Join MultiplyOpen a Free ShopSign InHelp
MultiplyLogo
SEARCH

Orang ke 3-milyar-12 yang ikutan nge-blog

Home.: Faisal Reza : Welcome NettersNov 9, 2006
dear all..

salam knal deh semuanya, buat yang buka halaman blog ini,
FYI, sebenernya gw paling ngak bisa nulis,
merangkai kata2 dan bercuap2 pake kata-kata dalam tulisan,.. hehehee..
tapi gw mau tetep coba untuk nulis sebisa gw, mengenai apa aja lah ya,
so... keep on reading n give ur comment!
View Profile

Blog EntryJan 10, '11 8:39 AM
for everyone
[compile & configure opts]

CHOST="i686-pc-linux-gnu" \
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer" \

./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=16 --with-aufs-threads=16 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

[squid.conf]
# ==============================$
#  squid2-head dynamic caching
#  faisal reza - jan 2011
# ==============================$

# Port Configuration
http_port 3128 transparent
#icp_port 3130
icp_port 0
htcp_port 0
snmp_port 0

# Logfile & Directory Location
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
pid_filename /var/run/squid.pid
logfile_rotate 2

#DNS Lookup
#dns_nameservers 127.0.0.1

# Tuning Memory Parameters
max_filedescriptors 4096
cache_mem 16 MB
maximum_object_size_in_memory 768 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 bytes
maximum_object_size 320 MB
offline_mode off
memory_pools off
cache_swap_low 96
cache_swap_high 97

# Cache Storage Locations
cache_dir aufs /cache/dir01 10240 32 256
cache_dir aufs /cache/dir02 10240 32 256
cache_dir aufs /cache/dir03 10240 32 256

# Default ACL
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# ACL Acces
acl lan src 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

# Always allow localhost connections
http_access allow localhost
http_access allow lan
http_access deny all

# Include Rewrite & Refresh Pattern configuration
include /etc/squid/rewrite.conf
include /etc/squid/refresh.conf

# Misc
server_http11 on
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 2 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
#store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
uri_whitespace strip
shutdown_lifetime 7 seconds

# User Management
cache_effective_user proxy
cache_effective_group proxy
#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
visible_hostname www.medanexchange.net
cache_mgr medanexchange.net

# High Anonymous Config
header_access Accept-Encoding deny  all
forwarded_for off
via off

# Zero Penalty Hit
zph_mode tos
zph_local 0x30
#zph_parent 0
#zph_option 136

[rewrite.conf]
# rewrite.conf
# don't forget to included in squid.conf

storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 10

acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all
header_access X-Forwarded-For deny all

[refresh.conf]
# refresh.conf
# don't forget to included in squid.conf

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv  0 0% 0    override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280     90%     161280 ignore-reload  store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    129600 99% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    129600 99% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern \.(ico|video-stats) 129600 99% 129600   override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\?                                     129600 99% 129600       override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz)                         129600 99% 129600       override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\?                            129600 99% 129600       override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\?                                    129600 99% 129600       override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google  129600 99% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 99% 129600 override-expire ignore-reload   ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg                               129600 99% 129600       override-expire ignore-reload   store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif)            129600 99% 129600       override-expire ignore-reload   store-stale
refresh_pattern garena\.com                                     129600 99% 129600       override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)  129600 99% 129600       override-expire ignore-reload   store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?             129600 99% 129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    129600 99% 129600 reload-into-ims override-expire ignore-private    store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      129600 99% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/           129600 99% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

# Antivirus Update
refresh_pattern guru.avg.com/.*\.(bin)                                  43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$                               43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern kaspersky         43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                        43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     43200 99% 43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

# Windows Update
refresh_pattern windowsupdate.com/.*\.(cab|exe)                         43200  99%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe)                      43200  99%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe)                    43200  99%  129600 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

# Images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)       129600 99% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                 129600 99% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                 129600 99% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)        129600 99% 129600 ignore-reload  override-expire ignore-no-cache ignore-no-store store-stale

# Banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/             43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/                43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)          43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/                  43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)         43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)    43200 99% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

# OpenIXP Download
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale ignore-auth

# All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)   129600 99% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))       129600 99% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)  129600 99% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 129600 99% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))        129600 99% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern ^ftp:           10080   95%     43200 override-lastmod reload-into-ims store-stale
refresh_pattern .             180     95% 43200 override-lastmod reload-into-ims store-stale

[sysctl.conf]
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 4 4 1 7

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
#net.ipv4.icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1

# Custom Tuning
fs.file-max=65536
#net.netfilter.nf_conntrack_acct=1
#kernel.domainname = cafe-netter.com
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216

#net.ipv4.ip_nonlocal_bind=1
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65536
#net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

[/etc/fstab]
noatime,data=writeback
Tags: , , ,
1 comment

Blog EntrySep 4, '09 10:15 PM
for everyone
http://www.4shared.com/dir/7819417/f5f7fc64/BOOTABLE.html
Tags:
0 comments

Photo AlbumLinuxJun 27, '09 8:55 PM
for everyone
ddd
dThumbnaild
ddd
membangun switch manageable menggunakan linux
Tags:
0 comments

Blog EntryJun 26, '09 7:43 PM
for everyone
deb http://ppa.launchpad.net/globalmenu-team/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/globalmenu-team/ppa/ubuntu jaunty main
deb http://ppa.launchpad.net/awn-testing/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/awn-testing/ppa/ubuntu jaunty main
deb http://repository.cairo-dock.org/ubuntu jaunty cairo-dock #Cairo Dock
deb http://ppa.launchpad.net/blueman/ppa/ubuntu jaunty main #blueman
deb http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu jaunty main
deb http://ppa.launchpad.net/moovida-packagers/ppa/ubuntu jaunty main

cara update gpg key
gpg --keyserver keyserver.ubuntu.com --recv 26C2E075 && \
gpg --export --armor 26C2E075 | sudo apt-key add - && \
sudo apt-get update

Tags:
1 comment

Blog EntryJun 25, '09 10:01 PM
for everyone

Now the bridge-utils and vlan packages provide hooks into the ifup and ifdown commands so you can simply do

auto br-vlan4
iface br-vlan4 inet static
    address 10.38.38.1
    netmask 255.255.255.0
    network 10.38.38.0
    broadcast 10.38.38.255
    vlan-raw-device eth1
    bridge_ports vlan4
    bridge_maxwait 0
    bridge_fd 0
    bridge_stp off

Which will automagically

  • Bring up eth1
  • Create vlan4 bound to the eth1 interface
  • Bring up vlan4
  • Create the br0 with vlan4 attached
  • Give eth1 the same HW address as br0
  • Bring up br0 with the IP address
Tags: , ,
0 comments

Blog EntryJun 22, '09 7:07 AM
for everyone

Pendahuluan

Split DNS merupakan suatu metode yang memungkinkan DNS server untuk memberikan jawaban yang berbeda pada client yang berbeda untuk sebuah pertanyaan yang sama. Alasan yang banyak mendasari metode ini adalah memungkinkannya pemberian nama DNS untuk komputer-komputer yang berada pada jaringan lokal pada satu DNS server tanpa harus terresolve dari dunia luar.

Cara membedakannya adalah dengan membuat beberapa view dan mendaftarkan alamat network yang bersesuaian dengan view tersebut. Masing-masing view mempunyai definisi DNS zone sendiri, dan data dari zone itulah yang digunakan untuk menjawab query client.

Versi bind yang digunakan adalah 9.2.4(debian package) dan Debian 3.1 Sarge.

Skenario Kasus

KUD "Suka Maju" mempunyai beberapa komputer dengan IP publik, dan beberapa komputer lain dalam jaringan lokal. Domain yang harus bisa diresolve dari jaringan internet adalah www.kud-sukamaju.com, mail.kud-sukamaju.com, dan ns.kud-sukamaju.com. Kemudian beberapa domain yang digunakan untuk keperluan internal adalah kepala.kud-sukamaju.com, sekretaris.kud-sukamaju.com, dan db.kud-sukamaju.com.

Instalasi BIND

Instalasi bind9 pada debian mudah saja, yaitu dengan menggunakan apt-get.

Bila anda menggunakan distro lain install saja dari CD installernya, atau mungkin dengan mendownload source code dari ftp://ftp.isc.org/isc/bind9/.

root:~# apt-get install bind9

Konfigurasi named.conf

Konfigurasi zone file sama dengan konfigurasi pada umumnya, tanpa ada perbedaan sedikit pun. Implementasi split DNS ini hanya membutuhkan sedikit konfigurasi pada named.conf. Perlu kembali diingat bahwa masing-masing view tidak dapat berbagi zone. Walaupun semuah zone mempunyai data yang sama untuk kedua view, kita tetap harus menyebutkan definisi zone tersebut dalam semua view yang ada.

Pertama kita harus memisahkan network mana saja yang boleh meresolve domain internal, kemudian kita kelompokkan pada view yang bersesuaian. Kita akan membuat dua buah view, yakni eksternal dan internal. View eksternal memuat data yang bisa dilihat oleh seluruh dunia, dan view internal memuat data yang dapat dilihat dari jaringan internal KUD Suka Maju.

Daftar alamat IP dan domain yang dimiliki oleh KUD:

  • Nama domain: kud-sukamaju.com.
  • www: 12.2.1.10
  • mail: 12.2.1.11
  • ns: 12.2.1.12
  • kepala: 192.168.1.5
  • sekretaris: 192.168.1.6
  • db: 192.168.1.7

Alamat-alamat di atas kita kelompokkan menjadi dua view:

  1. view eksternal: www, mail, ns - dapat diresolve oleh semua client internet(0.0.0.0/0).
  2. view Internal: semua yang ada di eksternal ditambah kepala, sekretaris, dan db - hanya dapat diresolve oleh jaringan milik KUD Suka Maju(192.168.1.0/24, 12.2.1.0/29).

Contoh konfigurasi pada file named.conf:

view "internal" {
	match-clients {
		192.168.1.0/24;
		12.2.1.0/29;
	};
	
	zone "." {
		type hint;
		file "/etc/bind/db.root";
	};
	
	zone "kud-sukamaju.com" {
		type master;
		file "/etc/bind/kud-sukamaju.com.int";
	};
};

view "eksternal" {
	match-clients {
		0.0.0.0/0;
	};

	zone "." {
		type hint;
		file "/etc/bind/db.root";
	};

	zone "kud-sukamaju.com" {
		type master;
		file "/etc/bind/kud-sukamaju.com.eks";
	};
};

Satu hal yang perlu diingat adalah saat ada query dari client, maka bind akan mencoba mencocokkan IP penanya dengan view(s) yang ada di dalamnya secara berurutan dari atas ke bawah. Oleh karena itu view yang mengandung network 0.0.0.0 harus dituliskan setelah view yang lainnya.

Konfigurasi zone file

Zone file yang kita buat pertama kali adalah yang digunakan untuk view "eksternal". Kemudian setelah itu kita dapat membuat sebuah file lagi untuk view "internal" yang isinya juga menyertakan file eksternal dengan menggunakan $INCLUDE.

File /etc/bind/kud-sukamaju.com.eks:

@	IN	SOA	ns.kud-sukamaju.com. admin.kud-sukamaju.com. (
			23 7200 3600 604800 86400
		)
		IN	NS		ns.kud-sukamaju.com.
		IN	MX	1	mail.kud-sukamaju.com.
		IN	A		12.2.1.10

$ORIGIN kud-sukamaju.com.
www		IN	A	12.2.1.10
mail		IN	A	12.2.1.11
ns		IN	A	12.2.1.12

Kemudian file /etc/bind/kud-sukamaju.com.int:

$INCLUDE "/etc/bind/kud-sukamaju.com.eks"
kepala		IN	A	192.168.1.5
sekretaris	IN	A	192.168.1.6
db		IN	A	192.168.1.7

Dengan cara itu maka semua definisi yang berlaku untuk view eksternal berlaku juga untuk view internal. Selain dengan cara itu pembuatan file zone secara total juga bisa dilakukan. Dengan konsep yang sama kita juga bisa membuat sebuah domain yang berIP a.b.c.d bila dilihat dari jaringan x, namun berIP q.w.e.r bila dilihat dari jaringan y.

Selamat mencoba, semoga sukses!

Referensi

  1. Bind 9 Advanced Reference Manual
  2. Google
  3. http://sokam.or.id/artikel/bind-splitdns.html
0 comments

Blog EntryJun 14, '09 6:04 AM
for everyone
Ada kalanya saat menginstall server, kita membutuhkan juga fitur2 GUI, misalnya saat kita menginginkan server menjadi Billing Hotspot, atau radius controller yang berbasis web.

namun, menginstall keseluruhan desktop berarti akan sangat memakan resource, apalagi jika mesin yang kita punyai termasuk kategori Low End.Orang ke 3-milyar-12 yang ikutan nge-blog

maka dari itu kita siasati saja dengan menginstall desktop seperlunya.
Asumsi disini bahwa ubuntu server sudah terinstal dengan baik.

kemudian install paket-paket berikut
apt-get install xorg gnome-core gdm gnome-applets gnome-system-tools gnome-utils ubuntu-artwork compiz-gnome firefox sysv-rc-conf

lakukan dengan sudo, atau login sebagai root.

nah, sekarang gnome minimal dan bebrapa aplikasi seperti firefox, sudah terinstal deh, dan akan jalan secara default, saat sistem ubuntu dinyalakan,
untuk menonaktifkan mode running gnome secara otomatis

#sysv-rc-conf

cari opsi 'gdm' dan hilangkan tanda centang pada init 2 dan init 3
jika ingin masuk ke x-windows, gunakan perintah,
#startx

smoga bermanfaat
Tags: , , ,
0 comments

Blog EntryDec 8, '08 7:15 PM
for everyone

#!/bin/sh
# speedy-reconnect.sh | Faisal Reza, Dec 2008

IFACE=ppp0
DOWN=poff
UP="pon dsl-provider"
LOG=/var/log/speedy-reconnect.log

PTP=`ifconfig $IFACE 2>&1|grep P-t-P|cut -d : -f 3|cut -d " " -f 1`
RECV=`ping -c 1 $PTP 2>&1|grep received|cut -d , -f 2|cut -d " " -f 2`

if [ "$RECV" != "1" ]
then
echo ----- >>$LOG
date>>$LOG
$DOWN >>$LOG 2>&1
$UP >>$LOG 2>&1

# update dns
ddclient >>$LOG
fi

script ini akan melakukan ping terhadap point-2-point koneksi adsl (gateway) kemudian akan menuliskan LOG ke file /var/log/speedy-reconect.log

jika ping gagal, maka akan melakukan redial ke dsl-provider

taruh file di /usr/sbin dan perbolehkan file untuk dieksekusi
#chmod +x /usr/sbin/speedy-reconnect.sh

dan kemudian perintahkan crontab untuk jalan setiap 1 menit
#crontab -e
u know how lah ya

untuk linux lainnya (Slackware) ganti perintah pon dsl-provider dengan pppoe-start dan poff dengan pppoe-stop

thanks to at_he[]hotmail.com
Tags: , , , ,
0 comments

Blog EntryNov 11, '08 12:54 AM
for everyone
Indokom Sudirman

0281 621700

Planet Computer 

0281 5758350

ayo sumbang lainnya :D

Tags: ,
3 comments

Blog EntryNov 6, '08 4:39 PM
for everyone
Bagi kita yang sering melakukan instalasi / updating OS ataupun software di linux akan selalu membaca server di internet. Ini akan menjadi kendala tatkala tidak ada koneksi internet padahal sedang dibutuhkan.

Terlebih bagi sebuah institusi akan menjadi masalah apabila banyak komputer client memakai OS yang sama dan melakukan updating semua, maka bandwidth internet akan sangat kewalahan.

Salah satu solusinya ini dapat diatasi dengan membuat lokal mirror terhadat website OSnya.

Dalam artikel berikut akan dibahas membuat mirror menggunakan RSYNC pada OS Centos 5.1

Tahapan yang dilakukan yaitu :

  1. Tentukan distro linux yang akan dibuat mirrornya
    Dalam latihan ini akan dibuat mirror dari centos dan ubuntu.
     
  2. Tentukan alamat mirror terdekat, misalnya di Indonesia maka dicari alamat mirror terdekat yang berada di Indonesia.
    Untuk centos alamat aslinya yaitu : http://www.centos.org/modules/tinycontent/index.php?id=13
    Untuk ubuntu daftar mirrornya bisa dilihat di https://launchpad.net/ubuntu/+archivemirrors  atau untuk CD imagenya di https://launchpad.net/ubuntu/+cdmirrors

    Dari daftar diatas tidak ada mirror di Indonesia, sebenarnya ada di www.vlsm.org  yang merupakan mirrornya opensource di Indonesia. vlsm.org pun juga di mirror oleh beberapa perguruan tinggi di Indonesia, seperti UI, ITS, dll

  3. Lihat daftar isi dari server mirror# rsync kambing.ui.edu:: 

    KAMBING.UI.EDU ------------- a.k.a KAMBING.vLSM.ORG
    ===================================================
    For more information,    contact:
    Untuk keterangan lanjut, hubungi: 

    	kontak<@T>kambing.ui.edu

    laporkan alamat IP anda; jika mendapatkan pesan:
    	"@ERROR: access denied"

    vLSM.org  menghaturkan  banyak  terimakasih  kepada
    Universitas  Indonesia  yang  berkenan  mensponsori
    situs ini.  Tabe!!

    PS: And yes, F*CK YOU Josip Rodin!

    ===================================================
    $Revision: 1.4 $ ---- $Date: 2007/04/25 11:55:47 $

    blankon        	BlankOn
    blankon-iso    	BlankOn ISO Images
    centos         	Centos - Community ENTerprise OS
    de2            	De2 (DeDe) -- Distribusi Debian Rajikan Depok
    apache         	Arsip Apache
    bebas          	Dokumen Bebas
    CPAN           	Arsip CPAN
    CRAN           	Arsip CRAN
    CTAN           	Arsip CTAN
    cygwin         	Arsip Cygwin
    debian         	Debian GNU/Linux Archive especially for i386
    debian-backports	Debian Backports
    debian-security	Debian GNU/Linux Security Patches
    debian-volatile	Debian GNU/Linux Frequently Updated Packages
    debian-cd      	Debian GNU/Linux CD-ROM image for i386
    debian-unofficial	Debian Unofficial
    debian-local   	Debian Local
    eclipse        	Eclipse
    fedora         	Fedora
    gentoo         	Gentoo Dist
    gentoo-portage 	Gentoo Portage
    gnome          	Arsip Gnome
    gnu            	GNU Archive -- Arsip seluruh perangkat GNU
    gnuwww         	GNU Web Mirror
    ign            	IGOS Nusantara
    exim           	Arsip Exim
    eximwww        	Arsip Eximwww
    ictwatch       	ICTWatch
    kde            	Arsip KDE
    linux          	Kernel Linux
    mandriva       	Mandriva
    mozilla        	Arsip Mozilla
    mysql          	Arsip Mysql
    openoffice     	OpenOffice.org
    opensuse       	OpenSUSE
    opensuse-guru  	Guru's RPM Site -- 3rd Party OpenSUSE Repository
    opensuse-packman	Packman -- 3rd Party OpenSUSE Repository
    pclinuxos      	PC Linux OS
    postgresql     	Postgresql
    slackware      	Slackware
    ubuntu         	Ubuntu Linux
    zenwalk        	Zenwalk
    RI             	Kumpulan Undang-undang, PP, dst.
    tldp           	The Linux Document Project
    DLL            	Dan Lain Lain -- Whatever else...
    debianwww      	Debian GNU/Linux Local Website
    vlsm           	vLSM.org mirrors
    bse            	Buku Sekolah Elektronik DIKNAS
    pub            	pub
  4. Pastikan lokasi atau folder yang akan di lakukan mirror, misalnya centos dan ubuntu saja# rsync kambing.ui.edu::centos
     
  5. Tentukan folder dimana mirror akan dibuat, misalnya /home/mirror

  6. Buat daftar folder yang tidak diikutkan dalam mirror
    Ini terkait ukuran disk yang tersedia dan versi dari distro yang diinginkan, misalnya centos hanya dilakukan mirror versi 5 saja, untuk versi sebelumnya tidak dilakukan mirror. Fole disimpan di /opt/mirror

    # vi /opt/mirror/centos_exclude.conf
     
    /2/
    /2.1/
    /3/
    /3.1/
    /3.2/
    /3.3/
    /3.4/
    /3.5/
    /3.6/
    /3.7/
    /3.8/
    /3.9/
    /4/
    /4.0/
    /4.1/
    /4.2/
    /4.3/
    /4.4/
    /4.5/
    /4.6/
    /4.7/

     
     

  7. Uji coba dengan melakukan sinkronisasi# rsync -avzH –exclude-from=/opt/mirror/centos_exclude.conf   kambing.ui.edu::centos /home/mirror/centos/berhati-hatilah melakukan sinkronisasi ini, karena bandwidth yang dibutuhkan sangat besar dan bersifat abusif.
     
  8. Lakukan sinkronisasi secara otomatis di crondtabsaat sinkronisasi kedua dan seterusnya, biasanya file-file yang sudah tidak dipakai akan diabaikan, maka untuk menghemat space sebaiknya dilakukan penghapusan dengan menambah opsi –delete. Maka perintah diubah menjadi 
    9. # rsync -avzH –exclude-from=/opt/mirror/centos_exclude.conf   –delete kambing.ui.edu::centos /home/mirror/centos/
    simpan script diatas di /opt/mirror/centos.sh dan buat bisa dieksekusi ( chmod +x /opt/mirror/centos.sh )
    Buat file otomatisasi di crontab, dimaka akan dieksekusi pada hari minggu jam 20      

    # vi /etc/cron.d/mirror_centos
    * 20 * * 7 root /opt/mirror/centos.sh 

    Untuk lebih jelas tentang penjadwalan dapat dilihat disini

     

  9. Untuk ubuntu lakukan hal sama seperti di centos
  10. Buat agar file-file mirror dapat dibaca dengan browser, misalnya beralamatkan http://127.0.0.1/pub
    Untuk itu perlu diinstall webserver terlebih dahulu jika belum ada.
    Buat alias /pub yang dialamatkan di direktori /home/mirror, lihat di cara membuat alias.    
    Alias /pub /home/mirror/
    < directory /home/mirror >
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </ directory>

    Di alias /pub ini diperlukan browser bisa melakukan listing file/folder dan mengikuti link yang ada.

thanks to kusprayitna


Tags: , , ,
1 comment

Photo AlbumDream Come TrueOct 28, '08 8:04 AM
for everyone
ddd
dThumbnaild
ddd
ini sedikit momen saat kami berjaya di Gemastik 2008 IT Telkom
Tags: , , , ,
8 comments

Blog EntrySep 23, '08 5:26 AM
for everyone
#================================================================$
#       Proxy Server Versi 2.6.Stable18
#       Faisal Reza @ Mutiara Access
#================================================================$
http_port 3124 transparent
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 30 MB
minimum_object_size 0 KB
#maximum_object_size_in_memory KB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /webproxy 2800 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
dns_nameservers 192.168.20.222 203.190.55.210 203.142.83.200
cache_swap_log /var/log/squid/swap.state
emulate_httpd_log on
hosts_file /etc/hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:     1440    0%      1440
refresh_pattern .                0         20%     4320
negative_ttl 1 minutes
half_closed_clients off
acl snmpcommunity snmp_community public
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563     # https, snews
acl SSL_ports port 873           # rsync
acl Safe_ports port 80           # http
acl Safe_ports port 21           # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70           # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#==========================================================$
# Blok Situs Porno
#acl situs-porno url_regex -i "/etc/squid/situsporno.list"
#http_access deny situs-porno
#==========================================================$
acl the-net src 192.168.100.0/27
acl mutiara-access src 192.168.121.64/27
acl noc src 192.168.11.8/29
acl hbf src 192.168.20.0/24 
http_access allow the-net
http_access allow mutiara-access
http_access allow noc
http_access allow hbf
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr faisareza@gmail.com
visible_hostname Mutiara-Access
cache_effective_user proxy
cache_effective_group proxy
#acl telkom dstdomain telkom.net
#acl adsl-modem dst 192.168.10.1/32
#acl web-aisnet dstdomain aisnet.indoserver.org
#always_direct allow adsl-modem
#always_direct allow web-aisnet
always_direct deny all
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 5

Tags: , , ,
0 comments

Blog EntrySep 11, '08 2:34 AM
for everyone

Ide dari pemakaian ZPH ini adalah ketika memutar video dari youtube, masih terjadi delay karena terkena limit di mikrotik. Dari forum.mikrotik.com disebutkan pemakaian zph untuk memarking paket TCP_HIT.

Dengan mengedit sekian baris di squid dan penambahan 2 rule di mikrotik, akhirnya paket TCP_HIT pun dapat di baypass. Semua request dari klient mendapat traffic full sebesar local-loop yang dipunyai.

di squid.conf kita tambahkan baris ini :

#tcp_outgoing_tos 0x30 localnet

zph_mode tos 

zph_local 0x30

zph_parent 0

zph_option 136

Untuk mikrotik di bagian firewall mangle ditambahkan.

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy-hit \ passthrough=no tos=48 comment="squid" disabled=no

Di bagian Queue, pada baris paling atas.

/ queue simple add name="Proxy" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=proxy-hit \ direction=both priority=1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 \ total-queue=default-small disabled=no

Gambar topologi yang saya pakai seperti dibawah ini.


Paket marking zph juga masih bisa dikenali di router hotspot.

Jadi pelanggan hotspot akan merasakan loading konten yang cepat bila konten tersebut sudah ada dicache squid.

Tampilan grafik zph in action

catatan  : Mesin Proxy dan limiter Bandwidth harus terpisah, tidak bisa 1 mesin.

referensi:

Thanks to : jagawarnet aka firewaxx, avuds

  • http://avudz.cc/2008/04/24/squid-zph-and-htb/
  • http://www.mail-archive.com/tanya-jawab@linux.or.id/msg58358.html
  • http://mum.mikrotik.com/presentations/EG07/sunday.pdf
http://forum.mikrotik.com/viewtopic.php?f=2&t=21118&p=111032
Tags:
3 comments

Blog EntryJul 31, '08 4:41 AM
for everyone

wahahahah...

jadi maling tapi di dunia maya...

eits tapi ini malingnya maling endus2... alias sniffing

ni modalnya. silahkan dibaca disini..

http://www.noah.org/wiki/Packet_sniffing

resiko tanggung sendiri ya...

hwhhahahah...

Tags: , ,
0 comments

Blog EntryJul 13, '08 7:32 PM
for everyone

Balancing Connections Over Multiple Links

Tim Utschig <tim@tetro.net>

Contents

General Idea

Say you have access to multiple links to the Internet, such as several wireless networks in range. Wouldn't it be nice to combine all that bandwidth into one big fat pipe?

Unfortunately it's not so easy. You can't just trunk them together because they each have a different public IP address, gateway, etc.

What you can do however, thanks to some nifty Linux NetFilter extensions, is assign outgoing connections to different interfaces. This will allow protocols such as BitTorrent to utilize bandwidth from each of the links.

This document focuses on Linux iptables/NetFilter. You can achieve pretty much the same result with Linux Advanced Routing techniques. One small difference, as the link mentions, is that routes are cached, so connections to frequently used sites will always go over the same link. This may or may not be the behaviour you desire.

Prerequisites

You need a recent Linux kernel patched with support for the ROUTE target and either the "nth" or "random" match module. These patches are available in NetFilter's "patch-o-matic-ng" subversion module. I won't go into how to apply the patches, as more than sufficient documentation is included with them.

Testing I did was on Linux 2.6.14.2 patched with a copy of patch-o-matic-ng checked out with svn on 2005-11-18.

Setup

In the following examples, I use three interfaces:

  • eth0: Wired connection, 192.168.1.0/24, gateway 192.168.1.1, default route.
  • eth1: Wireless connetion 1, 172.16.0.0/16, gateway 172.16.0.1
  • rausb0: Wireless connetion 2, 192.168.0.0/24, gateway 192.168.0.1
I use the connmark match/target to assign each connection to an interface, and make sure all the packets for the connection go over that one interface. Balancing the connections over the interfaces can be done with either "random" or "nth" match module. I will give you both examples, choose which ever one you prefer. The following commands are common to both methods.

Common commands:

# prevent incoming packets on masqueraded connections from being dropped 
# as "martians" due to the destination address being translated before the
# rp_filter check is performed
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/rausb0/rp_filter

# Load protocol-specific connection tracking modules so that new connections
# associated with existing connections have state "RELATED" and inherit the
# same connmark.
modprobe ip_conntrack_ftp

# masquerade outgoing connections on secondary interfaces
iptables -t nat -A POSTROUTING -o eth1   -s ! 172.16.0.0/16  -m state --state NEW,RELATED -j MASQUERADE
iptables -t nat -A POSTROUTING -o rausb0 -s ! 192.168.0.0/24 -m state --state NEW,RELATED -j MASQUERADE

# create a chain for processing new outgoing connetions
iptables -t mangle -N NEW_OUT_CONN

# Skip connections we want to always go out wired interface
iptables -t mangle -A NEW_OUT_CONN -d 192.168.1.0/24 -j RETURN
iptables -t mangle -A NEW_OUT_CONN -p tcp -m multiport --destination-ports 21,22,80,443,6667 -j RETURN
iptables -t mangle -A NEW_OUT_CONN -p udp --dport 53 -j RETURN

# have new outgoing connections pass through the above chain
iptables -t mangle -A OUTPUT -o eth0 -m state --state NEW -j NEW_OUT_CONN

# send packets out chosen interface
iptables -t mangle -A OUTPUT -m connmark --mark 2 -j ROUTE --gw 172.16.0.1 --continue
iptables -t mangle -A OUTPUT -m connmark --mark 3 -j ROUTE --gw 192.168.0.1 --continue

The "random" method:

# 34% of the time go out the default interface
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 0
iptables -t mangle -A NEW_OUT_CONN -m random --average 34 -j RETURN

# 33% of the time go out eth1 (50% of the remaining probability)
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 2
iptables -t mangle -A NEW_OUT_CONN -m random --average 50 -j RETURN

# else (hopefully 33% of the time) go out rausb0
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 3

The "nth" method:

# 1st of every 3 connections goes out the default interface
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 0
iptables -t mangle -A NEW_OUT_CONN -m nth --counter 1 --every 3 --packet 0 -j RETURN

# 2nd of every 3 connections goes out eth1
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 2
iptables -t mangle -A NEW_OUT_CONN -m nth --counter 1 --every 3 --packet 1 -j RETURN

# 3rd of every 3 connections goes out rausb0
iptables -t mangle -A NEW_OUT_CONN -j CONNMARK --set-mark 3
iptables -t mangle -A NEW_OUT_CONN -m nth --counter 1 --every 3 --packet 2 -j RETURN

Handling when an interface goes down:

This script will make sure no packets get routed over a secondary interface that has gone down. Put it in your /etc/network/if-down.d/ (Debian), or equivalent, directory and chmod +x it. 

#!/bin/sh

if [ "$IFACE" = "eth1" ]; then
  iptables -t mangle -D OUTPUT -m connmark --mark 2 -j ROUTE --gw 172.16.0.1 --continue 2>/dev/null
fi

if [ "$IFACE" = "rausb0" ]; then
  iptables -t mangle -D OUTPUT -m connmark --mark 3 -j ROUTE --gw 192.168.0.1 --continue 2>/dev/null
fi

exit 0

Handling when an interface comes back up:

This script will allow an interface to be used again when it comes back up. Put it in your /etc/network/if-up.d/ (Debian), or equivalent, directory and chmod +x it. 

#!/bin/sh

if [ "$IFACE" = "eth1" ]; then
  iptables -t mangle -A OUTPUT -m connmark --mark 2 -j ROUTE --gw 172.16.0.1 --continue 2>/dev/null
fi

if [ "$IFACE" = "rausb0" ]; then
  iptables -t mangle -A OUTPUT -m connmark --mark 3 -j ROUTE --gw 192.168.0.1 --continue 2>/dev/null
fi

exit 0

Results

Screenshot of BitTornado
Not too shaby I think. Normally with my single DSL connection alone I get somewhere around 150 KB/s. Maybe if there's a smarter way to distribute connections this could be improved upon. Optimally my 3 test links combined would add up to 450 KB/s.

TODO

  • Write scripts to make setting all this up a snap.
  • Figure out a way to translate outgoing FTP 'PORT' commands for all links.

ChangeLog

Mon Jan 2 05:43:47 PST 2006
Michael Heimpold pointed out that --average 33 was wrong for the second -m random rule.

Fri Jan 13 09:37:12 PST 2006
Michael Heimpold figured out that RELATED connections (set as such by modules like ip_conntrack_ftp) inherit the same connmark. Changed the masquerading rules to also match RELATED packets. Now passive FTP works reliably.

Last Modified: Fri Jan 13 09:37:12 PST 2006
http://tetro.net/misc/multilink.html
Tags: ,
0 comments

Blog EntryJun 21, '08 8:08 AM
for everyone
lagi males nulis
pusing mikirin perangkat wireless buat dipasang di mutiara pratama

http://www.sveasoft.com/articles/armored/

Tags: ,
0 comments

Blog EntryJun 12, '08 5:34 AM
for everyone
Hi hi dikit bagi tips aja, di linux ganti MAC address hardware gampang banget, cuma 2 baris perintahnya, gini nih :

misal disini kita akan merubah MAC Address pada interface eth1
pertama kita harus matikan dulu interface yang akan kita ubah MAC nya
login sebagai root

# ifconfig eth1 down

kemudian kita ganti dengan MAC address yang baru
# ifconfig -v eth1 hw ether 00:XX:XX:93:XX:XX

jangan lupa aktifkan lagi
# ifconfig eth1 up

udah, gampang kan?

kalo enggak pengen berubah pas reboot, ya tambahin aja baris tadi ke /etc/rc.d/rc.local



Tags: , ,
0 comments

Blog EntryJun 11, '08 7:42 AM
for everyone
Koneksi ADSL speedy make protokol PPPoE (Point-2-point over Ethernet Protokol)
nah, jadinya, kita disini bakal coba setup ubuntu server dengan koneksi Speedy
dalam topologi kali ini, yang melakukan dial ke Speedy bukanlah modem ADSL nya, tapi Ubuntu servernya, jadinya servernya yang dapet IP publik :D

asumsikan kita udah login jadi root
atau jika belum bisa ketikkan

# sudo -i
[password]:

cek apakah paket pppoe dan pppoeconf sudah terinstal di sistem
# dpkg -s pppoe

kalau belum install dengan perintah
# apt-get install pppoe pppoeconf

atau kalo lum nyambung ke internet klik disini dan disini (intel prosesor)

setelah selesai download di komputer lain, save ke flashdisk dan copy ke /usr/src

# cp /lokasi-file/* /usr/src

install kedua paket tersebut
# dpkg -i pppoe-versi.x.x.deb
# dpkg -i pppoeconf-versi.x.x.deb

trus edit file pppoe.conf
# nano /etc/ppp/pppoe.conf

isinya kurang lebih gini

ETH='eth0'
USER='XXXX0310XXXX@telkom.net'
DEMAND=no
DNSTYPE=SERVER
CONNECT_TIMEOUT=60
CONNECT_POLL=6
PING="."
PIDFILE="/var/run/$CF_BASE-pppoe.pid"
TERMINATEFILE=/var/run/pppoe.stop
SYNCCHRONOUS=no
CLAMPMSS=1412
LCP_INTERVAL=20
LCP_FAILURE=3
PPPOE_TIMEOUT=80
FIREWALL=NONE

keterangan :
eth0 : interface yang menempel ke modem (sesuaikan)
user : username Speedy
demand : dial on demand, sambungan saat diperlukan, pilih No untuk koneksi 24 jam
dnstype : menerima informasi DNS dari server, untuk server

nah kalo udah coba aja setting pake wizard
# pppoeconf
ikutin langkah-langkahnya
isi username
password
dll
setelah semuanya dipastikan berjalan, dial dengan perintah
# pon
untuk matikan
# poff

coba ja deh :D


Tags: ,
0 comments

Blog EntryJun 6, '08 4:47 AM
for everyone
link yang bagus buat belajar Bw Management QoS berbasis ADSL kayak Produknya telkom yang lagi ngetrend :D

Klik aja disini

Tags: , , , ,
0 comments

Blog EntryMay 24, '08 2:53 AM
for everyone
Hehehe... dasar emang otak gratisan,
kmarin pas printer error iseng2 browsing dan cari2 referensi, eh nemu situs russia yang nyediain reseter gratis dari
www.ipt.nm.ru
tapi bahasanya russia bro... Ngarti ngak lu... coba ;
eits, tapi bisa diakalin, pake Google translate
http://www.google.com/translate?u=http%3A%2F%2Fwww.ipt.nm.ru&langpair=ru|en&hl=en&ie=UTF8

sip nggak tuh?! dari seri Canon iP sampe MP di hajar semua.. hehehehe...
Tags: , , ,
0 comments

NoteGuestbook
   
batangopensources wrote on Feb 20, '11
Tutorialnya di http://opensource.telkomspeedy.com/forum/viewtopic.php?id=5530 bermanfaat sekali mas,alhamdulillah berhasil setting webhtb.cuma ada yang mengganjal nich mas.di squidnya kalau saya aktifkan zph nya kok ndak ada waktu seminggu server dah macet(padahal setiap restart cache.log dah saya set buat terhapus).tapi di saat saya tidak aktifkan zphnya squid lancar2 aja sampai 3 bulan ini.mohon pencerahannya ma.terima kasih
mupengml wrote on Oct 12, '10
assalamualaikum,numpang mampir baca2 tutorialnya yah :)
y3rmia wrote on Jul 9, '10
halo.., mas faisal.. mohon bantuanya dan petunjuknya untuk membuat router IPv6 dengan dhcp IPv6nya supaya disisi client bisa internetan pke IPv6
wiscore wrote on Jun 8, '10
salam kenal dari jawa.. mau minta sharing tentang sqiud dan ubuntu server atao yang lain.. saya mau buat proxy server buat jaringan.. thanks
irfaniwec wrote on Jun 5, '10
assalamualaikum...mas faisal mau tanya tentang squid..kenapa squid di ubuntu saya kok selalu memblock port 9339, apa lagi waktu membuka poker pasti konfirmasinya you could not connect to the server.

The server may be down for maintenance.
Your firewall may be blocking access to port 9339.

Please email poker_customerservice@zynga.com if this issue persists.
saya sudah menambahkan pada safe_ports tapi dan SSL_ports tetapi tetap saja nihil...mohon pencerahannya terimakasih


adi
rdty wrote on Nov 28, '09
halo ahalo....
rdty wrote on Nov 27, '09
Salam kenal mas, to the poin aja yah, begini mas saya renc merakit kompi buat server proxy yang nantinya akan saya pasangkan pake OS linux, trus maunya sih di gabung dengan AP Lingsys WRT54GL untuk wirelessnya, yang mau saya tanyakan spek apa yang kira2 optimal buat server saya karena budget saya minim, klo mas mo bantu tolong ksi spek nya ya, oia karena server pastinya tuh kompi harus bisa running 24/7 (24 jam perhari 7 hari perminggu) alias online terus tanpa berhenti... dan perlu diketahui dana saya cuman # 3,5jt... blsnya disini dan emil saya ya mas ( donny.blp@gmail.com ) Trimz sebelumnya.


astaswastika wrote on Oct 22, '09
salam kenal

It's always about Dreams
-astaswastika-
andri27gas wrote on Oct 13, '09
Ikutan lewat juga aghhh....
Salam kenal Boss......
fitrimalang wrote on May 7, '09
Hai Faisal, Q mau minta bantuan km Please, Q daftar forum d opensource.telkomspeedy g bs, jd Q tny km disini aj y.
Q kerja d wrnet, Ruangan ukuran 4X13 atap bkn genteng jd puanas bgt &apalagi d buat smooking area jd +parah panasnya, tp udah d kasi exhaust u/ menghisap asap rokok, AC 2 PK, kipas 2 tp kok ga pengaruh y, pdhl jendela uadh ditutup rapat. skrg malah d tambah AC lg 1,5pk tp malah AC nya overheat cz AC luarnya salah penempatan. Q sm pimpinanku sdh brusaha semaksimal mungkin biar user merasa nyaman, mulai wrnet buka smp skrg. udah listrik hbs bnyk bgt tp g ada hasil :( , Please km bantuin Q donk masalah fentilasi atau pendingin yg benar atau apa ajalah, Q ga tega sm wrnetku udah berusaha sebaik mungkin tp user ttp g menghargai. Saran2 km sangat penting bgt. email atau PM Q y "t_t_fia@yahoo.com" Ntar kl cara2 km berhasil Q paketin oleh2 dr Malang deh,, Sumpah.. Thanks before
ryusnider wrote on Apr 28, '09
numpang liwat gan
salam kenal
openwebhost wrote on Apr 17, '09
lamun2 reuk apal RAdio Nano nano mah BUZ wae Metronet..nanti juga bakal di jelasin .sampee kamu paham....
ratumaya wrote on Mar 16, '09
help me pliez???!!!
pecenx wrote on Feb 17, '09
tolong mas tampilkan saja squid.conf untuk slackwarenya
nikko296 wrote on Oct 28, '08
idih mas, foto belum mandi yg di podium dipajang tuh hhehe,,brcanda :)
bandelang wrote on Jan 5, '08
Kunjungi kami juga di:

http://www.myspace.com/bandelang

makasi.....
View All 16 Comments
Pages:12