span><br />Akses Internet on demand yang dimaksud dalam tulisan ini adalah akses Internet Global menggunakan koneksi VPN-dial yang disediakan oleh <a href="http://www.datautama.net.id/">DatautamaNet</a> , sebenarnya fasilitas VPN-Dial ini adalah layanan tambahan bagi pengguna <a href="http://mobile.datautama.net.id/">Dmobile</a> tetapi seharusnya bisa juga dimanfaatkan oleh semua orang dengan cara cukup membeli <a href="http://mobile.datautama.net.id/web/index.php?option=com_content&view=category&layout=blog&id=36&Itemid=63">voucher</a> secara fisik maupun secara online di <a href="https://www.gudangvoucher.com/index.php?PID=52">gudangvoucher.com</a> lalu melakukan <a href="http://mobile.datautama.net.id/web/index.php?option=com_content&view=section&id=5&Itemid=53">aktivasi</a> lalu ikuti <a href="http://mobile.datautama.net.id/web/index.php?option=com_content&view=category&layout=blog&id=48&Itemid=71">petunjuk cara peng-aktivan</a> atau cukup menggunakan <a href="http://mobile.datautama.net.id/web/index.php?option=com_content&view=category&layout=blog&id=40&Itemid=64">SMS</a> dari Handphone CDMA + Fren Anda.<br /><br />Setelah voucher tersebut aktif maka akses Internet on demand dapat dinikmati dengan cara membuat koneksi VPN yang petunjuknya dapat dibaca di:<br /><a href="http://mobile.datautama.net.id/web/index.php?option=com_content&view=category&layout=blog&id=49&Itemid=72">http://mobile.datautama.net.id/web/index.php?option=com_content&view=category&layout=blog&id=49&Itemid=72</a><br /><br /><span style="font-weight: bold;">Syarat minimal yang dibutuhkan</span><br />Adapun syarat minimal yang dibutuhkan untuk dapat menggunakan Internet on demand menggunakan VPN ini adalah komputer Anda harus dapat melakukan VPN dial menggunakan protocol PPTP yang biasanya telah disupport oleh MS. Windows XP dan Linux, juga harus dapat mengakses ke IP 203.89.24.5 caranya coba ping dan traceroute dari komputer Anda ke IP 203.89.24.5<br /><br />Jika menggunakan Sistem Operasi MS. Windows caranya klik Start->Run ketik CMD dan Enter<br />maka akan muncul jendela command prompt C:\>, misal sbb:<br /><br /><span style="font-size:78%;">C:\Documents and Settings\Harijanto>ping 203.89.24.5<br /><br />Pinging 203.89.24.5 with 32 bytes of data:<br /><br />Reply from 203.89.24.5: bytes=32 time=14ms TTL=62<br />Reply from 203.89.24.5: bytes=32 time=4ms TTL=62<br />Reply from 203.89.24.5: bytes=32 time=4ms TTL=62<br />Reply from 203.89.24.5: bytes=32 time=3ms TTL=62<br /><br />Ping statistics for 203.89.24.5:<br /> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br />Approximate round trip times in milli-seconds:<br /> Minimum = 3ms, Maximum = 14ms, Average = 6ms<br /><br />C:\Documents and Settings\Harijanto>tracert 203.89.24.5<br /><br />Tracing route to ip-24-5.datautama.net.id [203.89.24.5]<br />over a maximum of 30 hops:<br /><br />1 1 ms 1 ms 1 ms 192.168.2.1<br />2 1 ms 2 ms 1 ms ip-24-65.datautama.net.id [203.89.24.65]<br />3 9 ms 9 ms 5 ms ip-24-5.datautama.net.id [203.89.24.5]<br /><br />Trace complete.<br /><br />C:\Documents and Settings\Harijanto></span><br /><br />Jika dari komputer Anda bisa Replay From 203.89.24.5 maka anda dapat melakukan VPN Dial ke Server VPN Internet on demand tersebut.<br /><br /><span style="font-weight: bold;">Manfaat Internet on demand</span><br /><ol><li>Internet on demand bagi pengguna yang hanya berlangganan IIX ke ISP manapun di Indonesia</li><li>Global Internet Akses 128Kbps per koneksi, jika bandwidth IIX Anda lebih besar dari 128Kbps maka Anda dapat mengakses Global Internet Akses sd 128Kbps per koneksi / per komputer yang melakukan VPN Dial ke 203.89.24.5</li><li>Sebagai backup koneksi Global Internet Akses jika ISP yang Anda gunakan mengalami gangguan ke Global Internet Akses tetapi ke IIX tidak ada masalah.</li><li>Sebagai pengaman tambahan jika Anda mengakses public Internet seperti hotspot sehingga data-data Anda akan aman terbungkus koneksi VPN dari notebook Anda sampai dengan ke VPN Server DatautamaNet.</li><li>Sebagai solusi SMTP Server / Outgoing Server jika Anda mengalami kesulitan mengirim email dari notebook / komputer Anda melalui public Internet seperti hotspot, dengan mengarahkan outgoing server / SMTP server Anda ke smtp.datautama.net.id setelah berhasil melakukan koneksi VPN dial ke DatautamaNet.</li><li>Username dan Password dapat digunakan di hotspot Krispykreme: Grand Indonesia dan Plaza Senayan sekaligus untuk koneksi Internet melalui jaringan <a href="http://web.datautama.net.id/content.php?id=201">CDMA Fren/Mobile-8</a><br /></li></ol>Informasi lebih lanjut <a href="http://web.datautama.net.id/content.php?id=6">klik disini</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3929936605932405433?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-91781058733881210832008-09-16T17:08:00.002+07:002008-09-16T17:09:14.823+07:00Cara rubah timezone setelah proses install di debianMungkin kita butuh merubah timezone setelah debian terinstall caranya mudah tinggal eksekusi:<br /><br />tzconfig<br /><br />lalu ikuti langkah2nya<br /><br /><h3>16.1.1 Changing the timezone after installation</h3> <p> If the timezone is not set or is wrong, the superuser can run <code>tzconfig</code> to configure it after the operating system is installed (see man page <code>tzconfig(8)</code>). </p> <p> If there are other users, it is a good idea to notify then that the system Timezone has changed.<br /></p><p><br /></p><p><a href="http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html">http://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html</a><br /></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-9178105873388121083?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-37455479186871738442008-09-16T15:59:00.003+07:002008-09-16T16:07:37.176+07:00Contoh Pengajuan Rerverse DNSUntuk mengaktifkan reverse dns setelah nameserver dikonfigurasikan dengan benar dan dapat berfungsi dengan baik di nameserver isp maka selanjutnya kirim email sbb:<br /><br /><span style="font-size:85%;">to: hostmaster@apjii.or.id<br />subject: [DATAUTAMA-ID] reverse dns 29.89.203.in-addr.arpa<br /><br />domain: 29.89.203.in-addr.arpa<br />descr: PT. Data Utama Dinamika<br />descr: Wisma Presisi Lantai 2<br />descr: Jl. Taman Aries Blok A1 No 1<br />descr: Meruya Utara - Kembangan<br />descr: Jakarta 11620<br />country: ID<br />admin-c: HP371-AP<br />tech-c: HP371-AP<br />zone-c: HP371-AP<br />nserver: ns1.datautama.net.id<br />nserver: ns2.datautama.net.id<br />remarks: spam & abuse report: <a class="moz-txt-link-abbreviated" href="mailto:abuse@datautama.net.id">abuse@datautama.net.id</a><br />notify: <a class="moz-txt-link-abbreviated" href="mailto:noc@datautama.net.id">noc@datautama.net.id</a><br />mnt-by: MNT-APJII-ID<br />mnt-lower: MAINT-ID-DATAUTAMA<br />changed: <a class="moz-txt-link-abbreviated" href="mailto:hostmaster@apjii.or.id">hostmaster@apjii.or.id</a> 20020304<br />source: APNIC<br />password: xxxxx</span><br /><br />setelah email di terima oleh hostmaster@apjii.or.id atau IDNIC maka APJII/IDNIC akan mereplay sbb:<br /><br /><br /><span style="font-size:85%;">Dear Pak Harijanto,<br /><br />The following reverse domain objects have been created in the APNIC Whois Database. This information will be merged into APNIC master zone file within the next 2 hours.<br /><br /><span class="moz-txt-tag">--<br /></span>Best Regards,<br /><br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3745547918687173844?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-32076632602707805252008-09-16T15:37:00.008+07:002009-12-23T15:21:54.910+07:00Petunjuk melakukan 2nd opinion IPv4Dalam mengelola IPv4 dari APNIC, ISP perlu melakukan 2nd opinion agar data who-is APNIC dapat terupdate sesuai perkembangan penggunaan IPv4 yang didelegasikan APNIC ke ISP ybs.<br /><br />Proses 2nd opinion ini perlu dilakukan sebelum mengajukan pengarahan reverse dns dari APNIC ke nameserver ISP ybs.<br /><br />Berikut adalah contoh step by step proses 2nd opinion melalui APJII<br />keterangan lebih lanjut bisa dibaca di : <a href="http://www.idnic.net/">http://www.idnic.net<br /></a><br /><br />Langkah langkahnya adalah sbb:<br />---------------------------------<br /><br />Kirim email ke hostmaster@apjii.or.id<br /><br /><span style="font-size:85%;">#[SECOND OPINION REQUEST FORM TEMPLATE]# #[REQUESTOR TEMPLATE]#<br />name: Harijanto Pribadi<br />email: harijanto@datautama.com<br />acct-name: DATAUTAMA-ID<br />org-relationship: Director<br /><br />#[SECOND OPINION TEMPLATE]#<br />address-type: IPv4<br />opinion-type: assignment<br /><br />#[IPv4 ASSIGNMENT TEMPLATE V:1.0]#<br />netname: BUDILUHUR<br />descr: Universitas Budi Luhur<br />descr: JL. Raya Ciledug Pertukangan No. 99<br />descr: Jakarta 11260<br />country: ID<br />prefix: /28<br />network-plan: 203.89.25.16/28 /28,/28,/28 Router and Server<br /><br />#[ADDITIONAL INFORMATION]#<br />Campus Network</span><br /><br />Setelah menerima email balasan dari hostmaster@apjii.or.id seperti dibawah ini<br />Kemudian buka <a href="http://www.apnic.net/apnic-bin/inetnum.pl">http://www.apnic.net/apnic-bin/inetnum.pl</a><br /><br />versi terbaru <a href="http://submit.apnic.net/apnic-bin/inetnum.pl">http://submit.apnic.net/apnic-bin/inetnum.pl</a><br /><br /><span style="font-size:85%;">Kepada Yth,<br />Pak Harijanto<br /><br />Terima kasih atas pengajuan Opini Kedua.<br />Kami dapat menerima request Opini Kedua anda.<br /><br />Netname: BUDILUHUR<br />Prefix: /28<br />Harap segera lakukan updating atas assignment kepada client anda di whois database APNIC pada link :<br />http://www.apnic.net/apnic-bin/inetnum.pl<br /><br />Status yang dicantumkan untuk range IP Address untuk pelanggan ini adalah:<br />ASSIGNED NON-PORTABLE<br /><br />Catatan:<br />Bila terjadi perubahan "netname" dengan yang tercantum di Second opinion ini, mohon diinfokan kepada kami.<br /><br />Bila ada hal-hal yang kurang jelas mengenai hal ini, dapat menghubungi kami kembali di email ini.<br /><br />Prosedur Updating Database IP-Range:<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />1. Dapat menggunakan Template Inetnum. Contohnya adalah sbb:<br /><br />inetnum: 202.148.32.0 - 202.148.32.255<br />netname: APJII<br />descr: Asosiasi Penyelenggara Jasa Internet Indonesia<br />descr: Indonesian ISP Association<br />country: ID<br />admin-c: AA2-ID<br />tech-c: AH1-ID<br />mnt-by: MAINT-ID-ISPNET<br />changed: wsekjen@apjii.or.id 20020722<br />remarks: Send Spam & Abuse Reports to : abuse@isp.net.id<br />status: ASSIGNED NON-PORTABLE<br />source: APNIC<br /><br />2. INETNUM: range IP Address yang akan diassign ke pelanggan anda, sesuai dengan jumlah Prefix dalam Second Opinion.<br />3. NETNAME: harus sama dengan netname yang ada di Second Opinion. Bila terjadi perubahan Netname, harap diinfokan kepada hostmaster APJII </span><hostmaster@apjii.or.id><span style="font-size:85%;">.<br />4. Descr: diisi dengan Basis Usaha pelanggan,alamat (cukup disebutkan kotamadya saja) pelanggan, bukan data-data ISP-nya.<br />5. ADMIN-C & TECH-C harap dicantumkan Role Object ISP anda.Bila ISP anda belum memiliki Role Object, bisa mengacu pada "Prosedur Updating Database APNIC" pada bagian "Prosedur Updating Role Object".<br />6. Maintainer Object diisi dengan Maintainer Object ISPNET anda. Bila belum ada,dapat menghubungi Hostmaster APJII untuk panduan lebih lanjut.<br />7. STATUS: untuk Second Opinion ini diisi dengan ASSIGNED NON-PORTABLE 8. Kirim template ini ke auto-dbm@apnic.net . Dalam pengiriman ini,gunakan format Plain Text (murni). Hindari penggunaan format tambahan pada email seperti Bold, Italic,dsb. Biasanya hal seperti ini akan mengakibatkan Failure pada saat Updating.<br /><br />Wassalam,<br />____________________________________________________________<br />Ahmad Khalil Alkazimy, Internet Resource Analyst </span><ahmad@apjii.or.id><span style="font-size:85%;"><br />ID-NIC {Indonesia Network Information Center]<br />hostmaster@apjii.or.id<br />http://www.apjii.or.id<br />Telp +62-21-5296.0634 Fax +62-21-5296.0635<br />____________________________________________________________<br /></span><br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJHEzIXI/AAAAAAAAANc/aY2NmGCo12Y/s1600-h/image001.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJHEzIXI/AAAAAAAAANc/aY2NmGCo12Y/s400/image001.png" alt="" id="BLOGGER_PHOTO_ID_5246538691265110386" border="0" /></a><hostmaster@apjii.or.id><ahmad@apjii.or.id><br />Klik New<br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJuqRc_I/AAAAAAAAANs/2I3kYxuxU2E/s1600-h/image003.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJuqRc_I/AAAAAAAAANs/2I3kYxuxU2E/s400/image003.png" alt="" id="BLOGGER_PHOTO_ID_5246538701891269618" border="0" /></a><br /><hostmaster@apjii.or.id><ahmad@apjii.or.id><br />Klik Submit<br />Password “xxxxx” bisa dilihat di approval IP Address Datautama<br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJkl9QHI/AAAAAAAAAN8/o86kD8MVz3o/s1600-h/image005.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SM9zJkl9QHI/AAAAAAAAAN8/o86kD8MVz3o/s400/image005.png" alt="" id="BLOGGER_PHOTO_ID_5246538699188813938" border="0" /></a><br /><hostmaster@apjii.or.id><ahmad@apjii.or.id><br />Berikutnya akan menerima email dari auto-dbm@apnic.net<br /><br /><span style="font-size:85%;">======================================================================<br />This is an automatic response, generated by your recent request<br />to update the APNIC database. In order to complete this request:<br /><br />YOU MUST E-MAIL THIS FORM TO: auto-dbm@apnic.net<br /><br />Once you have sent this form, you will receive an auto response<br />informing you of whether your update has been accepted, or of any<br />errors that may have appeared in your data.<br /><br />Thank you for using this service.<br />======================================================================<br /><br />#[NETWORK TEMPLATE V:5.0]#<br /><br />inetnum: 203.89.25.16 - 203.89.25.31<br />netname: BUDILUHUR<br />country: ID<br />descr: Universitas Budi Luhur<br />descr: JL. Raya Ciledug Pertukangan No. 99<br />descr: Jakarta 11260<br />admin-c: HP371-AP<br />tech-c: HP371-AP<br />status: ASSIGNED NON-PORTABLE<br />changed: harijanto@datautama.com 20060613<br />mnt-by: MAINT-ID-DATAUTAMA<br />password: xxxxx<br />source: APNIC<br /><br /># acct: HP371-AP<br />#[TEMPLATES END]#<br />======================================================================</span><br /><br />Berikutnya email tersebut di forward ke auto-dbm@apnic.net untuk bagian<br />#[NETWORK TEMPLATE V:5.0]# sd #[TEMPLATES END]#<br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SM9_S2YpJGI/AAAAAAAAAO8/1GSBrXtizDM/s1600-h/image007.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SM9_S2YpJGI/AAAAAAAAAO8/1GSBrXtizDM/s400/image007.png" alt="" id="BLOGGER_PHOTO_ID_5246552052723164258" border="0" /></a><br /><hostmaster@apjii.or.id><ahmad@apjii.or.id><br />Catatan:<br />Harus Plain-Tex<br /><br />Jika update success akan ada email dari APNIC seperti dibawah ini:<br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SM9zv39_0SI/AAAAAAAAAOc/8bmqt2nAdaw/s1600-h/image009.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SM9zv39_0SI/AAAAAAAAAOc/8bmqt2nAdaw/s400/image009.png" alt="" id="BLOGGER_PHOTO_ID_5246539357224948002" border="0" /></a><br /><hostmaster@apjii.or.id><ahmad@apjii.or.id><br />Hasilnya jika di whois akan muncul<br /><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SM9z-Z4tu3I/AAAAAAAAAO0/1WTB0D76AIY/s1600-h/image012.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SM9z-Z4tu3I/AAAAAAAAAO0/1WTB0D76AIY/s400/image012.jpg" alt="" id="BLOGGER_PHOTO_ID_5246539606847765362" border="0" /></a><hostmaster@apjii.or.id><ahmad@apjii.or.id><br /></ahmad@apjii.or.id></hostmaster@apjii.or.id><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3207663260270780525?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-69264278381255473802008-09-12T13:24:00.005+07:002008-09-24T14:46:21.280+07:00Script Sederhana Untuk Mindahin Gateway di LinuxIni contoh script sederhana utk ngecek koneksi ke yahoo.com dan kalau RTO gateway dipindah ke koneksi satunya.<br /><br /><br />#!/bin/sh<br />#Scipt by harijanto@datautama.net.id<br />#Crazy idea from priyo@datautama.net.id<br />#Thanks<br />/sbin/route | grep default | grep 119.82.246.1<br />error=$?<br />echo $error<br />if [ $error = 0 ]<br /> then<br /> if a=`ping -q -c 1 -w 3 www.yahoo.com > /dev/null`<br /> then<br /> echo "Link Utama to International OK"<br /> else<br /> echo "Link Utama to International NOT OK"<br /> /sbin/route add -net 0.0.0.0/0 gw 203.89.24.1<br /> /sbin/route del -net 0.0.0.0/0 gw 119.82.246.1<br /> fi<br /> else<br /> echo "Link Pake Backup Coba pindahin ke Link Utama Lagi"<br /> /sbin/route add -net 0.0.0.0/0 gw 119.82.246.1<br /> /sbin/route del -net 0.0.0.0/0 gw 203.89.24.1<br /> if a=`ping -q -c 1 -w 3 www.yahoo.com > /dev/null`<br /> then<br /> echo "Link Utama to International Sudah OK"<br /> else<br /> echo "Link Utama to International Masih NOT OK CAPEDEH"<br /> /sbin/route add -net 0.0.0.0/0 gw 203.89.24.1<br /> /sbin/route del -net 0.0.0.0/0 gw 119.82.246.1<br /> fi<br />fi<br /><br />misal kasih nama /etc/checkyahoo.sh<br /><br /><br />terus script tersebut tinggal di crond per 10 menit di /etc/crontab<br /><br />*/10 * * * * root /etc/checkyahoo.sh > /dev/null 2>&1<br /><br />lalu restart crond:<br /><br />service crond restart<br /><br />jadi dech Fail Over Sederhana :p<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6926427838125547380?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-62348390195906078412008-09-12T12:20:00.003+07:002008-10-07T15:00:10.139+07:00Referensi cara mengamankan server hostingBagi para admin server hosting berikut link yang bagus tentang cara mengamankan server hosting<br /><br />Penjelasan APF+BFD+DDOS+Rootkit<br /><a href="http://www.directadmin.com/forum/archive/index.php/t-14500.html">http://www.directadmin.com/forum/archive/index.php/t-14500.html<br /></a><br />Update script homepage, salah satunya penjelasan KISS alternatif APF<br /><a href="http://www.web4host.net/tools/">http://www.web4host.net/tools/</a><br /><br />Untuk setup apf bisa baca disini:<br /><a href="http://aplawrence.com/Web/apf_cpanel.html">http://aplawrence.com/Web/apf_cpanel.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6234839019590607841?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-21636688461715912792008-09-12T10:26:00.002+07:002008-09-12T10:32:41.320+07:00Menghapus Email dengan Subject Tertentu menggunakan MTA EXIMSetelah sebelumnya saya menggunakan strategi reject email-email yang telah di tag / ditandai "<a href="http://inetshoot.blogspot.com/2008/08/memfilter-spam-dari-cnncom.html">[SPAM]</a>" ternyata strategi ini masih tidak efisien karena Exim harus mengirim reject message ke email server pengirim<br /><br />Untuk itu agar Exim langsung menghapus email-email yang bersubject "[SPAM]" maka digunakan filter rule sbb:<br /><br /># delete all emails contain [SPAM] subject<br />if $header_subject: contains "[SPAM]"<br />then<br />seen finish<br />endif<br /><br />filter rule tersebut di tulis di file /etc/cpanel_exim_system_filter<br /><br />lalu restart service exim agar filter dijalankan<br /><br />sumber:<br /><a href="http://www.doc.ic.ac.uk/csg/email/filter/#rules">http://www.doc.ic.ac.uk/csg/email/filter/#rules</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2163668846171591279?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-43183073830414097302008-09-10T20:53:00.003+07:002008-09-10T21:07:12.661+07:00Solusi Cara Membatasi IP Tujuan dan MAC Client yang diizinkanKasus:<br />Sebuah perusahaan ingin agar karyawannya hanya bisa browsing ke IP tertentu saja dan hanya dari Komputer dengan MAC tertentu saja yang boleh ke Internet.<br /><br />Caranya:<br />Buat address-list misal dengan nama = "web-allow" , contoh scritpnya:<br /><br />/ip firewall address-list<br />add list=web-allow address=203.89.24.34 comment="Datautama" disable=no<br />add list=web-allow address=202.152.54.73 comment="" disable=no<br />add list=web-allow address=202.152.54.74 comment="" disable=no<br />add list=web-allow address=202.155.43.103 comment="" disable=no<br />dst..<br /><br />atau dengan winbox sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfSFmcC3OI/AAAAAAAAANM/8ieTgWyTKso/s1600-h/ramanta-address-list.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfSFmcC3OI/AAAAAAAAANM/8ieTgWyTKso/s400/ramanta-address-list.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391284755586274" border="0" /></a><br /><br />Lalu buat filter rule chain forward dengan script misal sbb:<br /><br />/ip firewall filter<br />add action=add-src-to-address-list address-list=mac-allow \<br /> address-list-timeout=1m chain=forward comment=\<br /> "add PC allow mac to address-list mac-allow" disabled=no src-mac-address=\<br /> 00:1B:24:A5:A3:64<br />add action=add-src-to-address-list address-list=mac-allow \<br /> address-list-timeout=1m chain=forward comment="" disabled=no \<br /> src-mac-address=00:08:0D:A7:45:CC<br /><br />dst...<br /><br />atau melalui winbox caranya sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfR4GmctYI/AAAAAAAAAM0/N6pDlg0zHBQ/s1600-h/ramanta-firewall-forward-add-to-list-1.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfR4GmctYI/AAAAAAAAAM0/N6pDlg0zHBQ/s400/ramanta-firewall-forward-add-to-list-1.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391052870989186" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfR4XUHDPI/AAAAAAAAAM8/K_b7vluVvkg/s1600-h/ramanta-firewall-forward-add-to-list-advance.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfR4XUHDPI/AAAAAAAAAM8/K_b7vluVvkg/s400/ramanta-firewall-forward-add-to-list-advance.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391057357475058" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfSFVMv8wI/AAAAAAAAANE/wCzvaM7muh4/s1600-h/ramanta-firewall-forward-add-to-list-action.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMfSFVMv8wI/AAAAAAAAANE/wCzvaM7muh4/s400/ramanta-firewall-forward-add-to-list-action.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391280128029442" border="0" /></a><br />dengan demikian jika ada traffic data dari komputer dengan MAC yang tertera di atas maka ipnya akan di masukkan dalam address-list = mac-allow selama 1 menit, jika dalam 1 menit tidak ada traffic data maka address-list ip dari mac tersebut akan hilang karena ini sifatnya dinamis<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMfSF5nMsMI/AAAAAAAAANU/W9xJ2hYSzIE/s1600-h/ramanta-address-dynamic.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMfSF5nMsMI/AAAAAAAAANU/W9xJ2hYSzIE/s400/ramanta-address-dynamic.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391289902641346" border="0" /></a><br />Berikutnya di bagian NAT<br />buat seperti contoh gambar winbox dibawah ini:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SMfR3r-UP2I/AAAAAAAAAMc/IA-wXFOiIKI/s1600-h/ramanta-nat-web-allow-mac-allow.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SMfR3r-UP2I/AAAAAAAAAMc/IA-wXFOiIKI/s400/ramanta-nat-web-allow-mac-allow.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391045723340642" border="0" /></a><br />di tab Advanced pilih Src Address-list dengan = mac-allow<br />dan Dst Address-list dengan = web-allow<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMfR3zvcijI/AAAAAAAAAMk/wAXUxBXa98g/s1600-h/ramanta-nat-web-allow-mac-allow-advance.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMfR3zvcijI/AAAAAAAAAMk/wAXUxBXa98g/s400/ramanta-nat-web-allow-mac-allow-advance.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391047808453170" border="0" /></a><br />dan di tab Action pilih = masquerade<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SMfR3zBr0vI/AAAAAAAAAMs/CliXuV_7-34/s1600-h/ramanta-nat-web-allow-mac-allow-acction.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SMfR3zBr0vI/AAAAAAAAAMs/CliXuV_7-34/s400/ramanta-nat-web-allow-mac-allow-acction.JPG" alt="" id="BLOGGER_PHOTO_ID_5244391047616516850" border="0" /></a><br />dengan demikian hanya ip dari mac yang diizinkan dan ip tujuan yang tertera dalam web-allow yang dapat diakses oleh pengguna di jaringan tersebut<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-4318307383041409730?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com2tag:blogger.com,1999:blog-4650800593925871709.post-65681551842098322662008-09-10T17:36:00.006+07:002008-09-10T17:56:28.400+07:00Revisi Script ECMP Fail Over Mikrotik 3.10Bagi yang pernah mencoba script <a href="http://inetshoot.blogspot.com/2008/06/ecmp-failover-script-mikrotik-ver-310.html">ECMP Fail Over Mikrotik 3.10</a> yang saya tulis sebelumnya mungkin ada kesulitan pada waktu menjalankan script ecmp-shutdown dan ecmp-startup , baru-baru ini saya menghadapi masalah tersebut. oleh karena itu coba gunakan script baru dibawah, jadi script lamanya didelete aja lalau diganti script ini dengan terlebih dahulu menyesuaikan ip gateway masing-masing koneksi.<br /><br /><span style="font-size:78%;"><span style="font-family: arial;">/system script</span><br /><span style="font-family: arial;">add name=ecmp-shutdown policy=\</span><br /><span style="font-family: arial;"> ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\</span><br /><span style="font-family: arial;"> g 10.95.130.129 count=1]=0 || [/ping 10.168.2.1 count=1]=0) do={:log info \</span><br /><span style="font-family: arial;"> \"Gateway down\" \r\</span><br /><span style="font-family: arial;"> \n/ip firewall mangle disable [/ip firewall mangle find comment=\"Route HT\</span><br /><span style="font-family: arial;"> TP traffic to ECMP\"] \r\</span><br /><span style="font-family: arial;"> \n/ip firewall mangle disable [/ip firewall mangle find comment=\"SMTP Tra\</span><br /><span style="font-family: arial;"> ffic\"]\r\</span><br /><span style="font-family: arial;"> \n} else {:log info \"ecmp-shutdown check ok\"}"</span><br /><span style="font-family: arial;">add name=ecmp-startup policy=\</span><br /><span style="font-family: arial;"> ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\</span><br /><span style="font-family: arial;"> g 10.95.130.129 count=1]=1 && [/ping 10.168.2.1 count=1]=1) do={:log info \</span><br /><span style="font-family: arial;"> \"Both Gateway are up\"\r\</span><br /><span style="font-family: arial;"> \n/ip firewall mangle enable [/ip firewall mangle find comment=\"Route HTT\</span><br /><span style="font-family: arial;"> P traffic to ECMP\"]\r\</span><br /><span style="font-family: arial;"> \n/ip firewall mangle enable [/ip firewall mangle find comment=\"SMTP Traf\</span><br /><span style="font-family: arial;"> fic\"]\r\</span><br /><span style="font-family: arial;"> \n} else {:log info \"ecmp-startup check ok\"}"</span><br /><span style="font-family: arial;">add name=wireless-gateway-check policy=\</span><br /><span style="font-family: arial;"> ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\</span><br /><span style="font-family: arial;"> g 10.95.130.129 count=1]=1) do={:log info \"Wireless Gateway are up\"\r\</span><br /><span style="font-family: arial;"> \n/ip route enable [/ip route find comment=\"Default Route to Internet Wir\</span><br /><span style="font-family: arial;"> eless\"]\r\</span><br /><span style="font-family: arial;"> \n/ip route disable [/ip route find comment=\"Default Route to Internet AD\</span><br /><span style="font-family: arial;"> SL\"]\r\</span><br /><span style="font-family: arial;"> \n} else {:log info \"Wireless Gateway are down\"\r\</span><br /><span style="font-family: arial;"> \n/ip route disable [/ip route find comment=\"Default Route to Internet Wi\</span><br /><span style="font-family: arial;"> reless\"]\r\</span><br /><span style="font-family: arial;"> \n/ip route enable [/ip route find comment=\"Default Route to Internet ADS\</span><br /><span style="font-family: arial;"> L\"]\r\</span><br /><span style="font-family: arial;"> \n}"</span></span><br /><br /><span style="font-size:85%;"><br /><span style="font-size:78%;">/system scheduler<br />add comment="" disabled=no interval=25s name=gateway-check1 on-event=\<br /> ecmp-shutdown start-date=jun/13/2008 start-time=16:26:27<br />add comment="" disabled=no interval=30s name=gateway-check2 on-event=\<br /> ecmp-startup start-date=jun/13/2008 start-time=16:26:27<br />add comment="" disabled=no interval=20s name=wireless-gateway-check on-event=\<br /> wireless-gateway-check start-date=jun/13/2008 start-time=16:26:27</span><br /></span><br /><br />selain itu agar pengecekkan ke ip gateway link WIRELESS pasti lewat Interface WIRELESS coba tambahkan script berikut:<br /><br /><br /><br /><span style="font-size:78%;">/ip firewall filter<br />add action=drop chain=output comment=\<br /> "supaya ke gateway wireless tidak bisa lewat interface adsl" disabled=no \<br /> dst-address=10.95.130.129 out-interface=ADSL protocol=icmp</span><br /><br /><span style=";font-family:courier new;font-size:78%;" ></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6568155184209832266?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-6368259617387193052008-09-09T22:00:00.001+07:002008-09-09T22:01:42.715+07:00Mau bikin baner instant?Bermula dari penasaran ada gak ya tools di internet untuk buat banner instan? dan mulai mencari di google.com dengan key = instant banner<br /><br />dan hasilnya<br /><br /><a href="http://www.semuabisnis.com/banner/">http://www.semuabisnis.com/banner/</a><br /><br />silahkan mencoba :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-636825961738719305?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-64625852156875136232008-09-09T21:23:00.002+07:002008-09-09T21:30:48.405+07:00Membersihkan email yang telah antri lebih dari 24 jam di cpanel+exim4Pada cpanel server sering didapati antrian email yang sangat banyak hingga lebih dari 1000 email<br /><br />Untuk membersihkan antrian yang lebih dari 24 jam yang umumnya adalah email-email SPAM<br />saya buat skrip yang isinya sbb:<br /><br />#!/bin/sh<br />#Remove all messages older than one day (86400 * 1 = 86400 seconds):<br />/usr/sbin/exiqgrep -o 86400 -i | xargs exim -Mrm<br />/usr/sbin/exiqgrep -z -i | xargs exim -Mrm<br /><br />lalu jalankan skript tersebut 1 jam sekali melalui cron dengan menambahkan baris berikut di file /etc/crontab<br /><br />02 * * * * root /etc/rc.eximqueflush -a >> /dev/null 2>&1<br /><br /><span style="font-weight: bold;">catatan</span><br />untuk menghapus semua email yang queue lebih dari 5 hari rumusnya: (86400 * 5 = 432000 seconds):<br /><br /><span style="font-weight: bold;">Link berikut berguna untuk Exim</span><br /><br /><a href="http://bradthemad.org/tech/notes/exim_cheatsheet.php" target="_blank">http://bradthemad.org/tech/notes/exim_cheatsheet.php</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6462585215687513623?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-50701775684795338542008-09-08T15:40:00.003+07:002008-09-08T15:47:23.177+07:00Cara Mengaktifkan Box-Trapper Untuk Menyaring SPAM di CpanelCaranya login ke webmail<br /><br />http://webmail.datautama.net.id atau http://webmail.<domain>domainuser.hosting<br /><br /><br /></domain><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMTl9Ib6itI/AAAAAAAAALo/8Z80KQJRGWo/s1600-h/image001.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMTl9Ib6itI/AAAAAAAAALo/8Z80KQJRGWo/s400/image001.jpg" alt="" id="BLOGGER_PHOTO_ID_5243568704565447378" border="0" /></a><domain><br />Klik ”Box Trapper”<br /><br /></domain><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMTl9Deb2PI/AAAAAAAAALw/TBkE6s3VIh8/s1600-h/image002.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMTl9Deb2PI/AAAAAAAAALw/TBkE6s3VIh8/s400/image002.jpg" alt="" id="BLOGGER_PHOTO_ID_5243568703233841394" border="0" /></a><br /><domain><br />Klik Tombol ”Enable” disamping kanan tulisan Current Status<br />Dengan demikian berarti Box Trapper di aktifkan<br /><br />Selanjutnya tiap hari cek di ”Review Queue”<br /><br /></domain><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMTl9YcOjDI/AAAAAAAAAL4/mnzdK4NOrwU/s1600-h/image003.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SMTl9YcOjDI/AAAAAAAAAL4/mnzdK4NOrwU/s400/image003.jpg" alt="" id="BLOGGER_PHOTO_ID_5243568708861725746" border="0" /></a><br /><domain><br />Jika ada email2 yang bukan SPAM tertahan di Box Trapper ceklist kotak disamping pesan yang dimaksud lalu pilih Whitelist & Deliver lalu klik tombol ”Submit”<br /><br /></domain><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMTl9bhJ_bI/AAAAAAAAAMA/kP2ceMssnBw/s1600-h/image004.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SMTl9bhJ_bI/AAAAAAAAAMA/kP2ceMssnBw/s400/image004.jpg" alt="" id="BLOGGER_PHOTO_ID_5243568709687705010" border="0" /></a><br /><domain><br />Untuk kembali lagi klik ”Go Back to Box Trapper Configuration” atau ”Go Back” untuk kembali mengecek daftar email yang tertangkap oleh Box Trapper<br /><br />Dengan demikian SPAM akan tertahan di Box Trapper, configurasi standar setelah 15 hari email2 SPAM di hapus, demikian juga kalau 15 Hari email yang harusnya bukan spam belum di whitelist juga akan terhapus.</domain><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5070177568479533854?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-14676854337990680092008-09-05T23:12:00.002+07:002008-09-05T23:15:00.693+07:00Cara repair semua table pada beberapa database di mysqlJika database mysql mengalami kerusakan coba ketik perintah ini:<br /><br />mysqlcheck --repair --all-databases -u root -p<br /><br />contoh sbb:<br /><br />ns3:/var/log# mysqlcheck --repair --all-databases -u root -p<br />Enter password:xxxxx<br /><br />maka semua table dan database akan di repair<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-1467685433799068009?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-23316825536319931842008-09-05T14:09:00.004+07:002008-09-05T14:13:09.011+07:00Mengedit /etc/fstab ketika root termounted sebagai readonlyBarusan saya menghadapi masalah di /etc/fstab karena ada hdd external yang fail sewaktu system di reboot sehingga mengakibatkan process booting stop setelah pengecekkan partisi dan langsung masuk ke mode single user.<br /><br />logikanya sih tinggal edit /etc/fstab tapi masalah /etc/fstab readonly tidak bisa diedit<br />setelah cari-cari di google.com akhirnya saya dapatkan perintah ini<br /><br />mount -o remount,rw /<br /><br />baru kemudian file /etc/fstab di edit<br />dan ...<br />akhirnya sistem bisa di booting dengan normal kembali<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2331682553631993184?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-22598824759106005722008-09-03T19:48:00.002+07:002008-09-03T19:52:33.651+07:00Cara add rule allow_hosts.rules di apfSetelah menggunakan APF terbaru ternyata cara masukkin ip dan port yang di allow caranya harus pakai command, contoh jika ingin selalu mengizinkan ip 1.1.1.1 perintahnya sbb:<br /><br />apf -a 1.1.1.1<br /><br />dengan demikian di /etc/apf/allow_hosts.rules akan terdapat:<br /><br /># added 10.0.0.0/8 on 09/03/08 19:47:02 with comment:<br />1.1.1.1<br /><br />setelah itu restart service apf dengan cara:<br /><br />service apf restart<br /><br />maka ip 1.1.1.1 akan selalu di allow<br /><br />jika kita edit secara manual /etc/apf/allow_hosts.rules maka baris yang kita masukkan selalu akan dihapus lagi oleh apf secara otomatis, oleh karena itu harus pakai command spt di dokumen README.apf berikut:<br /><br /><pre>4) General Usage:<br />The /usr/local/sbin/apf command has a number of options that will ease the<br />day-to-day use of your firewall. Here is a quick snap-shot of the options:<br /><br />usage /usr/local/sbin/apf [OPTION]<br />-s|--start ......................... load the firewall rules<br />-r|--restart ....................... stop (flush) & reload firewall rules<br />-f|--stop .......................... stop (flush) all firewall rules<br />-l|--list .......................... list chain rules<br />-t|--status ........................ firewall status<br />-e|--refresh ....................... refresh & resolve dns names in trust rules<br />-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and<br /> immediately load new rule into firewall<br />-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and<br /> immediately load new rule into firewall<br />-u|--remove HOST ................... remove host from [glob_]deny_hosts.rules<br /> and immediately remove rule from firewall<br />-o|--ovars ......................... output all configuration options<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2259882475910600572?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-89685121244223250672008-09-03T19:22:00.002+07:002008-09-03T19:31:43.333+07:00Bagaimana caranya melihat spesifikasi hardware di linux lewat command lineseringkali suatu saat seorang admin harus meng-upgrade memory , nah urusannya jadi runyam kalau lupa type ram nya itu ddr atau ddr2 dan pcxxx ? nah utk server linux ternyata caranya mudah , cukup menjalankan command :<br /><br />dmidecode<br /><br />hasilnya sbb:<br /><br /><br />Handle 0x0001<br /> DMI type 1, 25 bytes.<br /> System Information<br /><span style="font-weight: bold;"> Manufacturer: Supermicro => Merek Motherboard</span><br /><span style="font-weight: bold;"> Product Name: X5DPA-TGM+ => Type Motherboard</span><br /><br /><span style="font-weight: bold;">Memory 4 Keping @512MB bisa dilihat dari keterangan berikut ini:</span><br /><br />Handle 0x000D<br /> DMI type 6, 12 bytes.<br /> Memory Module Information<br /> Socket Designation: DIMM1<br /> Bank Connections: 0 0<br /> Current Speed: 4 ns<br /> Type: ECC DIMM<br /> Installed Size: 512 MB (Single-bank Connection)<br /> Enabled Size: 512 MB (Single-bank Connection)<br /> Error Status: OK<br />Handle 0x000E<br /> DMI type 6, 12 bytes.<br /> Memory Module Information<br /> Socket Designation: DIMM2<br /> Bank Connections: 0 1<br /> Current Speed: 4 ns<br /> Type: ECC DIMM<br /> Installed Size: 512 MB (Single-bank Connection)<br /> Enabled Size: 512 MB (Single-bank Connection)<br /> Error Status: OK<br />Handle 0x000F<br /> DMI type 6, 12 bytes.<br /> Memory Module Information<br /> Socket Designation: DIMM3<br /> Bank Connections: 0 2<br /> Current Speed: 4 ns<br /> Type: ECC DIMM<br /> Installed Size: 512 MB (Single-bank Connection)<br /> Enabled Size: 512 MB (Single-bank Connection)<br /> Error Status: OK<br />Handle 0x0010<br /> DMI type 6, 12 bytes.<br /> Memory Module Information<br /> Socket Designation: DIMM4<br /> Bank Connections: 0 3<br /> Current Speed: 4 ns<br /> Type: ECC DIMM<br /> Installed Size: 512 MB (Single-bank Connection)<br /> Enabled Size: 512 MB (Single-bank Connection)<br /> Error Status: OK<br /><br />nah utk lebih tepatnya type memory tinggal browsing-browsing di goole.com type motherboard tersebut memorynya type apa dan maksimum berapa GB?<br /><br /><span style="font-weight: bold;">Supermicro X5DPA-TGM Intel E7501 Dual Xeon 533MHz FSB Dual Channel DDR266 Socket 604 ATX Server Board with ATI Video, Dual LAN, USB, SATA, RAID</span><br /><br /><span style="font-weight: bold;">Memory Type DDR266/200 registered ECC SDRAM 72-bit, 184-pin gold-plated DIMMs</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8968512124422325067?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-32215219665471782012008-08-29T20:08:00.000+07:002008-08-29T20:09:25.406+07:00VLAN di Fedora<h3 class="enplocal"><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">802.1Q VLAN Prerequisites</span></h3> <p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">802.1Q-Tagged VLANs require "smart" or managed Ethernet switches that support the IEEE 802.1Q standard, and the drivers for your Ethernet interfaces must also support it. You should be able to mix-and-match brand names, as long as they support 802.1Q. Beware of proprietary VLAN tagging that only works within a single brand. If it says 802.1Q you should be OK. </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">802.1Q has been supported by the Linux kernel for a long time, thanks to Ben Greear, maintainer of the <a href="http://www.candelatech.com/%7Egreear/">802.1Q VLAN implementation for Linux</a>. You shouldn't have to patch your kernel or jump through any weirdo hoops. It's easy enough to check by searching your relevant kernel <i>config</i> file: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> $ <b>grep -i 8021Q /boot/config-2.6.22-14</b><br />CONFIG_VLAN_8021Q=m </tt> </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Haha! See the clever gotcha? The kernel option is 8021Q, not 802.1Q. That one about drove me nuts until I figured it out. Of course you could search on <i>vlan</i> instead, which is probably what the smart kids do. </span></p><h3 class="enplocal"><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Creating VLAN Devices</span></h3> <p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Now we'll test an Ethernet interface to make sure we can create a virtual interface by assigning it a VLAN ID, and then temporarily assign an IP address for testing. You need the <b>vconfig</b> command, which should be available in your Linux distribution as part of the <i>vlan</i> package. You can use any random number for your VLAN ID, from 0-4095, since this is just a test: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> # <b>vconfig add eth1 55</b><br /></tt> </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">That adds VLAN ID 55 to eth1. You might see this message: </span></p><blockquote> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS?? Added VLAN with VID == 55 to IF -:eth1:- </span></blockquote> <p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Nothing is wrong; it means that <b>vconfig</b> saw that the 8021q module was not loaded, and kindly loaded it for you. Which you can see with <b>lsmod</b>: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> $ <b>lsmod | grep 8021q</b><br />8021q 21768 0 </tt> </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Check your interface with <b>ifconfig</b>: </span></p><pre><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">$ <b>ifconfig -a</b><br />[...]<br />eth1.55 Link encap:Ethernet HWaddr 00:0B:6A:EF:7E:8D<br /> BROADCAST MULTICAST MTU:1500 Metric:1<br /> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:0<br /> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br /></span></pre> <p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">The interface is not up, and it has not been assigned an address. Use the <b>ifconfig</b> command for this: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> # <b>ifconfig eth1.55 192.168.10.100 netmask 255.255.255.0 up</b> </tt> </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">Remove a VLAN ID this way: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> # <b>ifconfig eth1.55 down</b><br /># <b>vconfig rem eth1.55</b><br />Removed VLAN -:eth1.55:- </tt> </span></p><p> <span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;">So you can see there is a little bit of command syntax trickiness- <b>add</b> adds a VLAN ID, and <b>rem</b> removes a VLAN device. You can capture useful information on your VLAN interfaces by reading their corresponding <i>/proc</i> files: </span></p><p><span style="font-family:Verdana, Arial, Helvetica, sans-serif;font-size:-1;"><tt> # <b>cat /proc/net/vlan/eth1.55</b></tt></span></p><p><span style="font-family: monospace;"><span style="font-weight: bold;"><br />Sumber:</span></span></p><p><span style="font-family: monospace;"><span style="font-weight: bold;"><a href="http://www.enterprisenetworkingplanet.com/netsysm/print.php/3725881">http://www.enterprisenetworkingplanet.com/netsysm/print.php/3725881</a><br /></span></span></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3221521966547178201?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-26341831084901182282008-08-12T12:35:00.004+07:002008-08-12T15:42:11.736+07:00Memfilter spam dari CNN.COMTambah hari tambah banyak aja spam :(<br />baru-baru ini sering banget yang kirim email dengan subject:<br /><br />CNN.com Daily Top 10<br />CNN Alerts: My Custom Alert<br /><br />saya coba memfilter email-email itu di MTA karena untuk unsubscribe ribet banget dan kesannya menjebak karena sebelumnya emang gak subscribe.<br /><br />ini caranya mem-filter subject di postfix<br /><br />edit file /etc/postfix/header_checks<br /><br /><span style="font-weight: bold;"><br />/^Subject: CNN\.com Daily Top 10/ REJECT Spam header rule (1)<br />/^Subject: CNN Alerts\: My Custom Alert/ REJECT Spam header rule (2)<br />/^Subject: .*Mariola has sent you a message\.\.\./ REJECT Spam Header rule (3)<br /></span><br /><br />lalu save<br /><br />dan restart postfix<br /><br />untuk exim + cpanel saya coba tambahkan di<br /><br />/etc/cpanel_exim_system_filter<br /><br />baris berikut:<br /><br /><span style="font-weight: bold;"># Exim filter</span><br /><span style="font-weight: bold;"> if $header_subject: contains "CNN.com Daily Top 10" or</span><br /><span style="font-weight: bold;"> $header_subject: contains "CNN Alerts: My Custom Alert"</span><br /><span style="font-weight: bold;">then</span><br /><span style="font-weight: bold;"> fail text "This message has been rejected because it has\n\</span><br /><span style="font-weight: bold;"> blacklist subject."</span><br /><span style="font-weight: bold;"> seen finish</span><br /><span style="font-weight: bold;">endif</span><br /><br />lalu restart exim dan cpanelnya<br /><br />semoga cara ini cukup efektif<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2634183108490118228?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-18998592090053711822008-08-11T14:53:00.007+07:002008-08-11T15:01:13.258+07:00Menambahkan Disclaimer / Footnote pada setiap email yang dikirim via postfixBermula dari keinginan menambahkan footnote pada setiap email yang dikirim melalui smtp.datautama.net.id saya menemukan aplikasi "AlterMIME" yang dapat di download dari:<br /><br /><a href="http://www.pldaniels.com/altermime/#download"><br />http://www.pldaniels.com/altermime/#download</a><br /><br />Sedangkan cara instalasi dan konfigurasi ada di:<br /><br /><a href="http://web.archive.org/web/20070509024905/www.paw.za.org/docs/howtos/postfix-altermime/postfix-altermime-howto-2.html">http://web.archive.org/web/20070509024905/www.paw.za.org/docs/howtos/postfix-altermime/postfix-altermime-howto-2.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-1899859209005371182?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-43543321919877773682008-08-04T17:24:00.001+07:002008-08-04T17:26:13.678+07:00Konfigure SSL apache2 di Debian 4.0Tidak seperti <a href="http://wiki.linux.or.id/index.php?title=Apache&action=edit" class="new" title="Apache">apache</a> 1.x di <a href="http://wiki.linux.or.id/Debian" title="Debian">Debian</a> dengan paket apache-ssl nya, sampai saat ini tidak ada cara yang mudah untuk mengaktifkan SSL di apache2.<br /><br />berikut adalah link yang saya gunakan untuk mengkonfigurasi SSL di apache2<br /><br /><a href="http://wiki.freaks-unidos.net/Apache2%20SSL%20and%20Subversion%20in%20Debian">http://wiki.freaks-unidos.net/Apache2%20SSL%20and%20Subversion%20in%20Debian</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-4354332191987777368?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-84548392566937885952008-08-01T11:30:00.012+07:002008-12-13T07:35:54.231+07:00Buku Firewall melindungi jaringan dari DDoS menggunakan Linux + Mikrotik<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SJKTFau8DcI/AAAAAAAAALA/Sb2Lxca68mY/s1600-h/buku-firewall.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SJKTFau8DcI/AAAAAAAAALA/Sb2Lxca68mY/s400/buku-firewall.jpg" alt="" id="BLOGGER_PHOTO_ID_5229403838615391682" border="0" /></a><br /><p class="MsoNormal"><span style="font-size:11;">Saat ini akses <i style="">Internet</i> sudah menjadi kebutuhan bagi banyak industri, seiring dengan semakin banyaknya pengguna <i style="">Internet</i> maka permasalahan <i style="">Internet</i> saat ini lebih komplek dibanding 10 tahun yang lalu.<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Untuk dapat mengakses <i style="">Internet</i> pengguna harus terkoneksi dengan<i style=""> Internet Service Provider </i>(ISP) yang jumlahnya semakin hari semakin banyak apalagi di kota-kota besar, belum lagi penggunaan <i style="">Asymetric Digital Susbcriber Line </i>(ADSL) yang terbukti sangat berpengaruh terhadap penetrasi <i style="">Internet</i> di kota-kota yang sudah memiliki jaringan ADSL.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Selain itu maraknya jaringan RT/RW Net menggunakan kabel UTP dan WiFi turut juga meramaikan penyebaran akses <i style="">Internet</i> dengan biaya murah dan terjangkau, belum lagi maraknya layanan <i style="">hotspot</i> di hotel, kampus dan tempat-tempat umum lainnya.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Dengan demikian akses <i style="">Internet Broadband</i> semakin hari semakin mudah didapat tetapi dampak dari perkembangan itu adalah semakin banyaknya permasalahan karena <i style="">spam</i>, <i style="">virus</i>, <i style="">worm</i> dan yang paling susah dihadapi adalah <i style="">Distribute Denial Of Service</i> (DDOS) mengancam setiap pengguna <i style="">Internet</i> di dunia.<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Kerugian yang ditimbulkan oleh DDoS bisa sangat fatal apalagi bagi ISP, Warnet atau <i style="">Online Game Center</i> karena berdampak pada kehilangan penghasilan dan ancaman kebangkrutan.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Melalui buku ini penulis mencoba untuk menjelaskan bagaimana teknik mengatasi serangan DDoS menggunakan Sistem Operasi Mikrotik dan Linux yang cukup efektif dalam mengatasi DDoS dan telah terbukti cukup ampuh melindungi jaringan Internet DatautamaNet.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="SV" style="font-size:11;">Pada buku ”Firewall melindungi jaringan dari DDoS menggunakan Linux dan Mikrotik” penulis berasumsi pembaca telah dapat mengoperasikan sistem operasi Linux dan Mikrotik sehingga yang dibahas disini langsung pada hal-hal praktis dalam mengkonfigurasikan Linux dan Mikrotik agar bekerja sama menjadi sebuah sistem pertahanan DDoS yang memadai.<o:p></o:p></span></p> <p class="MsoNormal"><br /></p><p class="MsoNormal">Pembahasan selengkapnya meliputi:<br /></p><ul><li>Mekanisme pertahanan DDoS</li><li>Advance Policy Firewall (APF)</li><li>Mod Evasive</li><li>Skrip Mikrotik</li><li>Mikrotik Firewall</li><li>Perlindungan Tambahan pada Honeyspot dan Uploader</li><li>Management Blacklist Menggunakan Webmin</li></ul>Dapatkan di Toko Gramedia dan Toko buku lainnya<br /><br /><span style="font-weight: bold;font-size:130%;" ><span style="font-size:100%;"><br />Contoh skrip dari buku bisa di download dari<br /><br /><a href="http://www.datautama.net.id/harijanto/contoh-skrip-buku-ddos/">http://www.datautama.net.id/harijanto/contoh-skrip-buku-ddos/</a></span><br /></span><span style="font-size:130%;"><br /></span><span style=";font-family:courier new;font-size:78%;" ><br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8454839256693788595?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com9tag:blogger.com,1999:blog-4650800593925871709.post-82376616907397440442008-07-25T10:07:00.002+07:002008-07-25T10:09:49.971+07:00Check Your DNSNgurus Internet tambah ribet barusan ada emai ttg Cache DNS Poisoning dan ada satu link yang menarik utk melakukan pengecekkan apakah DNS kita jelek atau bagus, linknya tinggal di klik dibawah ini:<br /><a href="http://entropy.dns-oarc.net/test/"><br />http://entropy.dns-oarc.net/test/<br /></a><br /><br />DNS ku masih kurang bagus hiks, nambahin kerjaan aja tar deh aku coba cari caranya supaya jadi GREAT semua<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8237661690739744044?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com2tag:blogger.com,1999:blog-4650800593925871709.post-64536376438089277952008-07-16T18:37:00.008+07:002008-12-13T07:35:55.887+07:00Jika Email server di tolak oleh Yahoo.comJika email-email dari email server kita di tolak oleh yahoo coba cek dulu log filenya<br /><br />contoh<br /><br />2008-07-16 18:31:24 1KJ2wt-0005K6-M5 SMTP error from remote mail server after initial connection: host a.mx.mail.yahoo.com [209.191.118.103]: 421 Message from (203.89.24.34) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html<br /><br />maka coba buka <a href="http://help.yahoo.com/help/us/mail/defer/defer-06.html">http://help.yahoo.com/help/us/mail/defer/defer-06.html</a><br />dengan browser<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SH3d0gI2eUI/AAAAAAAAAKI/eq33sImFCg8/s1600-h/421-message-temporarily-deferred.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SH3d0gI2eUI/AAAAAAAAAKI/eq33sImFCg8/s400/421-message-temporarily-deferred.JPG" alt="" id="BLOGGER_PHOTO_ID_5223575036869638466" border="0" /></a>lalu pilih:<br /><br />If your mail server does not primarily send bulk mailings (e.g., you run a personal, corporate, educational, or ISP mail server), please <a href="http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html" class="bb-url">fill out this form</a> instead.<br />Isilah form itu dengan data-data yang diminta<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3d03DA_jI/AAAAAAAAAKQ/rLWW8J0yCRQ/s1600-h/yahoo-mail-delirvery-issues-form.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3d03DA_jI/AAAAAAAAAKQ/rLWW8J0yCRQ/s400/yahoo-mail-delirvery-issues-form.JPG" alt="" id="BLOGGER_PHOTO_ID_5223575043019177522" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3d01Wg-qI/AAAAAAAAAKY/w3MXd4F42pI/s1600-h/yahoo-mail-delirvery-issues-form-b.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3d01Wg-qI/AAAAAAAAAKY/w3MXd4F42pI/s400/yahoo-mail-delirvery-issues-form-b.JPG" alt="" id="BLOGGER_PHOTO_ID_5223575042564094626" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SH3d1NQBXhI/AAAAAAAAAKg/9N6HBu_ef2M/s1600-h/yahoo-mail-delirvery-issues-form-c.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SH3d1NQBXhI/AAAAAAAAAKg/9N6HBu_ef2M/s400/yahoo-mail-delirvery-issues-form-c.JPG" alt="" id="BLOGGER_PHOTO_ID_5223575048979308050" border="0" /></a>Lalu send<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SH3d1JRMzeI/AAAAAAAAAKo/GbGT9WooZ4g/s1600-h/yahoo-mail-delirvery-issues-form-d.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SH3d1JRMzeI/AAAAAAAAAKo/GbGT9WooZ4g/s400/yahoo-mail-delirvery-issues-form-d.JPG" alt="" id="BLOGGER_PHOTO_ID_5223575047910510050" border="0" /></a>Kemudian kita akan menerima email dari abuse-admin@cc.yahoo-inc.com<br />yang isinya:<br /><br />subject: Auto Confirmation - Your Yahoo! Mail support request was received (KMM74480709V8183L0KM)<br /><pre wrap="">Hello,<br /><br />This is an automated message regarding your recent request for Yahoo!<br />Mail Customer Care support. We have received your message and will<br />respond within the next 48 hours with an answer.<br /><br />Thank you for reaching out to us. We look forward to helping you!<br /><br />Sincerely,<br /><br />Yahoo! Customer Care<br /><br /><br />**Please do not respond to this message as no one will receive it.</pre><br />Selain itu kalau email yang kita kirim ke yahoo masuk ke bulk coba isi form berikut:<br /><a href="http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulk.html">http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulk.html</a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH6xRO5SixI/AAAAAAAAAK4/gDB3XXQa0e0/s1600-h/yahoo-bulk-form.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH6xRO5SixI/AAAAAAAAAK4/gDB3XXQa0e0/s400/yahoo-bulk-form.JPG" alt="" id="BLOGGER_PHOTO_ID_5223807527410633490" border="0" /></a><br /><br /><br />semoga yahoo bisa menerima email-email dari email server kita<br /><br />Jangan lupa juga cek di http://www.spamhaus.org/query/bl?ip=203.89.24.34<br />dengan mengisi ip = ip address email server kita<br />kalau terblacklist lakukan release<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3fRg_1N_I/AAAAAAAAAKw/CctVz83v9T8/s1600-h/spamhaus.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SH3fRg_1N_I/AAAAAAAAAKw/CctVz83v9T8/s400/spamhaus.JPG" alt="" id="BLOGGER_PHOTO_ID_5223576634828077042" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-6453637643808927795?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-70047908814457556612008-07-15T15:39:00.004+07:002008-12-13T07:35:56.368+07:00WARNING ARP Spoof mengancam JaringanBarusan salah satu klient di gedung maspion bermasalah setelah di selidiki dengan seksama coba perhatikan gambar dibawah ini:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHxjBXKuomI/AAAAAAAAAJ4/v1NtQLv3xo4/s1600-h/maspion-ancol-enable.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHxjBXKuomI/AAAAAAAAAJ4/v1NtQLv3xo4/s400/maspion-ancol-enable.JPG" alt="" id="BLOGGER_PHOTO_ID_5223158542892966498" border="0" /></a><br />Perhatikan bagian yang di sorot: ip 192.168.0.64 yang merupakan ip notebook support pada saat link ke ancol di enable mac nya menjadi 00:13:8F:02:E0:64, juga untuk ip 192.168.0.1 , 192.168.0.2 dst. Aneh bukan satu mac dimiliki banyak IP, jika itu ip alias mungking-mungkin saja tetapi begitu link ancol didisable lihat gambar dibawah<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHxjBnck7eI/AAAAAAAAAKA/YW2Sp8_ezOY/s1600-h/maspion-ancol-disable.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHxjBnck7eI/AAAAAAAAAKA/YW2Sp8_ezOY/s400/maspion-ancol-disable.JPG" alt="" id="BLOGGER_PHOTO_ID_5223158547262795234" border="0" /></a><br />IP 192.168.0.64 memiliki MAC= 00:03:47:8B:DF:B9 nah loh! dan pada saat link ancol didisable LAN menjadi normal .<br /><br />Sebelumnya sudah saya announce ke support jakarta ada virus baru yang memanipulasi arp table <a href="http://vaksin.com/2008/0608/microsoft2/arp-spoofing.html">http://vaksin.com/2008/0608/microsoft2/arp-spoofing.html</a><br /><br />Nah loh gimana cara atasinya, menurut vaksin.com cukup dengan menstatiskan table ip dan mac nya satu satu di router dan di komputer :( selamat deh<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-7004790881445755661?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-37590462622734492002008-07-08T19:53:00.002+07:002008-07-08T20:32:28.813+07:00Flush cache dns di hosting cpanelKadang kalau saya rubah zone file di nameserver hosting cache yang lama selalu saja tidak mau hilang beruntung saya menemukan artikel ini:<br /><br /><a href="http://www.linuxquestions.org/questions/linux-networking-3/display-and-flush-dns-cache-303314/">http://www.linuxquestions.org/questions/linux-networking-3/display-and-flush-dns-cache-303314/</a><br /><br />Hello,<br />I have a computer assignment and I need the right command in linux. I need to display recent DNS records and clear them whenever I want. In windows "ipconfig /displaydns" and "ipconfig /flushdns" commands are used respectively. Are there any commands in linux which are equivalent to these ones? or in Linux isn't there such an option? Can "ifconfig" solve this problem? If yes what should be the exact options and command line?<br />Hello,<br /><br />to flush the DNS I use "/etc/init.d/nscd restart"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3759046262273449200?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-44435826583162401592008-07-08T18:37:00.003+07:002008-12-13T07:35:58.114+07:00Panduan singkat penggunaan PostfixadminPanduan singkat Postfix Admin <p class="MsoNormal">Untuk login sebagai admin </p> <p class="MsoNormal">http://ipserver<ipserver><ipserver>/postfixadmin</ipserver></ipserver></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600" spt="75" preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f"> <v:stroke joinstyle="miter"> <v:formulas> <v:f eqn="if lineDrawn pixelLineWidth 0"> <v:f eqn="sum @0 1 0"> <v:f eqn="sum 0 0 @1"> <v:f eqn="prod @2 1 2"> <v:f eqn="prod @3 21600 pixelWidth"> <v:f eqn="prod @3 21600 pixelHeight"> <v:f eqn="sum @0 0 1"> <v:f eqn="prod @6 1 2"> <v:f eqn="prod @7 21600 pixelWidth"> <v:f eqn="sum @8 21600 0"> <v:f eqn="prod @7 21600 pixelHeight"> <v:f eqn="sum @10 21600 0"> </v:formulas> <v:path extrusionok="f" gradientshapeok="t" connecttype="rect"> <o:lock ext="edit" aspectratio="t"> </v:shapetype><v:shape id="_x0000_i1025" type="#_x0000_t75" style="'width:6in;"> <v:imagedata src="file:///C:\DOCUME~1\HARIJA~1\LOCALS~1\Temp\msohtml1\01\clip_image001.jpg" title="postfixadmin-admin-login"> </v:shape><![endif]--><!--[if !vml]--><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSRNx0eiI/AAAAAAAAAIw/bCuFOnZTZFQ/s1600-h/image001.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSRNx0eiI/AAAAAAAAAIw/bCuFOnZTZFQ/s400/image001.jpg" alt="" id="BLOGGER_PHOTO_ID_5220606848762411554" border="0" /></a><!--[endif]--></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><span style="" lang="SV">Login: admin</span><span style="" lang="SV"> pass admin (atau disesuaikan dengan username dan pass yang ada)</span></p><p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHNSVC-vYoI/AAAAAAAAAI4/S4aJlew4i5c/s1600-h/image002.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHNSVC-vYoI/AAAAAAAAAI4/S4aJlew4i5c/s400/image002.jpg" alt="" id="BLOGGER_PHOTO_ID_5220606914583290498" border="0" /></a></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="SV">Seorang admin bisa membuat mailbox dengan cara klik Add Mailbox dan pilih pada domain mana user tersebut akan dibuat</span></p><p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSe8X1JEI/AAAAAAAAAJA/JUZmbiL4J6Q/s1600-h/image003.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSe8X1JEI/AAAAAAAAAJA/JUZmbiL4J6Q/s400/image003.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607084608169026" border="0" /></a><br /><span style="" lang="SV"><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSfk3yKcI/AAAAAAAAAJg/V2z-rXF6cw0/s1600-h/image007.jpg"><br /></a></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="SV">Untuk melihat secara keseluruhan klik Overview maka akan ditampilkan list domain yang di manage oleh postfixadmin</span></p><p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHNSfUtGUpI/AAAAAAAAAJI/CG8ec_aW8L8/s1600-h/image004.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SHNSfUtGUpI/AAAAAAAAAJI/CG8ec_aW8L8/s400/image004.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607091139826322" border="0" /></a></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSft7WPRI/AAAAAAAAAJY/Bw2pZsfWhwI/s1600-h/image006.jpg"><br /></a></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="SV">Jika salah satu domain di klik akan ditampilkan detail mailbox yang ada<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SHNSfciQWWI/AAAAAAAAAJQ/RoBBRNJNacU/s1600-h/image005.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SHNSfciQWWI/AAAAAAAAAJQ/RoBBRNJNacU/s400/image005.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607093241829730" border="0" /></a></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal">Untuk merubah password user, auto respond / vacation, dan auto forward bisa ke</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">http://ipserver<ipserver>/postfixadmin/users<br /></ipserver></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Login dengan alamat email user dan password email ybs</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><!--[if gte vml 1]><v:shape id="_x0000_i1030" type="#_x0000_t75" style="'width:6in;height:259.5pt'"> <v:imagedata src="file:///C:\DOCUME~1\HARIJA~1\LOCALS~1\Temp\msohtml1\01\clip_image011.jpg" title="postfixadmin-admin-login6"> </v:shape><![endif]--><!--[if !vml]--><br /></p><p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSft7WPRI/AAAAAAAAAJY/Bw2pZsfWhwI/s1600-h/image006.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSft7WPRI/AAAAAAAAAJY/Bw2pZsfWhwI/s400/image006.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607097910476050" border="0" /></a></p><p class="MsoNormal"><!--[endif]--></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><span style="" lang="SV">Maka akan tampil menu diatas<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="SV">Autoresponse utk feedback otomatis kalau ybs sedang berlibur misalnya<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="SV"><o:p> </o:p></span></p> <p class="MsoNormal">Change forward utk merubah auto forward ke alamat emaillainnya</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><!--[if gte vml 1]><v:shape id="_x0000_i1031" type="#_x0000_t75" style="'width:6in;height:259.5pt'"> <v:imagedata src="file:///C:\DOCUME~1\HARIJA~1\LOCALS~1\Temp\msohtml1\01\clip_image013.jpg" title="postfixadmin-admin-login7"> </v:shape><![endif]--><!--[if !vml]--><br /></p><p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSfk3yKcI/AAAAAAAAAJg/V2z-rXF6cw0/s1600-h/image007.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSfk3yKcI/AAAAAAAAAJg/V2z-rXF6cw0/s400/image007.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607095479609794" border="0" /></a></p><p class="MsoNormal"><!--[endif]--></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><span style="" lang="IT">Diatas adalah contoh auto response, isi surat bisa diedit sesuai selera<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="IT">Kemudian klik Going Away, utk menonaktifkn auto response klik lagi menu auto response dan klik going back</span></p><p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSoGhIRuI/AAAAAAAAAJo/d6XJCOFIJng/s1600-h/image008.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSoGhIRuI/AAAAAAAAAJo/d6XJCOFIJng/s400/image008.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607241950349026" border="0" /></a></p> <p class="MsoNormal"><span style="" lang="IT"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSoQkHsqI/AAAAAAAAAJw/LSyt_Su0gjE/s1600-h/image009.jpg"><br /></a></p> <p class="MsoNormal"><span style="" lang="IT"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="IT">Untuk forward bisa diisi alamat email yang dijadikan forwarding<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="IT">Kemudianklik Edit Alias<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="IT"><o:p> </o:p></span></p> <p class="MsoNormal"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSoQkHsqI/AAAAAAAAAJw/LSyt_Su0gjE/s1600-h/image009.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SHNSoQkHsqI/AAAAAAAAAJw/LSyt_Su0gjE/s400/image009.jpg" alt="" id="BLOGGER_PHOTO_ID_5220607244647248546" border="0" /></a></p> <p class="MsoNormal"><span style="" lang="IT"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="IT">Untuk merubah password klik Change password<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="IT"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="" lang="IT"><span style=""> </span><o:p></o:p></span></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-4443582658316240159?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com2tag:blogger.com,1999:blog-4650800593925871709.post-46341846105028968692008-07-08T16:20:00.011+07:002008-07-09T00:15:17.407+07:00Email Server Postfix dengan PostfixadminBerikut adalah step-by-step pembuatan Email Server berbasis Postfix dengan postfixadmin<br /><br />Referensi yang saya baca adalah dari:<br /><a href="https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto">https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto</a><br /><a href="http://workaround.org/articles/ispmail-sarge/index.shtml.en">http://workaround.org/articles/ispmail-sarge/index.shtml.en</a><br /><a href="http://www.purplehat.org/?page_id=11">http://www.purplehat.org/?page_id=11</a><br /><br />Distro yang digunakan adalah Debian 4.0 rc3<br /><br />Step 1<br />Install debian menggunakan netinst cd<br /><br /><br />Step 2<br />remove exim4 yang merupakan MTA standar bawaan debian<br /><br />Step3<br />Install postfix:<br />#apt-get install postfix<br />pada saat proses install pilih "Internet Site"<br /><br />Step4<br />Install Mysql map support untuk Postfix<br />#apt-get install postfix-mysql<br />#apt-get install mysq-client<br />#apt-get install mysql-server<br /><br /><br /><br />Step5<br />Install Paket-paket untuk Client Access dan Authentication<br />#apt-get install courier-authdaemon<br />#apt-get install courier-authlib-mysql<br /><br />#apt-get install courier-pop<br />pada saat proses install pilih "create directories for web-based administration = No"<br /><br />#apt-get install courier-webadmin<br />pada saat proses install pilih "Activated CGI Program = No"<br />Password courier administration, misal = 123456<br /><br />#apt-get install courier-pop-ssl<br />#apt-get install courier-imap<br />#apt-get install courier-imap-ssl<br /><br />Step 6<br />Install Paket-paket untuk SMTP authentication<br />#apt-get install postfix-tls<br />#apt-get install libsasl2<br />#apt-get install libsasl2-modules<br />#apt-get install libsasl2-modules-sql<br />#apt-get install openssl<br /><br />"Jangan lupa buat SSL Certificate untuk TLS to encrypt SMTP traffic"<br /><p> For a certificate that is valid for ten years for the hostname smtp.domain.tld you would type this: </p><pre class="screen">openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 \<br />-nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509<br /></pre><p> You will then be asked a few question about the fields of the certificate. It does not matter what you enter. Just fill the fields. One exception though - the "Common Name" must be the hostname of your mail server. Example session: </p><pre class="screen">Country Name (2 letter code) [AU]:<span class="emphasis"><em>ID</em></span><br />State or Province Name (full name) [Some-State]:<span class="emphasis"><em>DKI-Jakarta</em></span><br />Locality Name (eg, city) []:<span class="emphasis"><em>Jakarta</em></span><br />Organization Name (eg, company) [Internet Widgits Pty Ltd]:<span class="emphasis"><em>PT. Data Utama Dinamika</em></span><br />Organizational Unit Name (eg, section) []:<span style="font-family:mon;"><span style="font-style: italic;">IT</span></span><span class="emphasis"><em></em></span><br />Common Name (eg, YOUR name) []:<span class="emphasis"><em>smtp.domain.tld</em></span><br />Email Address []:<span class="emphasis"><em>postmaster@domain.tld</em></span> </pre><p> After a short moment you will get two files: "smtpd.key" (the private key file) and "smtpd.cert" (the certificate). </p><br /><br />Install php module<br />#apt-get install php4<br />#apt-get install php4-mysql<br />#apt-get install php4-pear<br /><br />Install antivirus dan antispam<br />#apt-get install amavis<br />#apt-get install clamav<br />#apt-get install clamav-daemon<br />#apt-get install spamassassin<br /><br /><br /><br />Step 7<br />Setting Mysql Backend<br />Setting password root mysql, misal mysql123456<br /><br />#mysqladmin -u root password mysql123456<br /><br />Step 8<br />Setting Mysql Database<br /><br />#mysql -u root -p<br />password: mysql123456<br /><br />mysql> CREATE DATABASE postifx;<br />mysql> GRANT SELECT ON postfix.* TO postfix@localhost IDENTIFIED BY 'post123456';<br />mysql> GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfixadmin@localhost IDENTIFIED by 'postadmin123456'<br />mysql> flush privileges;<br />mysql> quit;<br /><br />catatan: command disebelah kanan mysql> ditulis perbaris<br /><br />Untuk membuat table dalam database postfix salin script sql berikut, misal sebagai file postfix.sql<br /><br /><span style="font-size:85%;">-- MySQL dump 10.11<br />--<br />-- Host: localhost Database: postfix<br />-- ------------------------------------------------------<br />-- Server version 5.0.32-Debian_7etch4-log<br /><br />/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;<br />/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;<br />/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;<br />/*!40101 SET NAMES utf8 */;<br />/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;<br />/*!40103 SET TIME_ZONE='+00:00' */;<br />/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;<br />/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;<br />/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;<br />/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;<br /><br />--<br />-- Table structure for table `admin`<br />--<br /><br />DROP TABLE IF EXISTS `admin`;<br />CREATE TABLE `admin` (<br />`username` varchar(255) NOT NULL default '',<br />`password` varchar(255) NOT NULL default '',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`modified` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />PRIMARY KEY (`username`),<br />KEY `username` (`username`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Admins';<br /><br />--<br />-- Table structure for table `alias`<br />--<br /><br />DROP TABLE IF EXISTS `alias`;<br />CREATE TABLE `alias` (<br />`address` varchar(255) NOT NULL default '',<br />`goto` text NOT NULL,<br />`domain` varchar(255) NOT NULL default '',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`modified` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />PRIMARY KEY (`address`),<br />KEY `address` (`address`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Aliases';<br /><br />--<br />-- Table structure for table `domain`<br />--<br /><br />DROP TABLE IF EXISTS `domain`;<br />CREATE TABLE `domain` (<br />`domain` varchar(255) NOT NULL default '',<br />`description` varchar(255) NOT NULL default '',<br />`aliases` int(10) NOT NULL default '0',<br />`mailboxes` int(10) NOT NULL default '0',<br />`maxquota` int(10) NOT NULL default '0',<br />`transport` varchar(255) default NULL,<br />`backupmx` tinyint(1) NOT NULL default '0',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`modified` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />PRIMARY KEY (`domain`),<br />KEY `domain` (`domain`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Domains';<br /><br />--<br />-- Table structure for table `domain_admins`<br />--<br /><br />DROP TABLE IF EXISTS `domain_admins`;<br />CREATE TABLE `domain_admins` (<br />`username` varchar(255) NOT NULL default '',<br />`domain` varchar(255) NOT NULL default '',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />KEY `username` (`username`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Domain Admins';<br /><br />--<br />-- Table structure for table `log`<br />--<br /><br />DROP TABLE IF EXISTS `log`;<br />CREATE TABLE `log` (<br />`timestamp` datetime NOT NULL default '0000-00-00 00:00:00',<br />`username` varchar(255) NOT NULL default '',<br />`domain` varchar(255) NOT NULL default '',<br />`action` varchar(255) NOT NULL default '',<br />`data` varchar(255) NOT NULL default '',<br />KEY `timestamp` (`timestamp`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Log';<br /><br />--<br />-- Table structure for table `mailbox`<br />--<br /><br />DROP TABLE IF EXISTS `mailbox`;<br />CREATE TABLE `mailbox` (<br />`username` varchar(255) NOT NULL default '',<br />`password` varchar(255) NOT NULL default '',<br />`name` varchar(255) NOT NULL default '',<br />`maildir` varchar(255) NOT NULL default '',<br />`quota` int(10) NOT NULL default '0',<br />`domain` varchar(255) NOT NULL default '',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`modified` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />PRIMARY KEY (`username`),<br />KEY `username` (`username`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Mailboxes';<br /><br />--<br />-- Table structure for table `vacation`<br />--<br /><br />DROP TABLE IF EXISTS `vacation`;<br />CREATE TABLE `vacation` (<br />`email` varchar(255) NOT NULL default '',<br />`subject` varchar(255) NOT NULL default '',<br />`body` text NOT NULL,<br />`cache` text NOT NULL,<br />`domain` varchar(255) NOT NULL default '',<br />`created` datetime NOT NULL default '0000-00-00 00:00:00',<br />`active` tinyint(1) NOT NULL default '1',<br />PRIMARY KEY (`email`),<br />KEY `email` (`email`)<br />) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Postfix Admin - Virtual Vacation';<br />/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;<br /><br />/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;<br />/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;<br />/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;<br />/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;<br />/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;<br />/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;<br />/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;<br /><br />-- Dump completed on 2008-07-07 9:12:19</span><br /><br />kemudian ketik<br /><br />#mysql -u root -p postifx < size="2"><br />user = postfix<br />password = post123456<br />hosts = 127.0.0.1<br />dbname = postfix<br />table = alias<br />select_field = goto<br />where_field = address<br /><br />Script "mysql_virtual_domains_maps.cf<br /><br />#nano /etc/postfix/mysql_virtual_domains_maps.cf<br /><br />lalu salin code dibawah ini<br /><br /><span style="font-size:85%;">user = postfix<br />password = post123456<br />hosts = 127.0.0.1<br />dbname = postfix<br />table = domain<br />select_field = domain<br />where_field = domain<br />#additional_conditions = and backupmx = '0' and active = '1'</span><br /><br />Script "mysql_virtual_mailbox_maps.cf"<br /><br />#nano /etc/postfix/mysql_virtual_mailbox_maps.cf<br /><br />lalu salin code dibawah ini<br /><br /><span style="font-size:85%;">user = postfix<br />password = post123456<br />hosts = 127.0.0.1<br />dbname = postfix<br />table = mailbox<br />#select_field = maildir<br />select_field = CONCAT(SUBSTRING_INDEX(Username,'@',-1),'/',SUBSTRING_INDEX(Username,'@',1),'/')<br />where_field = username<br />#additional_conditions = and active = '1'</span><br /><br />Script "mysql_virtual_mailbox_limit_maps.cf"<br /><br />#nano /etc/postfix/mysql_virtual_mailbox_limit_maps.cf<br /><br />lalu salin code dibawah ini<br /><br /><span style="font-size:85%;">user = postfix<br />password = post123456<br />hosts = 127.0.0.1<br />dbname = postfix<br />table = mailbox<br />select_field = quota<br />where_field = username<br />#additional_conditions = and active = '1'</span><br /><br />Script "mysql_relay_domains_maps.cf"<br /><br />#nano /etc/postfix/mysql_relay_domains_maps.c<br /><br />lalu salin code dibawah ini<br /><br /><span style="font-size:85%;">user = postfix<br />password = post123456<br />hosts = 127.0.0.1<br />dbname = postfix<br />table = domain<br />select_field = domain<br />where_field = domain<br />additional_conditions = and backupmx = '1'</span><br /><br />Untuk keamanan rubah group dan file permission dari file-file diatas dengan cara:<br /><br />#chgrp postfix /etc/postfix/mysql_*.cf<br />#chmod 640 /etc/postfix/mysql_*.cf<br /><br />Step 10<br />Buat vlmail user<br />Dengan system ini maka mailbox user akan disimpan di MySQL database dan di /home/vmail<br />sehingga user-user email tidak perlu memiliki UID sendiri di /etc/passwd untuk itu perlu dibuat user vmai.<br /><br />#groupadd -g 5000 vmail<br />#useradd -m -g vmail -u 5000 -d /home/vmail -s /bin/bash vmail<br /><br />Step 11<br />Konfigurasi Postfix dengan Mysql maps<br /><br />berikut adalah contoh file /etc/postfix/main.cf yang saya gunakan<br /><br /><span style="font-size:85%;"># See /usr/share/postfix/main.cf.dist for a commented, more complete version<br /><br /><br /># Debian specific: Specifying a file name will cause the first<br /># line of that file to be used as the name. The Debian default<br /># is /etc/mailname.<br />#myorigin = /etc/mailname<br /><br />smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)<br />biff = no<br /><br /># appending .domain is the MUA's job.<br />append_dot_mydomain = no<br /><br /># Uncomment the next line to generate "delayed mail" warnings<br />#delay_warning_time = 4h<br /><br /># TLS parameters<br />smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem<br />smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key<br />smtpd_use_tls=yes<br />smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache<br />smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache<br /><br /># See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for<br /># information on enabling SSL in the smtp client.<br /><br />myhostname = email.javathebest.com<br />alias_maps = hash:/etc/aliases<br />myorigin = /etc/mailname<br />mydestination = email.javathebest.com, localhost.javathebest.com, localhost<br />relayhost =<br />mynetworks = 127.0.0.0/8, 10.19.2.0/24, 10.19.3.0/24, 222.124.20.192/29, 192.168.2.0/24<br />mailbox_command = procmail -a "$EXTENSION"<br />mailbox_size_limit = 0<br />recipient_delimiter = +<br />inet_interfaces = all<br /><br />virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf<br />virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf<br />virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf<br />virtual_mailbox_base = /home/vmail<br />virtual_uid_maps = static:5000<br />virtual_gid_maps = static:5000<br /><br />#Additional for quota support<br /><br />virtual_create_maildirsize = yes<br />virtual_mailbox_extended = yes<br />virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf<br />virtual_mailbox_limit_override = yes<br />virtual_maildir_limit_message = Sorry, the your maildir has overdrawn your diskspace quota, please free up some of space of your mailbox try again.<br />virtual_overquota_bounce = yes<br /><br /><br />smtpd_sasl_auth_enable = yes<br />broken_sasl_auth_clients = yes<br />smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />smtpd_tls_cert_file = /etc/postfix/smtpd.cert<br />smtpd_tls_key_file = /etc/postfix/smtpd.key<br /><br /><br />transport_maps = hash:/etc/postfix/transport<br /><br /><br /><br />#Amavis<br />content_filter = amavis:[127.0.0.1]:10024<br />receive_override_options = no_address_mappings<br /><br /><br /><br />#tambahan konfigurasi utk lebih aman<br />strict_rfc821_envelopes = yes<br />disable_vrfy_command = yes<br />smtpd_delay_reject = yes<br />smtpd_helo_required = yes<br />smtpd_client_restrictions =<br /><br />smtpd_sender_restrictions =<br />permit_sasl_authenticated,<br />permit_mynetworks,<br />reject_non_fqdn_sender,<br />reject_unknown_sender_domain,<br />permit<br /><br />maps_rbl_domains = relays.ordb.org,<br /> bl.spamcop.net,<br /> list.dsbl.org,<br /> sbl-xbl.spamhaus.org<br /><br />smtpd_recipient_restrictions =<br />reject_unauth_pipelining,<br />reject_non_fqdn_recipient,<br />reject_unknown_recipient_domain,<br />reject_unknown_sender_domain,<br /><br />#localonly<br /># check_sender_access hash:/etc/postfix/restricted_senders<br />#localonly<br /><br /><br />permit_mynetworks,<br />permit_sasl_authenticated,<br />reject_unauth_destination,<br /># reject_maps_rbl,<br /># reject_rbl_client relays.ordb.org,<br />reject_rbl_client list.dsbl.org,<br />reject_rbl_client sbl-xbl.spamhaus.org,<br />permit<br /><br /><br />#localonly<br />#smtpd_restriction_classes = local_only<br />#local_only =<br /># check_recipient_access hash:/etc/postfix/local_domains, reject<br />#localonly </span><br /><br /><br />dan berikut adalah contoh file /etc/postfix/master.cf<br /><br /><span style="font-size:85%;">#<br /># Postfix master process configuration file. For details on the format<br /># of the file, see the master(5) manual page (command: "man 5 master").<br />#<br /># ==========================================================================<br /># service type private unpriv chroot wakeup maxproc command + args<br /># (yes) (yes) (yes) (never) (100)<br /># ==========================================================================<br />smtp inet n - - - - smtpd<br />#submission inet n - - - - smtpd<br /># -o smtpd_enforce_tls=yes<br /># -o smtpd_sasl_auth_enable=yes<br /># -o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />#smtps inet n - - - - smtpd<br /># -o smtpd_tls_wrappermode=yes<br /># -o smtpd_sasl_auth_enable=yes<br /># -o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />#628 inet n - - - - qmqpd<br />pickup fifo n - - 60 1 pickup<br />cleanup unix n - - - 0 cleanup<br />qmgr fifo n - n 300 1 qmgr<br />#qmgr fifo n - - 300 1 oqmgr<br />tlsmgr unix - - - 1000? 1 tlsmgr<br />rewrite unix - - - - - trivial-rewrite<br />bounce unix - - - - 0 bounce<br />defer unix - - - - 0 bounce<br />trace unix - - - - 0 bounce<br />verify unix - - - - 1 verify<br />flush unix n - - 1000? 0 flush<br />proxymap unix - - n - - proxymap<br />smtp unix - - - - - smtp<br /># When relaying mail as backup MX, disable fallback_relay to avoid MX loops<br />relay unix - - - - - smtp<br />-o fallback_relay=<br /># -o smtp_helo_timeout=5 -o smtp_connect_timeout=5<br />showq unix n - - - - showq<br />error unix - - - - - error<br />discard unix - - - - - discard<br />local unix - n n - - local<br />virtual unix - n n - - virtual<br />lmtp unix - - - - - lmtp<br />anvil unix - - - - 1 anvil<br />scache unix - - - - 1 scache<br />#<br /># ====================================================================<br /># Interfaces to non-Postfix software. Be sure to examine the manual<br /># pages of the non-Postfix software to find out what options it wants.<br />#<br /># Many of the following services use the Postfix pipe(8) delivery<br /># agent. See the pipe(8) man page for information about ${recipient}<br /># and other message envelope options.<br /># ====================================================================<br />#<br /># maildrop. See the Postfix MAILDROP_README file for details.<br /># Also specify in main.cf: maildrop_destination_recipient_limit=1<br />#<br />maildrop unix - n n - - pipe<br />flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}<br />#<br /># See the Postfix UUCP_README file for configuration details.<br />#<br />uucp unix - n n - - pipe<br />flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)<br />#<br /># Other external delivery methods.<br />#<br />ifmail unix - n n - - pipe<br />flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)<br />bsmtp unix - n n - - pipe<br />flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient<br />scalemail-backend unix - n n - 2 pipe<br />flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}<br />mailman unix - n n - - pipe<br />flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py<br />${nexthop} ${user}<br /><br />#Vacation<br />vacation unix - n n - - pipe<br />flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl<br /><br /><br />amavis unix - - - - 2 smtp<br />-o smtp_data_done_timeout=1200<br />-o smtp_send_xforward_command=yes<br /><br />127.0.0.1:10025 inet n - - - - smtpd<br />-o content_filter=<br />-o local_recipient_maps=<br />-o relay_recipient_maps=<br />-o smtpd_restriction_classes=<br />-o smtpd_client_restrictions=<br />-o smtpd_helo_restrictions=<br />-o smtpd_sender_restrictions=<br />-o smtpd_recipient_restrictions=permit_mynetworks,reject<br />-o mynetworks=127.0.0.0/8<br />-o strict_rfc821_envelopes=yes<br />-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks</span><br /><br /><br /><br />Step 12<br />Setting Courier-IMAP dan authentication Services<br /><br />Contoh /etc/courier/authmysqlrc<br /><br /><span style="font-size:85%;"><br />MYSQL_SERVER 127.0.0.1<br />MYSQL_USERNAME postfix<br />MYSQL_PASSWORD post123456<br />MYSQL_DATABASE postfix<br />MYSQL_USER_TABLE mailbox<br />MYSQL_LOGIN_FIELD username<br />MYSQL_NAME_FIELD name<br />MYSQL_CRYPT_PWFIELD password<br />#MYSQL_CLEAR_PWFIELD password<br />#MYSQL_MAILDIR_FIELD maildir<br />MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(Username,'@',-1),'/',SUBSTRING_INDEX(<br />Username,'@',1),'/')<br />MYSQL_QUOTA_FIELD concat(quota,'S')<br />MYSQL_HOME_FIELD '/home/vmail'<br />MYSQL_UID_FIELD '5000'<br />MYSQL_GID_FIELD '5000'</span><br /><br />Step 13<br />SMTP Authentication<br /><br />Contoh /etc/postfix/sasl/smtpd.conf<br /><br /><span style="font-size:85%;">pwcheck_method: auxprop<br />auxprop_plugin: sql<br />mech_list: plain login cram-md5 digest-md5<br />sql_engine: mysql<br />sql_hostnames: 127.0.0.1<br />sql_user: postfix<br />sql_passwd: post123456<br />sql_database: postfix<br />sql_select: select password from users where email='%u@%r'</span><br /><br />Untuk /etc/postfix/main.cf sudah ada diatas contohnya<br /><br />Step 14<br />Postfixadmin<br />Download postfixadmin-2.1.0.tgz dari http://www.high5.net/postfixadmin<br /><br />#tar -zxvf postfixadmin-2.1.0.tgz<br /><br />copykan isi directory postfixadmin-2.1.0 ke /var/www/postfixadmin<br /><br />Rubah file permission<br /><br /># cd /var/www/postfixadmin<br /># chmod 640 *.php *.css<br /># cd /var/www/postfixadmin/admin/<br /># chmod 640 *.php .ht*<br /># cd /var/www/postfixadmin/images/<br /># chmod 640 *.gif *.png<br /># cd /var/www/postfixadmin/languages/<br /># chmod 640 *.lang<br /># cd /var/www/postfixadmin/templates/<br /># chmod 640 *.tpl<br /># cd /var/www/postfixadmin/users/<br /># chmod 640 *.php<br /><br />Rubah kepemilikan file /var/www/postfixadmin<br /><br />#chown -R www-data:www-data /var/www/postfixadmin<br /><br />copy file /var/www/postfixadmin/config.inc.php.sample , contohnya sbb:<br /><br />#cp /var/www/postfixadmin/config.inc.php.sample /var/www/postfixadmin/config.inc.php<br /><br />dan edit isinya, pada bagian dibawah ini sesuaikan dengan username dan password di mysql yang telah diset dilangkah-langkah sebelumnya<br /><br />$CONF['database_type'] = 'mysql';<br />$CONF['database_host'] = 'localhost';<br />$CONF['database_user'] = 'postfixadmin';<br />$CONF['database_password'] = 'postadmin123456';<br />$CONF['database_name'] = 'postfix';<br />$CONF['database_prefix'] = '';<br /><br /><br />buat file /etc/apache2/conf.d/postfixamdin.conf<br />yang isinya sbb:<br /><br /><directory><br />AuthUserFile /var/www/postfixadmin/admin/.htpasswd<br />AuthGroupFile /dev/null<br />AuthName "Postfix Admin"<br />AuthType Basic<br /><br /><limit><br />require valid-user<br /></limit><br /><br /></directory><br /><br /><br />lalu restart apache2<br /><br />#/etc/init.d/apache2 restart<br /><br />Step 15<br />Untuk mengaktifkan Vacation caranya sbb:<br /><br /><p><strong>Create Vacation user and group accounts:</strong></p> <pre><blockquote>#groupadd vacation<br />#useradd vacation -c Virtual\ Vacation -d /nonexistent -g vacation -s /sbin/nologin</blockquote><br /></pre> <p><strong>Create, populate and secure vacation directory:</strong></p> <pre><blockquote>#mkdir /var/spool/vacation<br />#cp /var/www/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/<br />#chown -R vacation:vacation /var/spool/vacation/<br />#chmod 700 /var/spool/vacation/<br />#chmod 750 /var/spool/vacation/vacation.pl<br />#touch /var/log/vacation.log /var/log/vacation-debug.log<br />#chown vacation:vacation /var/log/vacation*</blockquote><br /></pre> <p><strong>Edit /var/spool/vacation/vacation.pl script:</strong><br />Find and edit the <span style="color:red;"><b>RED TEXT</b></span>.</p> <pre><blockquote>use DBI;<br />use strict;<br />my $db_type = ‘mysql’;<br />my $db_host = ‘<span style="color:red;"><b>localhost</b></span>‘;<br />my $db_user = ‘<span style="color:red;"><b>postfixadmin</b></span>‘;<br />my $db_pass = ‘<span style="color: rgb(255, 0, 0);">postadmin123456</span>‘;<br />my $db_name = ‘<span style="color:red;"><b>postfix</b></span>‘;<br />my $sendmail = “/usr/sbin/sendmail”;<br />my $logfile = “<span style="color:red;"><b>/var/log/vacation.log</b></span>“; # specify a file name here for example: vacation.log<br />my $debugfile = “<span style="color:red;"><b>/var/log/vacation-debug.log</b></span>“; # sepcify a file name here for example: vacation.debug<br />my $syslog = <span style="color:red;"><b>1</b></span>; # 1 if log entries should be sent to syslog<br />…<br /></blockquote><span style="font-family:Georgia,serif;"><br /></span></pre><p><strong>Edit /etc/postfix/master.cf for vacation filter:</strong><br />Add this to the bottom of the file.</p> <blockquote> <pre>vacation unix - n n - - pipe<br />flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl</pre> </blockquote> <p><strong>Edit /etc/postfix/main.cf for vacation transport:</strong><br />Find and edit the <span style="color:red;"><b>RED TEXT</b></span>.</p> <blockquote>… # TRANSPORT MAP # # See the discussion in the ADDRESS_REWRITING_README document. <span style="color:red;"><b>transport_maps = hash:/etc/postfix/transport</b></span> <span style="color:red;"><b>vacation_destination_recipient_limit = 1</b></span> … </blockquote> <p><strong>Add proper lines to /usr/local/etc/postfix/transport file:</strong></p> <blockquote>#echo '<span style="color:red;"><b>autoreply.domain.tld</b></span> vacation:' >> /etc/postfix/transport</blockquote> <p><strong>Create our transport map database for Postfix:</strong></p> <blockquote><p>#postmap /etc/postfix/transport</p></blockquote> <p><strong>Create PostfixAdmin username and password:</strong></p> <blockquote><p>#cd /var/www/postfixadmin/admin<br />#htpasswd -c .htpasswd <span style="color:red;"><b>admin</b></span><br />(Enter password)<br />(Re-enter password)</p></blockquote><pre><br /><br /><br /></pre>step 17<br />Untuk webmail bisa menggunakan squirrelmail<br /><br />#apt-get install squirrelmail<br /><br />konfigurasinya ada di /usr/share/squirrelmail/config/conf.pl<br />Setting bagian server seperti contoh dibawah ini:<br /><br />SquirrelMail Configuration : Read: config.php (1.4.0)<br />---------------------------------------------------------<br />Server Settings<br /><br />General<br />-------<br />1. Domain : trim(implode('', file('/etc/'.(file_exists('/etc/mailname')?'mail':'host').'name')))<br />2. Invert Time : false<br />3. Sendmail or SMTP : SMTP<br /><br />A. Update IMAP Settings : 127.0.0.1:143 (other)<br />B. Update SMTP Settings : 127.0.0.1:25<br /><br />R Return to Main Menu<br />C Turn color on<br />S Save data<br />Q Quit<br /><br />Command >><br /><br /><br /><br />lalu buat link /etc/apache2/conf.d/apache.conf ke /etc/squirrelmail/apache.conf<br /><br />#ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/apache.conf<br /><br /><br />Step 18<br />Restart semua service yang ada<br /><br />/etc/init.d/postfix restart<br />/etc/init.d/apache2 restart<br />/etc/init.d/courier-authdaemon restart<br />/etc/init.d/courier-imap restart<br />/etc/init.d/courier-imap-ssl restart<br />/etc/init.d/courier-pop restart<br />/etc/init.d/courier-pop-ssl restart<br />/etc/init.d/amavis restart<br />/etc/init.d/clamav-daemon restart<br />/etc/init.d/clamav-freshclam restart<br /><br />Untuk mengkonfigure clamav caranya:<br /><br /><p>We recommend that you use one of the Debian volatile repositories to keep your ClamAV installation updated on your system.<br />Always choose the <a href="http://www.debian.org/volatile/volatile-mirrors">mirror</a> closest to you.<br />Edit /etc/apt/sources.list and add a line like this to it:</p> <p><em>stable/etch</em>:</p> <p>deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free</p> Then run apt-get update; apt-get install clamav<br />If you need clamd, you may also want to run apt-get install clamav-daemon<br /><br /><a href="http://www.clamav.org/download/packages/packages-linux">http://www.clamav.org/download/packages/packages-linux</a><br /><a href="http://howtoforge.org/virtual_users_and_domains_with_postfix_debian_etch_p4"></a><br />catatan:<br />Berdoalah tidak ada yang error :)<br /><br />Untuk membuka postfixadmin bisa diakses melalui<br />http://localhost/postfixadmin<br /><br />Untuk membuka webmail bisa diakses melalui<br />http://localhost/squirrelmail<br /><br />Untuk panduan penggunaan postfixadmin akan saya buat di blog selanjutnya udah kebanyakan nih apa gak pusing bacanya :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-4634184610502896869?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-11713428120486611072008-06-13T22:15:00.007+07:002008-12-13T07:35:58.331+07:00ECMP Failover Script Mikrotik ver 3.10Barusan ada teman yang minta tolong untuk seting mikrotik menjadi router load balance dan failover ternyata contoh-contoh script yang ada di Internet sebagian besar untuk mikrotik versi 2.9.x sehingga contoh-contoh script tersebut tidak dapat langsung digunakan.<br /><br />adapun network diagramnya kurang lebih sbb:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SFKRDvBM2AI/AAAAAAAAAIo/NVV1vZnDmEM/s1600-h/topologi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SFKRDvBM2AI/AAAAAAAAAIo/NVV1vZnDmEM/s400/topologi.jpg" alt="" id="BLOGGER_PHOTO_ID_5211387212168222722" border="0" /></a><br /><br />konfigurasi load balance dan failover mengacu pada :<br /><a href="http://wiki.mikrotik.com/wiki/ECMP_Failover_Script"><br />http://wiki.mikrotik.com/wiki/ECMP_Failover_Script</a><br /><br />karena paling praktis dan masuk akal bahwa selain traffic http sangat riskan jika harus berpindah-pindah gateway.<br /><br />berikut adalah hasil export dari konfigurasi router mikrotik versi 3.10 yang digunakan<br /><br /><span style="font-weight: bold;">IP Address</span><br /><br /># jun/13/2008 23:10:46 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/ip address<br /><br />add address=10.95.130.133/29 broadcast=10.95.130.135 comment="" disabled=no \<br />interface=WIRELESS network=10.95.130.128<br /><br />add address=10.168.2.99/24 broadcast=10.168.2.255 comment="" disabled=no \<br />interface=ADSL network=10.168.2.0<br /><br />add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \<br />interface=LAN network=192.168.1.0<br /><br /><span style="font-weight: bold;">Routing</span><br /><br /># jun/13/2008 23:10:02 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/ip route<br /><br />add comment="SMTP Traffic out" disabled=no distance=1 dst-address=0.0.0.0/0 \<br />gateway=10.95.130.129 routing-mark=smtp-out scope=30 target-scope=10<br /><br />add comment="Default Route to Internet Wireless" disabled=no distance=1 \<br />dst-address=0.0.0.0/0 gateway=10.95.130.129 scope=30 target-scope=10<br /><br />add comment="ECMP route for HTTP" disabled=no distance=1 dst-address=\<br />0.0.0.0/0 gateway=10.95.130.129,10.168.2.1,10.168.2.1 routing-mark=\<br />ecmp-http-route scope=30 target-scope=10<br /><br />add comment="Default Route to Internet ADSL" disabled=yes distance=1 \<br />dst-address=0.0.0.0/0 gateway=10.168.2.1 scope=30 target-scope=10<br /><br />add comment="DNS Wireless" disabled=no distance=1 dst-address=\<br />202.95.128.60/32 gateway=10.95.130.129 scope=30 target-scope=10<br /><br />add comment="DNS Speedy" disabled=no distance=1 dst-address=202.134.2.5/32 \<br />gateway=10.168.2.1 scope=30 target-scope=10<br /><br /><br /><span style="font-weight: bold;">Mangle</span><br /><br /># jun/13/2008 23:09:21 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/ip firewall mangle<br /><br />add action=mark-routing chain=prerouting comment=\<br />" Route HTTP traffic to ECMP" disabled=no dst-port=80 new-routing-mark=\<br />ecmp-http-route passthrough=yes protocol=tcp<br /><br />add action=mark-routing chain=prerouting comment="SMTP Traffic" disabled=no \<br />dst-port=25 new-routing-mark=smtp-out passthrough=yes protocol=tcp<br /><br /><span style="font-weight: bold;">NAT</span><br /><br /># jun/13/2008 23:08:44 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/ip firewall nat<br />add action=masquerade chain=srcnat comment="" disabled=no src-address=\<br />192.168.1.0/24<br /><br /><br /><span style="font-weight: bold;">SCRIPT</span><br /><br /># jun/13/2008 23:06:31 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/system script<br /><br />add name=ecmp-shutdown policy=\<br />ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\<br />g 10.95.130.129 count=1]=0 || [/ping 10.168.2.1 count=1]=0) do={:log inf\<br />o \"Gateway down\" \r\<br />\n/ip route disable [/ip route find comment=\"ECMP route for HTTP\"] } els\<br />e {:log info \"ecmp-shutdown check ok\"}"<br /><br />add name=ecmp-startup policy=\<br />ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\<br />g 10.95.130.129 count=1]=1 && [/ping 10.168.2.1 count=1]=1 && [/ip route\<br /> get [find comment=\"ECMP route for HTTP\"] disabled]=true ) do={:log info\<br /> \"Both Gateway are up\"\r\<br />\n/ip route enable [/ip route find comment=\"ECMP route for HTTP\"]} else \<br />{:log info \"ecmp-startup check ok\"}"<br /><br />add name=wireless-gateway-check policy=\<br />ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\<br />g 10.95.130.129 count=1]=1) do={:log info \"Wireless Gateway are up\"\r\<br />\n/ip route enable [/ip route find comment=\"Default Route to Internet Wir\<br />eless\"]\r\<br />\n/ip route disable [/ip route find comment=\"Default Route to Internet AD\<br />SL\"]\r\<br />\n} else {:log info \"Wireless Gateway are down\"\r\<br />\n/ip route disable [/ip route find comment=\"Default Route to Internet Wi\<br />reless\"]\r\<br />\n/ip route enable [/ip route find comment=\"Default Route to Internet ADS\<br />L\"]\r\<br />\n}"<br /><br /><span style="font-weight: bold;">SCHEDULER</span><br /><br /># jun/13/2008 23:08:12 by RouterOS 3.10<br /># software id = A90W-3CT<br />#<br />/system scheduler<br />add comment="" disabled=no interval=25s name=gateway-check1 on-event=\<br />ecmp-shutdown start-date=jun/13/2008 start-time=16:26:27<br /><br />add comment="" disabled=no interval=30s name=gateway-check2 on-event=\<br />ecmp-startup start-date=jun/13/2008 start-time=16:26:27<br /><br />add comment="" disabled=no interval=20s name=wireless-gateway-check on-event=\<br />wireless-gateway-check start-date=jun/13/2008 start-time=16:26:27<br /><br /><span style="font-weight: bold;">SUPAYA pengecekkan ke gateway WIRELESS tidak bisa lewat interface ADSL<br /></span><span><br />Karena pengecekkan dilakukan menggunakan mekanisme ping = icmp maka agar pengecekkan gateway WIRELESS tidak bisa lewat interface ADSL diperlukan skrip berikut:</span><span style="font-weight: bold;"><br /><br /></span><br />/ip firewall filter<span style="font-family: monospace;"><br /></span>add action=drop chain=output comment=\<span style="font-family: monospace;"><br /></span>"supaya ke gateway wireless tidak bisa lewat interface adsl" disabled=no \<span style="font-family: monospace;"><br /></span>dst-address=10.95.130.129 out-interface=ADSL protocol=icmp<br /><br />Dengan script ini maka jika wireless down maka IP gateway WIRELESS tidak akan bisa diping melalui link ADSL tujuannya agar tidak terjadi kesalahan pengecekkan karena bisa saja ip gateway WIRELESS masih bisa diping melalui jaringan ADSL sehingga script menjadi tidak efektif.<br /><br /><br />semoga script-script diatas bisa langsung di import tinggal disesuaikan saja ip-ip nya<br /><br />kelemahan dari konfigurasi ini adalah ip 10.168.2.1 walaupun ADSL nya down tetap bisa diping karena itu ip dibelakang adsl-router harusnya 10.168.2.1 dibagian script diganti dengan ip statik ADSL , jadi kalau ADSL nya mati mestinya ip tersebut tidak bisa di ping.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-1171342812048661107?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-38224449849330371172008-06-05T12:01:00.002+07:002008-12-13T07:35:58.386+07:00"BIGGEST HACKER'S DAY EVENT IN INDONESIA"<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SEdzjZ5WE-I/AAAAAAAAAIg/pYSiEIK79kE/s1600-h/poster+hacker+A3+copy.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SEdzjZ5WE-I/AAAAAAAAAIg/pYSiEIK79kE/s400/poster+hacker+A3+copy.jpg" alt="" id="BLOGGER_PHOTO_ID_5208258546161292258" border="0" /></a><br />"BIGGEST HACKER'S DAY EVENT IN INDONESIA"<br />One Day Seminar<br /><br />Kamis, 12 Juni 2008<br />Nuri Room, Jakarta Convention Center<br /><br />Materi:<br />Indonesian Cyber-Law<br />The X: Art of Web Application Exploitation<br />Defeating Fake Exploit for Dummies<br />Hacking: Do The Professionals Now Rule?<br />CAPTCHA (in) Security<br />Client Side Hacking and Countermeasures<br />Offensive Security: The Way of Wireless Ninja<br /><br />Pembicara :<br />Onno W.Purbo (Pakar TI)<br />Eko Indrajit (ID-SIRTII)<br />Eugene Dokukin (Russian White-hat Hacker)<br />Anselmus Ricky-Also known as Th0R (Security Consultant & Hacking Book Writer)<br />Semi Yulianto (Senior Security Consultant, EC Council)<br />Irvan (Security Consultant & Hacking Book Writer)<br />Jim Geovedi (Member of HERT & Security Consultant)<br /><br /><br />Biaya Peserta<br />Rp.200.000 (UMUM)<br />Rp.150.000 (MAHASISWA)<br /><br />Harga Spesial:<br />Rp.150.000 (Pelanggan InfoKomputer)<br />Rp 150.000 (UMUM 2 orang/lebih)<br /><br />Biaya sudah termasuk:<br />Makan siang & Coffee break<br />Majalah InfoKomputer<br />Tabloid PCplus.<br />Voucher Buku Hacking<br />Souvenir<br />Sertifikat<br />CD Materi acara<br /><br />Transfer ke Rek BCA Cab.Gajahmada 0123005519 a/n PT.PRIMA INFOSARANA MEDIA<br />Fax 5360411<br /><br />DAFTAR SEKARANG TEMPAT TERBATAS<br /><br />Hub: Ibu Uli/Ibu Pandan 021.5483008 ext 3340/3773<br />Ibu Kikis 021.5484366 (Direct Line)<br />Penyelenggara:<br />MAJALAH INFOKOMPUTER<br />TABLOID PC PLUS<br /><br />Partner:<br />SWISS GERMAN UNIVERSITY<br />INIXINDO<br />DYANDRA PROMOSINDO<br />KOMPAS.COM<br />OKEZONE.COM<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-3822444984933037117?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-56718879761792989172008-06-01T14:58:00.003+07:002008-06-01T15:12:26.992+07:00update cpanel ternyata harus update perl duluKemarin malem , saya eksekusi /script/upcp untuk mengupdate cpanel , karena sebelumnya ada announcement update cpanel terbaru agar penggunaan memory lebih efisien.<br /><br />ternyata sebelumnya harus mendonwload<br /><br /> wget http://layer1.cpanel.net/perl588installer.tar.gz<br /><br />lalu<br /><br />tar xvfz perl588installer.tar.gz<br /><br />lalu<br /><br />cd perl588installer<br /><br /><br />lalu<br /><br />./install<br /><br />setelah selesai meng-install perl588<br /><br />baru eksekusi<br /><br />/script/upcp --force<br /><br />baru deh beres :)<br /><br />sumber:<br /><a href="http://forums.cpanel.net/showthread.php?t=80989&highlight=upcp">http://forums.cpanel.net/showthread.php?t=80989&highlight=upcp</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-5671887976179298917?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-84904645457593002382008-05-28T18:38:00.007+07:002008-12-13T07:35:58.509+07:00Menjadikan debian sebagai syslog server yang disimpan di mysqlKadang kita perlu menyimpan log dari mesin2 tertentu ke sebuah syslog server agar diperoleh report yang dibutuhkan, lebi seru lagi kalau datanya disimpan di database server seperti mysql jadi mudah untuk di query.<br /><br />Berikut adalah cara instalasi syslog server yang datanya disimpan di mysql pada distro debian.<br /><br />Pertama install syslog-ng<br /><br />apt-get install syslog-ng syslog-summary<br /><br /><br />kemudian tambahkan file di /etc/syslog-ng/syslog-ng.<br /><br />source net { udp(); };<br /><br />destination d_mysql {<br />pipe("/tmp/mysql.pipe"<br />template("INSERT INTO logs (host, facility, priority, level, tag, date,<br />time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',<br />'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));<br />};<br /><br />log { source(net); destination(d_mysql); };<br /><br /><br />save lalu restart syslog-ng<br /><br />/etc/init.d/syslog-ng restart<br /><br />buat fifo pipe untuk syslog-ng caranya:<br /><br />mkfifo /tmp/mysql.pipe<br /><br /><br />buat database syslogdb di mysql dengan perintah SQL berikut:<br />perintah SQL ini bisa diinput melalui phpmysql atau melalui console, kalau saya paling praktis menggunakan phpmysql, sorry di artikel ini saya tidak menjelaskan instalasi mysqlnya, jadi asumsi mysqlnya udah jalan dengan benar.<br /><br /><br />CREATE DATABASE syslogdb;<br />USE syslogdb;<br /><br />CREATE TABLE logs (<br />host varchar(32) default NULL,<br />facility varchar(10) default NULL,<br />priority varchar(10) default NULL,<br />level varchar(10) default NULL,<br />tag varchar(10) default NULL,<br />date date default NULL,<br />time time default NULL,<br />program varchar(15) default NULL,<br />msg text,<br />seq int(10) unsigned NOT NULL auto_increment,<br />PRIMARY KEY (seq),<br />KEY host (host),<br />KEY seq (seq),<br />KEY program (program),<br />KEY time (time),<br />KEY date (date),<br />KEY priority (priority),<br />KEY facility (facility)<br />) TYPE=MyISAM;<br /><br /><br />berikutnya buat script /etc/syslog-ng/rc.syslog-ng-to-myqsl<br />yang isinya:<br /><br />#<br /># Created by Tadghe Patrick Danu<br />#<br />#!/bin/bash<br /><br />if [ -e /tmp/mysql.pipe ]; then<br />while [ -e /tmp/mysql.pipe ]<br />do<br />mysql -u root --password='password root mysql yang digunakan' syslogdb < /tmp/mysql.pipe done<br />else<br />mkfifo /tmp/mysql.pipe<br />fi <br /><br /><br />kemudian chmod 750 /etc/syslog-ng/rc.syslog-ng-to-mysql hati-hati di file itu ada password root msyql jadi jangan lupa utk dibuat 750 ya supaya orang lain selain root tidak bisa lihat isinya, atau bisa juga buat user khusus utk syslogdb di mysqlnya. <br /><br /><br />kalau sudah tinggal restart syslog-ng /etc/init.d/syslog-ng restart dan eksekusi /etc/syslog-ng/rc.syslog-ng-to-mysql & atau bisa juga dimasukkin ke /etc/rc.local supaya otomatis jalan kalau debiannya direboot. ini hasilnya kalau dilihat di phpmyadmin. <br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SD1G6oUW4gI/AAAAAAAAAIY/c4jjEDmL_mI/s1600-h/phpmyadmin-monitoring.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SD1G6oUW4gI/AAAAAAAAAIY/c4jjEDmL_mI/s400/phpmyadmin-monitoring.JPG" alt="" id="BLOGGER_PHOTO_ID_5205394717379322370" border="0" /></a><br /><br />sebagai tambahan kalau dari mesin cisco mau dilempar lognya ke syslog server commandnya spt ini:<br /><br /><span style="font-weight: bold;">conf t</span><br /><span style="font-weight: bold;">logging </span><span style="font-style: italic; font-weight: bold;">IP_address_of_UNIX_host<br /></span><span style="font-weight: bold;">logging facility local7</span> (use local7 syslog facility)<br /><span style="font-weight: bold;">logging trap </span><span style="font-style: italic; font-weight: bold;">level_of_debugging</span> (default is "informational")<br /><span style="font-weight: bold;">logging on</span><br /><br /><br /><br /><span style="font-weight: bold;">reference:</span><br /><br /><a href="http://kryptoz.wordpress.com/2008/04/10/configure-syslog-ng-syslogd-remote-log-server/">http://kryptoz.wordpress.com/2008/04/10/configure-syslog-ng-syslogd-remote-log-server/</a><br /><a href="http://vermeer.org/docs/1">http://vermeer.org/docs/1</a><br /><a href="http://www.brandonhutchinson.com/Remote_Cisco_logging.html">http://www.brandonhutchinson.com/Remote_Cisco_logging.html</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8490464545759300238?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-20307890620880672462008-05-19T11:12:00.004+07:002008-12-13T07:35:59.305+07:00Memfilter broadcast traffic yang bukan menuju ke pelanggan yang bersangkutanDikarenakan switch yang digunakan di roof cyber sementara tidak managable alias tidak bisa di konfigurasi vlan maka traffic antar radio pelanggan yang satu bisa ter-broadcast ke pelanggan lainnya.<br /><br />Untuk mengurangi beban traffic tersebut agar tidak ter-broadcast ke radio disisi pelanggan maka saya buat filtering sbb:<br /><br />Langkah 1<br />Buat daftar address-lists dengan nama pelanggan , misalnya disini contohnya adalah "praisindo" yang isinya blok ip yang digunakan oleh pelanggan utk terkoneksi ke Internet, disini contohnya user praisindo menggunakan IP:<br />- 203.89.26.104/30 -> Ip Publik pelanggan<br />- 10.3.0.0/29 -> IP Radio pelanggan<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_Ter7GQI/AAAAAAAAAH4/5yEiyJvm2mA/s1600-h/praisindo-cyber.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_Ter7GQI/AAAAAAAAAH4/5yEiyJvm2mA/s400/praisindo-cyber.JPG" alt="" id="BLOGGER_PHOTO_ID_5201938279732812034" border="0" /></a><br />Langkah 2<br />Buat Filter Rules pada chain: forward, pada Tab General set in-interface = ether1 (yang merupakan interface yang terhubung ke switch di roof cyber) dan out interface = wlan1 (yang merupakan interface wireless yang menuju ke pelanggan)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_mer7GRI/AAAAAAAAAIA/jVdusIhYBO0/s1600-h/praisindo-cyber1.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_mer7GRI/AAAAAAAAAIA/jVdusIhYBO0/s400/praisindo-cyber1.JPG" alt="" id="BLOGGER_PHOTO_ID_5201938606150326546" border="0" /></a><br />Pada Tab Advanced, Dst-address list = !praisindo (artinya bukan "!" dari list "praisindo")<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_mer7GSI/AAAAAAAAAII/Og65sgP7Eq4/s1600-h/praisindo-cyber2.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://3.bp.blogspot.com/_nzWcXcVYSRs/SDD_mer7GSI/AAAAAAAAAII/Og65sgP7Eq4/s400/praisindo-cyber2.JPG" alt="" id="BLOGGER_PHOTO_ID_5201938606150326562" border="0" /></a><br />Pada Tab Action, Action = Drop<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_nzWcXcVYSRs/SDD_mur7GTI/AAAAAAAAAIQ/YvefJg6ceVQ/s1600-h/praisindo-cyber3.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://4.bp.blogspot.com/_nzWcXcVYSRs/SDD_mur7GTI/AAAAAAAAAIQ/YvefJg6ceVQ/s400/praisindo-cyber3.JPG" alt="" id="BLOGGER_PHOTO_ID_5201938610445293874" border="0" /></a><br />Dengan demikian broadcast dari pelanggan lainnya difilter untuk tidak diteruskan ke sisi wireless pelanggan tersebut.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2030789062088067246?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-29627963697379172422008-05-16T23:29:00.000+07:002008-05-16T23:31:03.944+07:00Instalasi Caci di Debian<p class="MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">DITULIS<span> </span>OLEH : EKA RAHMAT H</span></p> <p><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">EMAIL : surat-mu@hotmail.com</span><br />http://sisulung.wordpress.com/2007/12/14/install-cacti-di-debian-etch/</p><p><span style="font-size: 18pt;"><strong><a><br /></a></strong></span></p><p><span style="font-size: 18pt;"><strong><a>Apa itu CACTI?<br /></a></strong></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><a>Cacti adalah frontend dari RRDTool yang menyimpan informasi kedalam database !MySQL dan membuat graph berdasarkan informasi tersebut. Proses pengambilan data (lewat SNMP maupun skrip) sampai kepada pembuatan gambar (graph) dilakukan menggunakan bahasa pemrograman PHP.<br /></a></span></p> <p><a href="http://www.raxnet.net/products/cacti" title="http://www.raxnet.net/products/cacti" target="_blank"><span style="color: blue; font-family: Verdana; font-size: 10pt; text-decoration: underline;">http://www.raxnet.net/products/cacti</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-size: 18pt;"><strong><a>Instalasi:<br /></a></strong></span></p> <p><span style="font-family: Times New Roman; font-size: 12pt;"><a>Cacti membutuhkan beberapa aplikasi berikut terinstall kedalam sistem sebelumnya.<br /></a></span></p> <p style="margin-left: 18pt;"><span style="font-family: Verdana; font-size: 10pt;">RRDTool 1.0.48 or greater <a href="http://www.rrdtool.org%20rrdtool/" title="http://www.rrdtool.org rrdtool" target="_blank"><span style="color: blue; text-decoration: underline;">http://www.rrdtool.org rrdtool</span></a><br /></span></p> <p style="margin-left: 18pt;"><span style="font-family: Verdana; font-size: 10pt;">MySQL 3.23 or greater, 4.0.20d or greater highly recommended for advanced features <a href="http://www.mysql.org%20mysql/" title="http://www.mysql.org MySQL" target="_blank"><span style="color: blue; text-decoration: underline;">http://www.mysql.org MySQL</span></a><br /></span></p> <p style="margin-left: 18pt;"><span style="font-family: Verdana; font-size: 10pt;">PHP 4.1 or greater, 4.3.6 or greater highly recommended for advanced features <a href="http://www.php.net%20php/" title="http://www.php.net PHP" target="_blank"><span style="color: blue; text-decoration: underline;">http://www.php.net PHP</span></a><br /></span></p> <p style="margin-left: 18pt;"><a href="http://net-snmp.sourceforge.net%20net-snmp/" title="http://net-snmp.sourceforge.net net-snmp" target="_blank"><span style="color: blue; font-family: Verdana; font-size: 10pt; text-decoration: underline;">http://net-snmp.sourceforge.net net-snmp</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Install Cacri di Debian<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Pada dasarnya, kalau Anda menggunakan debian menginstall cacti tidaklah susah karena paket .deb sudah tersedia, Cuma pada saat saya peraktekan terjadi error nah untuk menyiasatinya kita install manual aja paket-paket yang dibutuhkan untuk menjalankan cacti.<br /></span></p> <ol><li><span style="font-family: Verdana; font-size: 10pt;">Install cacti dengnan menggunakan apt-get (auto)<br /></span><span style="font-family: Verdana; font-size: 10pt;">Debian:~#apt-get install cacti<br /></span><span style="font-family: Verdana; font-size: 10pt;">Ket : ini akan menginstall semua paket yang di butuhkan seperti mysql, rrdtool, Cuma sayangnya pas saya coba masih ada setikit error pada paket mysql-nya dan php dan biasanya php-ya masih yang php4, untuk menginstall versi terbaru dari php kita lakukan cara manual aja dech, caranya ada di langkah ke 2.<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Install paket-paket yang di butuhkan si cacti<br /></span><span style="font-family: Verdana; font-size: 10pt;"><strong>Menginstall server database MySQ</strong>L<br /></span><span style="font-family: Verdana; font-size: 10pt;">Debian:~#apt-get install mysql-server<br /></span><span style="font-family: Verdana; font-size: 10pt;">Ket : MySQL awalnya hanya mengizinkan koneksi dari localhost (127.0.0.1) saja. Kita harus menghapus pembatasan in jika Anda ingin membuat MySQL dapat diakses oleh siapapun melalui internet. Buka berkas /etc/mysql/my.cnf<br /></span><span style="font-family: Verdana; font-size: 10pt;">Debian:~#vim /etc/mysql/my.cnf<br /></span> <p><span style="font-family: Verdana; font-size: 10pt;">Cari baris ini bind-address = 127.0.0.1 dan berikan komentar (#)<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">…<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> #bind-address = 127.0.0.1<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">…<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Default-nya MySQL tidak memasang password root. Hal ini dapat menimbulkan masalah keamanan. Anda harus segera menetapkan password root. Anda juga harus menetapkan password root, apabila ingin menggunakan akses root dari komputer lokal Anda. Nama-mesin-local adalah nama komputer yang sedang Anda gunakan.<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#mysqladmin -u root password your-new-password<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#mysqladmin -h root@nama-mesin-lokal -u root -p password your-new-password<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#sudo /etc/init.d/mysql restart<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Sampai disini install mysql sudah selesai.<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><strong>Menginstall server http Apache<br /></strong></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><br /><span style="font-family: Verdana; font-size: 10pt;">apt-get install apache2<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Setelah proses installasi selesai, untuk mencobanya Anda ketikan perintah ini di browser : <a href="http://localhost/">http://localhost</a><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><strong>Bagaimana menginstal PHP5 untuk Server HTTP Apache<br /></strong></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#sudo apt-get install php5<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#sudo apt-get install libapache2-mod-php5<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#sudo /etc/init.d/apache2 restart<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Jika Anda hanya membutuhkan php4 ya ganti aja tulisan php5 dengan tulisan php4<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Untuk menguji jika php4 telah terinstal dengan baik<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#vim /var/www/testphp.php<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Buat berkas baru dan masukkan baris berikut<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><?php phpinfo(); ?><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Simpan berkas yang telah disunting<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Untuk mengujinya coba buka browser dan ketikan perintah ini <a href="http://localhost/testphp.php">http://localhost/testphp.php</a> kalau ga mau jalan coba ketikan seperti ini <a href="http://ipaddressserver/testphp.php">http://ipAddressServer/testphp.php</a><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><strong>Bagaimana menginstal MYSQL untuk Server HTTP Apache<br /></strong></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#apt-get install libapache2-mod-auth-mysql<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#apt-get install php5-mysql<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Untuk membuat PHP bekerja dengan MySQL, buka berkas<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#vim /etc/php5/apache2/php.ini<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Anda harus menghapus komentar di baris “;extension=mysql.so” sehingga akan terlihat seperti ini<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">…<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> extension=mysql.so<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">…<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Simpan berkas dan keluar<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:#/etc/init.d/apache2 restart<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Untuk mempermudah penggunaan php saya sangat menyarankan Anda menggunakan program yang namanya “phpmyadmin” cara install di debian sbb:<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">apt-get install phpmyadmin<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Kalau dah selesai installnya, coba jalankan browser dan ketikan <a href="http://localhost/phpmyadmin">http://localhost/phpmyadmin</a> dan akan muncul spt gambar di bawah ini :<br /></span></p> <p><img src="http://ekarh.files.wordpress.com/2007/12/121407-0928-installasid1.png?w=651&h=369" height="369" width="651" /><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Nama pengguna : root<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Kata Sandi : password_anda<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Dan akan tampil seperti gambar di bawah ini :<br /></span></p> <p><img src="http://ekarh.files.wordpress.com/2007/12/121407-0928-installasid2.png?w=654&h=373" height="373" width="654" /><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Sejauh ini install paket-paket yang di butuhkan oleh si cacti sudah selesai, sekarang tibalah saatnya untuk mengkonfigurasi si cacti.<br /></span> </p></li><li><span style="font-family: Verdana; font-size: 10pt;">Configurasi Cacti<br /></span><span style="font-family: Verdana; font-size: 10pt;"><strong>Membuat user buat si cacti :<br /></strong></span><span style="font-family: Verdana; font-size: 10pt;">Debian:~#adduser cacti<br /></span><span style="font-family: Verdana; font-size: 10pt;">Membuat MySQL database buat si cacti<br /></span><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">mysqladmin –user=root create cacti<br /></span> <p><span style="font-family: Verdana; font-size: 10pt;">Meninport database default si cacti<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">mysql cacti < cacti.sql<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Tapi kalau dengan cara ini masih menemui kesulitan atau error maka gunakan cara 2 dengan menggunakan phpmyadmin, supaya lebih mudah kita mengimportnya lewat phpmyadmin.<br /></span></p> <ol><li><span style="font-family: Verdana; font-size: 10pt;">Bukan browser kesayangan Anda<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Download cacti <a href="http://www.cacti.net/downloads/cacti-0.8.7a.zip">http://www.cacti.net/downloads/cacti-0.8.7a.zip</a> dan lakukan extract..<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Ketikan perintah ini : <a href="http://localhost/phpmyadmin">http://localhost/phpmyadmin</a><br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Akan tampil gambar seperti di atas, masukan username dan password anda dan tekan enter.<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Pada bagian kiri di bagian “Database” pilih “cacti”<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Pada bagian atas pilih tulisan “import”<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Pada bagian “File to Import” klik tombol “Browse..”<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Cari dimana Anda meletakan hail extract.. cacti tersebut dan filih file “cacti” klik “open”<br /></span></li><li><span style="font-family: Verdana; font-size: 10pt;">Klik “GO” di pojok kanan bawah.<br /></span></li></ol> <p><span style="font-family: Verdana; font-size: 10pt;">Ket : Prosess di atas sebetulnya cukup dilakukan dengan perintah mysql cacti < cacti.sql, Cuma pas say peraktekan kok ga bisa ya… makanya saya cari car lain aja dech…!!<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"><strong>Membuat MySQL username dan password buat si Cacti<br /></strong></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">mysql –user=root mysql<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY ’somepassword’;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#</span><span style="font-family: Verdana; font-size: 10pt;">mysql> flush privileges;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Saatnya meng Edit <span style="color: rgb(0, 122, 0);">include/config.php </span><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#vim /usr/share/cacti/site/include/config.php<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Cari bagian-bagian ini dan tambahkan user, password, database buat di cacti.<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">….<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> $database_default = “cacti”;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> $database_hostname = “localhost”;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> $database_username = “cactiuser”;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> $database_password = “cacti”;<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">….<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Ubah permissions directory-nya<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#chown -R cactiuser /usr/share/cacti/site/rra<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#chown -R cactiuser /usr/share/cacti/site/log<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Saatnya meng Edit <span style="color: rgb(204, 0, 102);">/etc/crontab<br /></span></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Debian:~#vim /etc/crontab<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Masukan baris berikut ini<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">….<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;"> */5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">….<br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Hemmmmm hemmmm sepertinya perjalanan panjang installasi dan configurasi cacti sudah hampir mendekati selesai…<br /></span> </p></li><li><span style="font-family: Verdana; font-size: 10pt;">Tahap akhir konfigurasi Cacti.<br /></span><span style="font-family: Verdana; font-size: 10pt;">Buka browser kesayangan anda dan ketikan <a href="http://localhost/cacti">http://localhost/cacti</a><br /></span><span style="font-family: Verdana; font-size: 10pt;">Jika tidak ada yang error klik next dan selesay dechhhhhhhhhhhhh….<br /></span><span style="font-family: Verdana; font-size: 10pt;">Tinggal Anda bereksperimen sendiri menggunakan Cacti..<br /></span><span style="font-family: Verdana; font-size: 10pt;">Demikian dulu pelajaranya… kl ada yang mau menambahkan silahkan posting nanti akan saya tampilkan dech… swerrrrrrrr<br /></span></li></ol> <p><span style="font-family: Verdana; font-size: 10pt;">CACTI SUPPORT<br /></span></p> <p><a href="http://forums.cacti.net/"><span style="font-family: Verdana; font-size: 10pt;">http://forums.cacti.net/</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Download Official Patches For Cacti<br /></span></p> <p><a href="http://www.cacti.net/download_patches.php"><span style="font-family: Verdana; font-size: 10pt;">http://www.cacti.net/download_patches.php</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Additional scripts For Cacti<br /></span></p> <p><a href="http://www.cacti.net/additional_scripts.php"><span style="font-family: Verdana; font-size: 10pt;">http://www.cacti.net/additional_scripts.php</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">Cacti Screen Shots<br /></span></p> <p><a href="http://www.cacti.net/screenshots.php"><span style="font-family: Verdana; font-size: 10pt;">http://www.cacti.net/screenshots.php</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><span style="font-family: Verdana; font-size: 10pt;">BAHAN RUJUKAN<br /></span></p> <p><a href="http://www.debianhelp.co.uk/cacti.htm"><span style="font-family: Verdana; font-size: 10pt;">http://www.debianhelp.co.uk/cacti.htm</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><a href="http://www.cacti.net/downloads/docs/html/unix_configure_cacti.html"><span style="font-family: Verdana; font-size: 10pt;">http://www.cacti.net/downloads/docs/html/unix_configure_cacti.html</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <p><a href="http://wiki.ubuntu-id.org/PanduanUbuntu#head-6516d8e7865828370de398090526456696fab9f8"><span style="font-family: Verdana; font-size: 10pt;">http://wiki.ubuntu-id.org/PanduanUbuntu</span></a><span style="font-family: Verdana; font-size: 10pt;"><br /></span></p> <a href="http://corebsd.or.id/wiki/doku.php?id=coreartikel:cacti"><span style="font-family: Verdana; font-size: 10pt;">http://corebsd.or.id/wiki/doku.php?id=coreartikel:cacti</span></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-2962796369737917242?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-80889781237875474532008-05-10T18:50:00.006+07:002008-12-13T07:35:59.944+07:00ZEROSHELL live cd routerBermula dari rencana mengganti router mikrotik kantor jakarta dengan komputer IBM Netvista dari mas priyo yang ternyata tidak ikhlas kalau harddisk nya di babat karena ada konfigurasi SIP Server.<br /><br />Semula mau coba mikrotik booting lewat USB, percobaan pertama sukses menggunakan USB 1GB tapi kan sayang-sayang tuh jadi coba pake USB 128MB hadiah dari vendor eh ternyata bermasalah akhirnya cari-cari live+cd+router di google.com dan akhirnya didapat ZEROSHELL yang merupakan router live cd berbasis linux.<br /><br />cara instalasinya mudah saja download file iso nya lalu burn di cd kemudian booting komputer menggunakan live cd tersebut , selanjutnya konfigure ZEROSHELL lewat browser ke ip defaultnya 192.168.0.75/24 dengan user=admin , pass=zeroshell kemudian setup networknya dan fitur-fitur yang dibutuhkan seperti dhcp server, qos dll.<br /><br />yang menarik konfigurasinya bisa di simpan di USB jadi kalau di reboot setinggannya tidak hilang karena ZEROSHELL akan membaca konfigurasi yang active dari USB tersebut.<br /><br />Tapi ini bagian yang paling menyebalkan karena caranya mesti buat database dulu di USB terus copy konfigurasi yang sudah kita buat baru aktifasikan file database yang berisi konfigurasi yang telah kita buat. atau bisa juga di backup filenya jadi simpan di komputer kerja admin, kalau sewaktu-waktu dibutuhkan bisa di save ke USB, pengalaman lebih baik USB di format menggunakan ext3 , kalau pake vfat (FAT) format windows file databasenya jadi bengkak ukurannya.<br /><br />berikut adalah tampilan ZEROSHELL router yang digunakan di kantor<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_nzWcXcVYSRs/SCWMYOllk0I/AAAAAAAAAHw/QmDIrxiG9io/s1600-h/zeroshell-router-kantor-jakarta.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://1.bp.blogspot.com/_nzWcXcVYSRs/SCWMYOllk0I/AAAAAAAAAHw/QmDIrxiG9io/s400/zeroshell-router-kantor-jakarta.JPG" alt="" id="BLOGGER_PHOTO_ID_5198715692729602882" border="0" /></a><br /><br />Web ZEROSHELL bisa diakses di <a href="http://www.zeroshell.net/eng">http://www.zeroshell.net/eng</a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_nzWcXcVYSRs/SCWMOellkzI/AAAAAAAAAHo/KaAlFsv1OwU/s1600-h/zeroshell-router-web.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://2.bp.blogspot.com/_nzWcXcVYSRs/SCWMOellkzI/AAAAAAAAAHo/KaAlFsv1OwU/s400/zeroshell-router-web.JPG" alt="" id="BLOGGER_PHOTO_ID_5198715525225878322" border="0" /></a><br />Jadi kalau mau ngirit manfaatin PC bekas buat router dikantor ZEROSHELL bisa jadi alternatif murah meriah.<br /><br />Sayangnya saya belum berhasil untuk setingan QoS nya mungkin hanya efektif di mode bridge.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-8088978123787547453?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com1tag:blogger.com,1999:blog-4650800593925871709.post-10171338973107355772008-05-08T13:51:00.000+07:002008-05-08T13:52:13.966+07:00What is a VLAN?<h2>The Basic Definition</h2> <p>The acronym VLAN expands to Virtual Local Area Network. A VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity, its creation and configuration is done completely in software.</p> <h2>How Is a VLAN Identified</h2> <p>Since a VLAN is a software concept, identifiers and configurations for a VLAN must be properly prepared for it to function as expected. Frame coloring is the process used to ensure that VLAN members or groups are properly identified and handled. With frame coloring, packets are given the proper VLAN ID at their origin so that they may be properly processed as they pass through the network. The VLAN ID is then used to enable switching and routing engines to make the appropriate decisions as defined in the VLAN configuration.</p> <h2>Why Use VLANs</h2> <p>Traditional network designs use routers to create broadcast domains and limit broadcasts between multiple subnets. This prevents broadcast floods in larger networks from consuming resources, or causing unintentional denials of service unnecessarily. Unfortunately, the traditional network design methodology has some flaws in design</p> <ul><li>Geographic Focus - Traditional network designs focus on physical locations of equipment and personnel for addressing and LAN segment placement. Because of this there are a few significant drawbacks:</li><li>Network segments for physically disjointed organizations cannot be part of the same address space. Each physical location must be addressed independently, and be part of its own broadcast domain. This can force personnel to be located in a central location, or to have additional latency or connectivity shortfalls.</li><li>Relocations of personnel and departments can become difficult, especially if the original location retains its network segments. Relocated equipment will have to be reconfigured based on the new network configuration.</li></ul> <p>A VLAN solution can alleviate both of these drawbacks by permitting the same broadcast domain to extend beyond a single segment.</p> <ul><li>Additional Bandwidth Usage - Traditional network designs require additional bandwidth because packets have to pass through multiple levels of network connectivity because the network is segmented.</li></ul> <p>A proper VLAN design can ensure that only devices that have that VLAN defined on it will receive and forward packets intended as source or destination of the network flow.</p> <h2>Types of VLAN</h2> <p>There are only two types of VLAN possible today, cell-based VLANs and frame-based VLANs.</p> <ul><li>Cell-based VLANs are used in ATM switched networks with LAN Emulation (or LANE). LANE is used to allow hosts on legacy LAN segments to communicate using ATM networks without having to use special hardware or software modification.</li><li>Frame-based VLANs are used in ethernet networks with frame tagging. The two primary types of frame tagging are IEEE 802.10 and ISL (Inter Switch Link is a Cisco proprietary frame-tagging). Keep in mind that the 802.10 standard makes it possible to deploy VLANs with 802.3(Ethernet), 802.5(Token-Ring), and FDDI, but ethernet is most common.</li></ul> <h2>VLAN modes</h2> <p>There are three different modes in which a VLAN can be configured. These modes are covered below:</p> <ul><li>VLAN Switching Mode - The VLAN forms a switching bridge in which frames are forwarded unmodified.</li><li>VLAN Translation Mode - VLAN translation mode is used when the frame tagging method is changed in the network path, or if the frame traverses from a VLAN group to a legacy or native interface which is not configured in a VLAN. When the packet is to pass into a native interface, the VLAN tag is removed so that the packet can properly enter the native interface.</li><li>VLAN Routing Mode - When a packet is routed from one VLAN to a different VLAN, you use VLAN routing mode. The packet is modified, usually by a router, which places its own MAC address as the source, and then changes the VLAN ID of the packet.</li></ul> <h2>VLAN configurations</h2> <p>Different terminology is used between different hardware manufacturers when it comes to VLANs. Because of this there is often confusion at implementation time. Following are a few details, and some examples to assist you in defining your VLANs so confusion is not an issue.</p> <h3>Cisco VLAN terminology</h3> <p>You need a few details to define a VLAN on most Cisco equipment. Unfortunately, because Cisco sometimes acquires the technologies they use to fill their switching, routing and security product lines, naming conventions are not always consistent. For this article, we are focusing only one Cisco switching and routing product lines running Cisco IOS.</p> <ul><li>VLAN ID - The VLAN ID is a unique value you assign to each VLAN on a single device. With a Cisco routing or switching device running IOS, your range is from 1-4096. When you define a VLAN you usually use the syntax "vlan x" where x is the number you would like to assign to the VLAN ID. VLAN 1 is reserved as an administrative VLAN. If VLAN technologies are enabled, all ports are a member of VLAN 1 by default.</li><li>VLAN Name - The VLAN name is an text based name you use to identify your VLAN, perhaps to help technical staff in understanding its function. The string you use can be between 1 and 32 characters in length.</li><li>Private VLAN - You also define if the VLAN is to be a private vlan in the VLAN definition, and what other VLAN might be associated with it in the definition section. When you configure a Cisco VLAN as a private-vlan, this means that ports that are members of the VLAN cannot communicate directly with each other by default. Normally all ports which are members of a VLAN can communicate directly with each other just as they would be able to would they have been a member of a standard network segment. Private vlans are created to enhance the security on a network where hosts coexisting on the network cannot or should not trust each other. This is a common practice to use on web farms or in other high risk environments where communication between hosts on the same subnet are not necessary. Check your Cisco documentation if you have questions about how to configure and deploy private VLANs.</li><li> VLAN modes - in Cisco IOS, there are only two modes an interface can operate in, "mode access" and "mode trunk". Access mode is for end devices or devices that will not require multiple VLANs. Trunk mode is used for passing multiple VLANs to other network devices, or for end devices that need to have membership to multiple VLANs at once. If you are wondering what mode to use, the mode is probably "mode access".</li></ul> <h3>Cisco VLAN implementations</h3> <b>VLAN Definition</b> <p>To define a VLAN on a cisco device, you need a VLAN ID, a VLAN name, ports you would like to participate in the VLAN, and the type of membership the port will have with the VLAN.</p> <ul><li>Step 1 - Log into the router or switch in question and get into enable mode.</li><li>Step 2 - Get into configuration mode using "conf t". </li><li>Step 3 - Create your VLAN by entering "vlan X" where X is the ID you would like to assign the VLAN.</li><li>Step 4 - Name your VLAN by entering "name <vlan>". Replace <vlan> with the string you would like to identify your VLAN by.</li><li>Step 5 - If you want your new VLAN to be a private-vlan, you now enter "private-vlan primary" and "private-vlan association Y" where Y is the secondary VLAN you want to associate with the primary vlan. If you would like the private VLAN to be community based, you enter "private-vlan community" instead.</li><li>Step 6 - Exit configuration mode by entering "end".</li><li>Step 7 - Save your configuration to memory by entering "wr mem" and to the network if you have need using "wr net". You may have to supply additional information to write configurations to the network depending on your device configuration.</li></ul> <b>VLAN Configuration</b> <p>A VLAN isn't much use if you haven't assigned it an IP Address, the subnet netmask, and port membership. In normal network segment configurations on routers, individual interfaces or groups of interfaces (called channels) are assigned IP addresses. When you use VLANs, individual interfaces are members of VLANs and do not have individual IP addresses, and generally don't have access lists applied to them. Those features are usually reserved for the VLAN interfaces. The following steps detail one method of creating and configuring your VLAN interface. NOTE: These steps have already assumed that you have logged into the router, gotten into enable mode, and entered configuration mode. These specific examples are based on the Cisco 6500 series devices.</p> <ul><li>Step 1 - Enter "Interface VlanX" where X is the VLAN ID you used in the VLAN definition above.</li><li>Step 2 - This step is optional. Enter "description <vlan description="">" where VLAN description details what the VLAN is going to be used for. You can just simply re-use the VLAN name you used above if you like.</vlan></li><li>Step 3 - Enter "ip address <address> <netmask>" where <address> is the address you want to assign this device in the VLAN, and <netmask> is the network mask for the subnet you have assigned the VLAN.</li><li>Step 4 - The step is optional. Create and apply an access list to the VLAN for inbound and outbound access controls. For a standard access list enter "access-group XXX in" and "access-group YYY out" where XXX and YYY corresponds to access-lists you have previously configured. Remember that the terms are taken in respect to the specific subnet or interface, so "in" means from the VLAN INTO the router, and "out" means from the router OUT to the VLAN.</li><li>Step 5 - This step is optional. Enter the private VLAN mapping you would like to use if the port is part of a private VLAN. This should be the same secondary VLAN you associated with the primary VLAN in VLAN definition above. Enter "private-vlan mapping XX" where XX is the VLAN ID of the secondary VLAN you would like to associate with this VLAN.</li><li>Step 6 - This step is optional. Configure HSRP and any other basic interface configurations you would normally use for your Cisco device.</li><li>Step 7 - Exit configuration mode by entering "end".</li><li>Step 8 - Save your configuration to memory by entering "wr mem" and to the network if you have need using "wr net". You may have to supply additional information to write configurations to the network depending on your device configuration.</li></ul> <p>Now you have your vlan defined and configured, but no physical ports are a member of the VLAN, so the VLAN still isn't of much use. Next port membership in the VLAN is described. IOS devices describe interfaces based on a technology and a port number, as with "FastEthernet3/1" or "GigabitEthernet8/16". Once you have determined which physical ports you want to be members of the VLAN you can use the following steps to configure it. NOTE: These steps have already assumed that you have logged into the router, gotten into enable mode, and entered configuration mode.</p> <b>For access ports</b> <ul><li>Step 1 - Enter "Interface <interface>" where <interface> is the name Cisco has assigned the interface you would like to associate with the VLAN.</li><li>Step 2 - This step is optional. Enter "description <interface>" where <interface> is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.</li><li>Step 3 - This step depends on your equipment and IOS version, and requirements. Enter "switchport" if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don't know the difference between a router port and a switch port.</li><li>Step 4 - Only use this step if you used step 3 above. Enter "switchport access vlan X" where X is the VLAN ID of the VLAN you want the port to be a member of.</li><li>Step 5 - Only use this step if you used step 3 above. Enter "switchport mode access" to tell the port that you want it to be used as an access port.</li><li>Step 6 - Exit configuration mode by entering "end".</li><li>Step 7 - Save your configuration to memory by entering "wr mem" and to the network if you have need using "wr net". You may have to supply additional information to write configurations to the network depending on your device configuration.</li></ul> <b>For trunk ports</b> <ul><li>Step 1 - Enter "Interface <interface>" where <interface> is the name Cisco has assigned the interface you would like to associate with the VLAN.</li><li>Step 2 - This step is optional. Enter "description <interface>" where <interface> is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.</li><li>Step 3 - This step depends on your equipment and IOS version, and requirements. Enter "switchport" if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don't know the difference between a router port and a switch port.</li><li>Step 4 - Only use this step if you used step 3 above. Enter "switchport trunk encapsulation dot1q". This tells the VLAN to use dot1q encapsulation for the VLAN, which is the industry standard encapsulation for trunking. There are other encapsulation options, but your equipment may not operate with non Cisco equipment if you use them.</li><li>Step 5 - Only use this step if you used step 3 above. Enter "switchport trunk allowed vlan XX, YY, ZZ" where XX, YY, and ZZ are VLANs you want the trunk to include. You can define one or more VLANs to be allowed in the trunk.</li><li>Step 6 - Only use this step if you used step 3 above. Enter "switchport mode trunk" to tell the port to operate as a VLAN trunk, and not as an access port.</li><li>Step 7 - Exit configuration mode by entering "end".</li><li>Step 8 - Save your configuration to memory by entering "wr mem" and to the network if you have need using "wr net". You may have to supply additional information to write configurations to the network depending on your device configuration.</li></ul> <b>For private VLAN ports</b> <ul><li>Step 1 - Enter "Interface <interface>" where <interface> is the name Cisco has assigned the interface you would like to associate with the VLAN.</li><li>Step 2 - This step is optional. Enter "description <interface>" where <interface> is text describing the system connected to the interface in question. It is usually helpful to provide DNS hostname, IP Address, which port on the remote system is connected, and its function.</li><li>Step 3 - This step depends on your equipment and IOS version, and requirements. Enter "switchport" if you need the interface to act as a switch port. Some hardware does not support switchport mode, and can only be used as a router port. Check your documentation if you don't know the difference between a router port and a switch port.</li><li>Step 4 - Enter "switchport private-vlan host association XX YY" where XX is the primary VLAN you want to assign, YY is the secondary VLAN you want to associate with it.</li><li>Step 5 - Enter "switchport mode private-vlan host" to force the port to operate as a private-vlan in host mode.</li><li>Step 6 - Exit configuration mode by entering "end".</li><li>Step 7 - Save your configuration to memory by entering "wr mem" and to the network if you have need using "wr net". You may have to supply additional information to write configurations to the network depending on your device configuration.</li></ul> <p>You should now have your VLAN properly implemented on a Cisco IOS device.</p> <h3>HP VLAN terminology</h3> <p><a itxtdid="5827986" target="_blank" href="http://www.tech-faq.com/vlan.shtml#" style="border-bottom: 0.1em solid darkgreen ! important; text-decoration: underline ! important; font-weight: normal ! important; padding-bottom: 1px ! important; color: darkgreen ! important; background-color: transparent ! important;" classname="iAs" class="iAs">HP's</a> Procurve line of switchgear is becoming more and more prevalent in enterprise and other business environments. Because of this, it isn't uncommon to have to get Cisco and Procurve hardware to integrate, and because of terminology this can be a challenge. Below some of the VLAN terminology is defined so there is less opportunity for confusion.</p> <ul><li>VLAN ID - Fortunately, VLAN id's are pretty much the same everywhere, the only significant differences are the range of IDs that can be used. With Procurve devices, the number of VLANs is defined in the configuration. The default maximum VLANs supported on a Procurve device differs between models and firmware revisions, but is commonly set to 8. Newer Procurve hardware supports 4,096 VLAN ids, but only 256 concurrently defined VLANs on a single device. VLAN ID 1 is reserved for the "DEFAULT_VLAN" or the default administrative VLAN.</li><li>VLAN names - VLAN names are text fields that assist technicians to identify VLANs. Procurve allows names up to 32 characters, but if you want it to properly display in menu configuration mode, you should probably limit the name to 12 characters.</li><li>VLAN modes - Procurve has three modes of operation for VLANs on the chassis, Untagged, Tagged, and No. Untagged mode is cisco's access mode. This mode is used for ports that connect to end nodes, or devices that will not be passing VLAN traffic forward. Tagged mode is the same as Cisco's trunk mode. This mode is used for ports that are connecting to devices that will be passing VLAN traffic forward, or for trunking multiple VLANs. No mode means that the port in question has no association whatsoever with that VLAN.</li><li>Special note on "trunk" - Lots of confusion surrounds the word "trunk" when you go between vendor equipment. In Cisco's case, trunking is only used with VLANs. If you want to group multiple ethernet ports into a single logical ethernet group, they call it a channel-group. This is regardless of whether FEC or LACP is used for the channel properties. Procurve uses "trunk" to define a group of ethernet ports when using the HP trunking protocol, and the term "Tagged" for what Cisco calls a VLAN trunk. Of course, these two technologies have nothing to do with each other, but because of naming conventions, confusion arises.</li></ul> <h3>HP Procurve VLAN implementations</h3> <b>VLAN Definition</b> <p>Most modern Procurve switches enable VLAN use by default, but if, for some reason, you have an older model, log into the switch, get into manager mode, go to the switch configuration menu (usually item 2), then the VLAN menu (usually item 8), then the VLAN support item (usually item 1), and make sure VLANs are enabled. If you change this setting, you will need to reboot the switch to get it to activate properly. The configuration menu is useful for these kinds of activities, troubleshooting, and other things, but is a little more difficult for configuring multiple switches or for using configuration templates, so the rest of the HP Procurve configuration details will be provided for the console configuration mode. Aside for enabling VLAN support as a whole, VLAN definitions and configuration are created in the same place, so the rest of the configuration examples will be provided under the VLAN configuration topic.</p> <b>VLAN Configuration</b> <p>Configuring VLANs on a modern Procurve is pretty simple, you must first define the VLAN, set its properties, and then set up membership for ports and the VLAN mode they will support. The following list should help you accomplish these tasks. NOTE: HP has defined its interface ports by using a module/port convention. If you have a non-modular chassis (such as the 3448cl) then ports are numbered only using numbers, such as 1 or 36. If the chassis is modular (such as the 5308) then the ports number is prepended with the module slot, such as A1 or H6. No reference to the type of switch port (ethernet, fast ethernet, gigabit ethernet) is used for port reference.</p> <ul><li>Step 1 - Log into the switch and get into manager mode. If, after logging in, you are in the configuration menu, exit the configuration menu by selecting item 5 (in most cases) or by using the arrow keys on your keyboard to highlight the "Command Line (CLI)" item.</li><li>Step 2 - Enter "conf t" to get into terminal configuration mode.</li><li>Step 3 - Enter "vlan X" where X is the VLAN id of the VLAN you would like to create.</li><li>Step 4 - Name your VLAN by entering "name "<vlan>"" where <vlan> is a text string from 1 to 32 characters (12 characters if you care about the configuration menu display). You should use quotes when naming the VLAN.</li><li>Step 5 - Give the VLAN an IP address by entering "ip address <ip> <netmask>" where <ip> is the IP address you want to assign this switch in that subnet, and <netmask> is the network mask for the subnet assigned.</li><li>Step 6 - This step is optional. If you want to assign some end node ports to the VLAN enter "untagged <port-list>" where <port-list> is a list of ports either comma delimited if they are non-sequential, or using a dash between list beginning and end if they are. An example of this is "untagged 1,3,5,7-16". This would configure ports 1, 3, 5, and 7 through 16 to be untagged on that VLAN.</li><li>Step 7 - This step is optional. If you want to assign some VLAN trunk ports to the VLAN enter "tagged <port-list>" where <port-list> is a list of ports either comma delimited if they are non-sequential, or using a dash between list beginning and end if they are. An example of this is "untagged 1,3,5,7-16". This would configure ports 1, 3, 5, and 7 through 16 to be untagged on that VLAN.</li><li>Step 8 - Enter "exit" to leave VLAN configuration mode.</li><li>Step 9 - Exit configuration mode by entering "exit" again.</li><li>Step 10 - Save your configuration by entering "wr memory".</li></ul> <p>You have now successfully configured your HP Procurve VLAN.</p> <h3>Vendor Summary</h3> <p>If you are going to integrate Cisco and HP Procurve hardware on the same network, and you intend to use VLANs there are only a few things you need to remember:</p> <ul><li>For end nodes - Cisco uses "mode access", HP uses "untagged" mode.</li><li>For VLAN dot1q trunks - Cisco uses "mode trunk", HP uses "tagged" mode.</li><li>For no VLAN association - Cisco uses no notation at all, HP uses "no" mode in the configuration menu, or you have VLAN support turned off.</li></ul> <p>Next time you have to integrate the two with VLANs, this simple list should help keep you out of trouble.</p><br /><p>Source: http://www.tech-faq.com/vlan.shtml<br /></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/4650800593925871709-1017133897310735577?l=inetshoot.blogspot.com' alt='' /></div>Harijanto Pribadihttp://www.blogger.com/profile/16396028104729390804noreply@blogger.com0tag:blogger.com,1999:blog-4650800593925871709.post-53136082829378889042008-05-02T23:05:00.004+07:002008-05-02T23:08:10.294+07:00Mengatasi postfix/postdrop[xxxxx]: warning: unable to look up public/pickup: Permission denied<span style="font-weight: bold;">Hari ini ada masalah di smtp2 sbb:</span><br /><br />root@proxy02-smg [/var/spool/postfix]# tail -f /var/log/maillog<br />May 2 21:52:31 proxy02-smg postfix/postdrop[30924]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:31 proxy02-smg postfix/postdrop[31054]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:33 proxy02-smg postfix/postdrop[31410]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31091]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31062]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31245]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31255]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31391]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:34 proxy02-smg postfix/postdrop[31087]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:35 proxy02-smg postfix/postdrop[31094]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:37 proxy02-smg postfix/postdrop[31056]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:37 proxy02-smg postfix/postdrop[31408]: warning: unable to look up public/pickup: Permission denied<br />May 2 21:52:38 proxy02-smg postfix/postdrop[31257]: warning: unable to look up public/pickup: Permission denied<br /><br /><span style="font-weight: bold;">Dari googling petunjuk yang didapat adalah</span><br /><br />root@proxy02-smg [~]# postfix check<br />root@proxy02-smg [~]# chgrp -R postdrop /var/spool/postfix/public/<br />root@proxy02-smg [~]# chgrp -R postdrop /var/spool/postfix/maildrop/<br />root@proxy02-smg [~]# postfix check<br /><br /><span