Archive for November, 2008

Monthly Archive
« Previous Page
Next Entries »

Fri 28 Nov 2008

Install PHPNUKE di FreeBSD

Posted by harinto under FreeBSD
No Comments

Instal PHPNUKE di FreeBSD

Asumsi, saya meletakkan source code PHP-Nuke di /var/tmp

> pwd
/var/tmp
> wget http://unc.dl.sourceforge.net/sourceforge/phpnuke/PHP-Nuke-6.5.tar.gz
> tar -zxvf PHP-Nuke-6.5.tar.gz

Kemudian, copy-kan semua direktori dan file yg berada di bawah direktori “html” ke tempat “DocumentRoot” di tempat hosting anda, ada yg di “public_html” atau “htdocs” atau “www/htdocs” (tergantung dari tempat hosting yg telah disediakan).

> mv /var/tmp/html/* /usr/home/tarmizi/public_html/
> cd /usr/home/tarmizi/public_html/
> chmod 755 *.php
> chmod 666 ultramode.txt

Asumsi saya membuat database dengan nama “portal”.

> /usr/local/mysql/bin/mysqladmin -u tarmizi -p create portal
Enter password:
> /usr/local/mysql/bin/mysql -u tarmizi -p portal < /var/tmp/sql/nuke.sql

catatan:
Sebelumnya, terlebih dahulu pastikan bahwa anda telah mempunyai “account” dan “password” di database “MySQL” nya.

Kemudian edit “config.php”

# ee config.php

catatan: Sesuaikan masing-masing dari baris-baris berikut:

$dbhost = “localhost”;
$dbuname = “tarmizi”;
$dbpass = “123456″;
$dbname = “portal”;
$prefix = “nuke”;
$user_prefix = “nuke”;
$dbtype = “MySQL”;
$sitekey = “SdFk*fa28367-dm56w69.3a2fDS+e9″;
$gfx_chk = 0;
$subscription_url = “http://www.andalasmedia.net/~tarmizi/”;

dan save file tersebut.

Sekarang Anda tinggal mengatur konfigurasi untuk “administrator”-nya, arahkan browser Anda ke http://www.andalasmedia.net/~tarmizi/

Finish, Selamat Mencoba, Semoga Berhasil.

Tags:

 

Fri 28 Nov 2008

Install MRTG di FreeBSD

Posted by harinto under FreeBSD
No Comments

Sinopsis

MRTG berbentuk Source Code. Ini artinya anda harus meng-compile sebagian dulu sebelum anda dapat menggunakannya dalam Unix. Instruksi-instruksi ini membantu anda untuk melakukannya.

Persiapan

Untuk meng-compile dan menggunakan mrtg anda membutuhkan C compiler dan perl yang telah diinstall di mesin unix anda. Dalam banyak kasus biasanya sudah tersedia. Jika tidak, berikut ini sebagai permulaan. Di bawah ini akan diberikan keterangan lebih terperinci tentang seluruh proses kompilasi.
Gcc

http://gcc.gnu.org/

Perl

http://www.perl.com/

MRTG menghasilkan traffic graphs dalam format PNG. Agar bisa melakukan itu memerlukan beberapa 3rd party libraries. Ketika meng-compile libraries tersebut Saya ingatkan anda untuk meyakinkan kompilasi anda sebagai static libraries. Hal ini akan menghindari adanya masalah dalam tahap selanjutnya.

gd

Ini adalah dasar dari graph drawing library yang dibuat oleh Thomas Boutell. Sebagi catatan bahwa semua releases setelah Version 1.3 hanya menghasilkan PNG images. Hal ini dikarenakan a) Thomas mendapat masalah karena format GIF yang digunakan merupakan hak paten dari Unisys. b) PNG lebih efisien dan bebas hak paten. MRTG dapat bekerja dengan versi lama dan baru dari GD library. Anda dapat mendapatkan file GD dari: http://www.boutell.com/gd/

libpng

Diperlukan oleh gd untuk menghasilkan file PNG graphics. Dapat diperoleh di:

http://www.libpng.org/pub/png/src/

zlib

Diperlukan oleh libpng untuk mengecilkan file graphics yang anda buat. Dapat diperoleh di
ftp://sunsite.cnlab-witch.ch/mirror/infozip/zlib/
Terakhir anda juga membutuhkan mrtg . Jika anda belum mendownloadnya, anda dapat memperolehnya di website : http://people.ee.ethz.ch/~oetiker/webtools/mrtg/pub/

Kompilasi Library

Dalam bagian ini Saya akan memberikan insruksi langkah demi langkah dalam meng-compile on how to compile berbagai libraries yang diperlukan untuk kompilasi dari mrtg. Sebagai catatan libaries ini bisa jadi telah terinstall jika anda mempunyai sistem *BSD or Linux jadi anda dapat melewatkan meng-compile ulang mereka. Program wget digunakan dibawah ini adalah simple web downloader sederhana, anda juga dapat memasukkan alamat-alamat ini ke ie atau netscape jika wget tidak tersedia.
Pertama kita membuat direktori untuk kompilasi. Sebagai catatan hal ini mungkin sudah tersedia dalam sistem anda.

tarmizi# mkdir /usr/local/src
tarmizi# cd /usr/local/src

Jika Anda belum menginstall zlib:

tarmizi# wget ftp://sunsite.cnlab-switch.ch/mirror/infozip/zlib/zlib.tar.gz
tarmizi# gunzip -c zlib.tar.gz | tar xf -
tarmizi# mv zlib-?.?.?/ zlib
tarmizi# cd zlib
tarmizi# ./configure
tarmizi# make
tarmizi# cd ..

Jika Anda belum menginstall libpng:

tarmizi# wget http://ftp.iasi.roedu.net/mirrors/ftp.sunfreeware.com/pub/freeware/SOURCES/libpng-1.0.11.tar.gz
tarmizi# gunzip -c libpng-*.tar.gz |tar xf -
tarmizi# rm libpng-*.tar.gz
tarmizi# mv libpng-* libpng
tarmizi# cd libpng
tarmizi# make -f scripts/makefile.std CC=gcc ZLIBLIB=../zlib ZLIBINC=../zlib
tarmizi# rm *.so.* *.so
tarmizi# cd ..

Dan Anda sekarang dapat meng-compile gd:

tarmizi# wget http://www.boutell.com/gd/http/gd-1.8.3.tar.gz
tarmizi# gunzip -c gd-1.8.3.tar.gz |tar xf -
tarmizi# mv gd-1.8.3 gd

tarmizi# cd gd

Karakter diakhir baris berarti semua yang tertulis sebenarnya ditulis dalam 1 baris.

tarmizi# make INCLUDEDIRS=”-I. -I../zlib -I../libpng”
LIBDIRS=”-L../zlib -L. -L../libpng”
LIBS=”-lgd -lpng -lz -lm”
server# cd ..

Kompilasi MRTG

Sekarang semua telah siap untuk kompilasi MRTG.

tarmizi# cd /usr/local/src
tarmizi# gunzip -c mrtg-2.9.18pre3.tar.gz | tar xvf -
tarmizi# cd mrtg-2.9.18pre3

Jika semua libraries telah terinstall dalam sistem anda, anda bisa meng-configure mrtg dengan melakukan:

tarmizi# ./configure –prefix=/usr/local/mrtg-2
–with-gd=/usr/local/src/gd
–with-z=/usr/local/src/zlib
–with-png=/usr/local/src/libpng
tarmizi# make
tarmizi# make install

Semua software yang dibutuhkan oleh MRTG sekarang telah terinstall di bawah sub-direktori /usr/local/mrtg-2.

Konfigurasi MRTG

Langkah selanjutnya adalah mengkonfigurasi mrtg untuk memonitor network device. Hal ini dilakukan dengan membuat file mrtg.cfg. Bersama dengan mrtg Anda juga mendapatkan cfgmaker. Ini adalah script yang bisa anda tujukan ke router yang anda pilih, dan ini akan menghasilkan konfigurasi file mrtg. Anda dapat menemukan script ini dalam subdirektori bin.

tarmizi# mkdir /usr/local/httpd/htdocs/mrtg/cobain

tarmizi# /usr/local/mrtg-2/bin/cfgmaker –global ‘WorkDir: /usr/local/httpd/htdocs/mrtg/’cobain’
–global ‘Options[_]:growright,bits’
–output /usr/local/httpd/htdocs/mrtg/cfg/cobain.cfg cobain@xxx.xxx.xx.x

Contoh diatas akan membuat file config mrtg dalam /home/mrtg/cfg kita assumsikan bahwa ini adalah directori yang muncul dalam webserver.

Menjalankan MRTG

tarmizi# /usr/local/mrtg-2/bin/mrtg /usr/local/httpd/htdocs/mrtg/cfg/cobain.cfg

Ini akan meng-query router anda dan juga membuat mrtg trafic graphs dan webpages pertama anda. Ketika menjalankan mrtg pertama kali akan banyak permintaan tentang hilangnya file-file log. Jangan khawatir, hal ini normal untuk pertama atau kedua kalinya anda menjalankan mrtg. Jika setelah beberapa masih terjadi kesalahan mungkin terjadi kesalahan.
Menjalankan mrtg secara manual tidak ideal dalam jangka panjang. Jika anda telah puas dengan hasil yang diperoleh anda harus mengotomatiskan proses mrtg dengan interval rutin (artinya akan 5 menit sekali secara default).
Anda dapat memasukkan mrtg ke crontab anda dengan baris seperti ini:

tarmizi# crontab -e
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/mrtg-2/bin/mrtg /usr/local/httpd/htdocs/mrtg/cfg/cobain.cfg

Anda juga harus menjalankan mrtg sebagai proses daemon dengan menambahkan baris
RunAsDaemon: Yes
ke file konfigurasi mrtg dan kemudian membuat startup script untuk system startup sequence.

script minimal untuk disimpan di bawah init.d contohnya seperti ini:

#! /bin/sh
cd /usr/local/mrtg-2.9.18pre3/bin && ./mrtg –user=mrtg-user
/home/httpd/mrtg/mrtg.cfg –logging /var/log/mrtg.log
Sebagai catatan hal ini akan berjalan baik dengan RunAsDaemon: Yes dalam file mrtg.cfg.

Finish. Selamat Mencoba, Semoga Berhasil

Tags:

 

Fri 28 Nov 2008

Install SNMP di FreeBSD

Posted by harinto under FreeBSD
No Comments

Teori Singkat

SNMP (Simple Network Management Protocol) adalah protokol manajemen jaringan yang paling banyak digunakan pada jaringan berbasis TCP/IP. SNMP merupakan protokol standard industri yang digunakan untuk memonitor dan mengelola berbagai perangkat di jaringan Internet meliputi hub, router, switch, workstation dan sistem manajemen jaringan secara jarak jauh (remote).

Instalasi SNMP

office# cd /usr/local
office# wget http://andalasmedia.homeunix.org/~harinto/Source/ucd-snmp-4.2.6.tar.gz
office# tar -zxvf ucd-snmp-4.2.6.tar.gz
office# cd ucd-snmp-4.2.6
office# ./configure –prefix=/usr/local/snmp

System Contact Information (root@pdg.asiamaya.net): senthod@pdg.asiamaya.net
setting System Contact Information to… senthod@pdg.asiamaya.net
checking System Location…

*** System Location:

Describes the location of the system. This information is
available in the MIB-II tree. this can also be over-ridden using the
“syslocation” syntax in the agent’s configuration files.

System Location (Unknown): Traffict Monitoring Office

office# make
office# make install

office# cp EXAMPLE.conf /var/snmp.conf
office# ee /var/snmp.conf

Cari pada bagian seperti contoh di bawah ini :

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

# sec.name source community
com2sec local localhost COMMUNITY
com2sec mynetwork NETWORK/24 COMMUNITY

Sebagai contoh, saya mengganti NETWORK/24 seperti di bawah ini :

# sec.name source community
com2sec local localhost COMMUNITY
com2sec asianet 202.152.27.126/32 asianet

Bila sudah selesai pengeditan Anda, silahkan Anda simpan.

Sekarang kita jalankan SNMPnya :

office# /usr/local/snmp/sbin/snmpd
office# ps ax | grep snmpd
272 ?? I 0:00.07 /usr/local/snmp/sbin/snmpd
18316 p0 DL+ 0:00.00 grep snmp

Pastikan ini tidak ada error, silahkan Anda selalu ngecek dengan perintah “tail -f /var/log/messages”, setiap Anda melakukan pengeditan. Kemudian silahkan Testing SNMP-nya dengan perintah seperti dibawah ini :

office# /usr/local/snmp/bin/snmpwalk -v1 -c public localhost system

Hasilnya seperti dibawah ini, :

system.sysDescr.0 = FreeBSD office.pdg.asiamaya.net 4.4-RELEASE FreeBSD 4.4-RELEASE #1: Wed Jul i386
system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.unknown
system.sysUpTime.0 = Timeticks: (12301) 0:02:03.01
system.sysContact.0 = senthod@pdg.asiamaya.net.where
system.sysName.0 = office.pdg.asiamaya.net
system.sysLocation.0 = Traffict Monitoring Office

Bila sewaktu mentest dengan snmpwalk, muncul pesan host time out atau unkown host, silahkan Anda cek sekali lagi konfigurasi Anda. Bisa jadi waktu Configure SNMP-nya ada error atau setingan di /var/snmp.conf-nya belum benar. Selalu cek dengan “tail -f /var/log/messages” Smile

Biar setiap kali sistem restart, snmpnya langsung jalan, tambahkan aja di file startup-nya.

office# touch /etc/rc.local
office# ee /etc/rc.local

#Running SNMP
/usr/local/snmp/sbin/snmpd

Finish. Selamat Mencoba, Semoga Berhasil

Tags:

 

Fri 28 Nov 2008

Install Squid di FreeBSD

Posted by harinto under FreeBSD
No Comments

Installasi squid di FreeBSD

Perangkat yang digunakan untuk ngoprek

Pentium III 300MHz, RAM 128, HD 20GB dengan partisi sebagai berikut :
/swap : 256MB
/cache : 16000MB
/ : Sisanya

Langkah Kerja

Instal Squid

sarangku# tar -zxvf squid-2.5.STABLE5.tar.gz
sarangku# cd squid-2.5.STABLE5
./configure –enable-delay-pools –enable-ipf-transparent –enable-storeio=diskd,ufs –enable-storeio=diskd,ufs –disable-ident-lookups –enable-snmp –enable-removal-policies
sarangku# make
sarangku# make install
sarangku# pw useradd squid
sarangku# pw addgroup squid
sarangku# cd /
sarangku# chown squid:squid cache
sarangku# cd /usr/local/squid/var/logs
sarangku# touch access.log
sarangku# touch cache.log
sarangku# chown squid:squid *
sarangku# mkdir /usr/local/squid/cache
sarangku# cd /usr/local/squid/
sarangku# chown nobody:nogroup cache
sarangku# cd /usr/local/squid/etc/
sarangku# cp squid.conf squid.conf.old
sarangku# rm -rf squid.conf
sarangku# touch squid.conf
sarangku# ee /usr/local/squid/etc/squid.conf

Contoh Konfigurasi squid.conf

http_port 192.168.0.14:8080
icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? js
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /cache 16000 16 256 Q1=72 Q2=64
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
ftp_user support@pdg.asiamaya.net
wais_relay_port 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minute
positive_dns_ttl 6 hour
negative_dns_ttl 5 minute
range_offset_limit 0 KB
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl sarangku src 192.168.0.0/24
acl SSL_ports port 443 563
acl irc_ports port 6667
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow sarangku
http_access allow IIX
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CONNECT !irc_ports
http_access deny all
icp_access allow all
connect_timeout 2 minute
peer_connect_timeout 30 seconds
read_timeout 15 minute
request_timeout 30 second
client_lifetime 5 day
pconn_timeout 120 second
shutdown_lifetime 30 second
cache_mgr support@pdg.asiamaya.net
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.pdg.asiamaya.net
logfile_rotate 10
forwarded_for on
log_icp_queries off
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp on
test_reachability on
nonhierarchical_direct off
prefer_direct on
ignore_unknown_nameservers on
high_memory_warning 0
store_dir_select_algorithm round-robin
ie_refresh on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Backup Kernel Anda

sarangku# cd /usr/src/sys/i386/conf
sarangku# cp GENERIC SARANGKU
sarangku# ee SARANGKU
Ganti ident GENERIC menjadi SARANGKU
ident SARANGKU
maxusers 0

#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols

#Mengaktifkan NatD dan IPFW

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT

#DiskD
options SYSVMSG
options MSGMNB=8192 # max # of bytes in a queue
options MSGMNI=40 # number of message queue identifiers
options MSGSEG=512 # number of message segments per queue
options MSGSSZ=64 # size of a message segment
options MSGTQL=2048 # max messages in system

options SYSVSHM
options SHMSEG=16 # max shared mem id’s per process
options SHMMNI=32 # max shared mem id’s per system
options SHMMAX=2097152 # max shared memory segment size (bytes)
options SHMALL=4096 # max amount of shared memory (pages)

#Transparent Proxy
options IPFIREWALL_VERBOSE #print information about

# Dropped Packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity

Kompile Kernel Anda

sarangku# config SARANGKU
sarangku# cd ../../compile/SARANGKU
sarangku# make depend && make && make install && reboot

Buat Startup Script

sarangku# touch /usr/local/etc/rc.d/squid.sh
sarangku# chmod +x /usr/local/etc/rc.d/squid.sh
sarangku# ee /usr/local/etc/rc.d/squid.sh

#!/bin/sh

echo -n ‘Proxy Server’

case “$1″ in
start)
/usr/local/squid/sbin/squid -D
;;
stop)
/usr/local/squid/sbin/squid -k shutdown
;;
restart)
/usr/local/squid/sbin/squid -k reconfigure
;;
*)
echo “Usage: `basename $0` {start|stop|restart}”
;;
esac

Jalankan Squid

sarangku# /usr/local/squid/sbin/squid -z
ini akan membuat swap direktori
sarangku# /usr/local/etc/rc.d/squid.sh start atau
sarangku# /usr/local/squid/sbin/squid -D

Mengecek Squid di Background

sarangku# ps ax | grep squid
15 ?? Is 0:00.01 /usr/local/squid/sbin/squid -D
162 ?? S 1:57.06 (squid) -D (squid)
567 p0 S+ 0:00.00 grep squid

Bila sudah muncul seperti tampilan diatas sewaktu menjalankan squid -D, berarti Squid Anda sudah berjalan

Mengecek Access Log-nya

sarangku# tail -f /usr/local/squid/var/logs/access.log

1082023675.284 9457 192.168.1.7 TCP_MISS/200 1528 GET http://www.jpegworld.com/index2.shtml – DIRECT/64.237.52.26 text/html
1082023676.844 8242 192.168.1.9 TCP_MISS/403 1488 GET http://xxxfantasy.cheapbw.com/pg1/asian.jpg – DIRECT/69.90.63.91 text/html
1082023678.712 12044 192.168.1.7 TCP_MISS/200 4372 GET http://66.111.39.232/julove/2240f53u.jpg – DIRECT/66.111.39.232 image/jpeg

Pastikan bahwa tulisan seperti diatas selalu bergerak bila usernya sedang membuka situs. Supaya script diatas selalu tersimpan waktu mesin di reboot, bisa dimasukkan dalam file startup

sarangku# touch /etc/rc.local
sarangku# ee /etc/rc.local

#Running Proxy Server
/usr/local/etc/rc.d/squid.sh start
#Forwarding
/sbin/ipfw add 350 fwd 192.168.0.14,8080 tcp from 192.168.0.0/24 to any www
/usr/local/snmp/sbin/snmpd

Selamat Mencoba, Semoga Berhasil

Tags:

 

Fri 28 Nov 2008

Panduan Instalasi Web Server di FreeBSD

Posted by harinto under FreeBSD
No Comments

Install Web Server

: Yang dibutuhkan adalah source-source berikut :

1. mysql-3.22.32.tar.gz
2. apache_1.3.26.tar.gz
3. php-4.1.2.tar.gz
4. openssl-0.9.6d.tar.gz
5. mod_ssl-2.8.10-1.3.26.tar.gz

: Kita Download dulu Source Codenya :

server# pwd
/usr/local/src
server# wget http://sunsite.bilkent.edu.tr/pub/mysql/Downloads/MySQL-3.22/mysql-3.22.32.tar.gz
server# wget http://ftp.inet.ufop.br/adm/SO/freebsd/ports/apache_1.3.26.tar.gz
server# wget http://museum.php.net/php4/php-4.1.2.tar.gz
server# wget http://ftp.inet.ufop.br/adm/SO/freebsd/ports/openssl-0.9.6d.tar.gz
server# wget http://ftp.inet.ufop.br/adm/SO/freebsd/ports/mod_ssl-2.8.10-1.3.26.tar.gz
: Install MySQL-nya Dulu :

unpack source nya, compile dan Install :

server# tar -xzvf mysql-3.22.32.tar.gz
server# cd mysql-3.22.32/
server# ./configure –prefix=/usr/local/src/mysql
server# make
server# make install
server# ./scripts/mysql_install_db

Creating db table
Creating host table
Creating user table
Creating func table
Creating tables_priv table
Creating columns_priv table

To start mysqld at boot time you have to copy support-files/mysql.server
to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
This is done with:
/usr/local/src/mysql/bin/mysqladmin -u root password ‘new-password’
See the manual for more instructions.

Please report any problems with the /usr/local/src/mysql/bin/mysqlbug script!

The latest information about MySQL is available on the web at http://www.mysql.com
Support MySQL by buying support/licenses at http://www.tcx.se/license.htmy.

: Menjalankan MySQL :

server# cd /usr/local/mysql/bin
server# ./safe_mysqld &
[1] 24269
server# Starting mysqld daemon with databases from /usr/local/mysql/var

: Unpack Apachenya Dulu :

server# cd /usr/local/src/
server# tar -xzvf apache_1.3.26.tar.gz
server# cd apache_1.3.26/
server# ./configure –prefix=/usr/local/src/apache

Configuring for Apache, Version 1.3.26
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for FreeBSD 4.4 platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ adding selected modules
+ using builtin Expat
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard

: Install PHP :

server# cd ..
server# tar -xzvf php-4.1.2.tar.gz
server# cd php-4.1.2/
server# ./configure –with-mysql=/usr/local/src/mysql
? –with-xml
? –with-apache=/usr/local/src/apache_1.3.26
? –enable-track-vars
+——————————————————————–+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+——————————————————————–+
Thank you for using PHP.

server# make
server# make install
server# cp php.ini-dist /usr/local/lib/php.ini
server# cd ..

: Instal opensslnya dulu :

server# tar -zxvf openssl-0.9.6d.tar.gz
server# cd openssl-0.9.6d/
server# ./config –prefix=/usr/local/src/ssl
server# make
server# make test
server# make install

: Instal mod_ssl :

server# cd ..
server# tar -zxvf mod_ssl-2.8.10-1.3.26.tar.gz
server# cd mod_ssl-2.8.10-1.3.26
server# ./configure –with-apache=/usr/local/src/apache_1.3.26

Done: source extension and patches successfully applied.

Now proceed with the following commands (Bourne-Shell syntax):
$ cd /usr/local/src/apache_1.3.26
$ SSL_BASE=/path/to/openssl ./configure … –enable-module=ssl
$ make
$ make certificate
$ make install

server# cd ..

: Install Apache :

server# cd apache_1.3.26/
server# ./configure
server# –enable-module=ssl
–activate-module=src/modules/php4/libphp4.a
–enable-module=php4
–prefix=/usr/local/src/httpd
–enable-shared=ssl

Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl
Creating Makefile in src/modules/php4

server# make
server# make certificate TYPE=custom
server# make install
+——————————————————–+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /usr/local/src/httpd/conf/httpd.conf
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /usr/local/src/httpd/bin/apachectl start
| |
| Or when you want to run it with SSL enabled use: |
| |
| /usr/local/src/httpd/bin/apachectl startssl
| |
| Thanks for using Apache. The Apache Group |
| http://www.apache.org/ |
+——————————————————–+

: Selesai :

: Konfigurasi Apache :

Edit httpd.conf yang berada di /usr/local/src/httpd/conf/httpd.conf,

server# ee /usr/local/src/httpd/conf/httpd.conf

dan tambahkan baris berikut :

AddType application/x-tar .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

: Mari kita Jalankan apache :

# /usr/local/src/httpd/bin/apachectl start

: Untuk menjalankan apache dengan mode SSL :

# /usr/local/src/httpd/bin/apachectl startssl

Menjalankan dengan mode SSL, kita akan diminta memasukkan pass-phrase nya.
apabila kita tidak ingin memasukkan pass-phrase setiap kali apache di jalankan, lakukan langkah-langkah berikut :

1. Hilangkan enkripsi dari RSA private key ( dan kita backup file aslinya ) :

# cd /usr/local/apache/conf/ssl.key/
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key

2. Pastikan file server.key hanya terbaca oleh root:

# chmod 400 server.key

Selamat Mencoba, Semoga Berhasil

: Referensi :

Untuk ambil source codenya, silahkan rujuk site berikut ini :
- http://ftp.inet.ufop.br/adm/SO/freebsd/ports/
- http://museum.php.net/php4/
- http://www.freebsd-docs.netfirms.com/

Tags:

 

Fri 28 Nov 2008

2009, Malware ‘Virtual’ Akan Hadir

Posted by harinto under Windows
No Comments

Menurut MessageLabs, penulis virus sepertinya akan semakin menambah ketegangan adanya malware di tahun depan dalam rangka usahanya untuk memperlancar botnet dari tahun 2008 ini. MessageLabs memprediksikan bahwa hacker akan merilis serangan malware yang baru, berupa virtualisasi layer yang berjalan langsung di hardware dan tidak akan bisa ditemukan oleh system operasi.

“System operasi tidak akan tahu dimana malware berada. Masalah utamanya, bagaimana caranya untuk menghapusnya, karena malware berada di low level, dan dapat merusak system.” kata Paul Wood, analyst senior di MessageLabs. Cyber criminal akan berkonsentrasi pada infeksi computer dengan malware yang bersembunyi di dalam task yang dilakukan user, tambahnya. Sebagai contoh, ketika malware mengetahui bahwa spam yang dikirimkannya telah diblokir, maka kemudian si penulis malware akan mengirimkan DoS Denial-of-Service) di dalamnya.

Selain itu, user sebaiknya berhati-hati terhadap malware mobile yang sepertinya akan semakin bertambah di tahun 2009, namun bukan menjadi tujuan utama dari infeksi hardware, yakni membuat botnet. Attacker akan mencari uang dengan mengambil alih telepon sehingga nomor telepon premium user akan diatur oleh criminal. Serangan phishing juga akan semakin mengerikan, termasuk serangan DNS dengan membuat sub-domain yang akan mengeksploitasi account user. Metode ini tentunya dapat mengelakkan filter URL yang dapat mendeteksi penggunaan teknik typo-squatting dari cybercrime. Semua kesalahan tersebut berasal dari surfer ketika memasukkan alamat website ke browser.

“Kami melihat bisnis sah dengan domain yang legal, telah diambil alih oleh attacker. Cybercrime telah mengakses fungsi admin dari DNS console user, menambah sub-domain ke record mereka dan kemudian menggunakan domain tersebut untuk email phishing.” jelas Wood. (h_n)

ref.beritanet.com

Tags:

 

Fri 28 Nov 2008

PC Router dengan FreeBSD

Posted by harinto under FreeBSD
No Comments

Contoh Config Router Warnet dengan FreeBSD

login as: areksitiung
Using keyboard-interactive authentication.
Password:
Last login: Mon Nov 24 17:51:25 2008 from 203.130.207.181
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.

FreeBSD 5.3-RELEASE (NOVERNET) #0: Thu Feb 28 23:59:06 UTC 2008

Welcome to Proxy+Router NoverNet Jati GP

+++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++
+++ +++
+++ ATTENTION! +++
+++ You’re now on strict area of +++
+++ Proxy NoverNet Network, +++
+++ all your activity are being logged. +++
+++ +++
+++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++
Regard’s – areksitiung@yahoo.com

> su
router# cat /etc/rc.conf

# — sysinstall generated deltas — # Thu Feb 28 23:19:45 2008
# Created: Thu Feb 28 23:19:45 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.

sshd_enable=”YES”
fsck_y_enable=”YES”
gateway_enable=”YES”

ppp_enable=”YES”
ppp_mode=”ddial”
ppp_profile=”speedy”
ppp_nat=”YES”

pf_enable=”YES”
pf_rules=”/etc/pf.conf”
pf_flags=”"
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”
pflog_flags=”"

ifconfig_rl0=”up”
ifconfig_rl0=”inet 192.168.2.2 netmask 255.255.255.0″
ifconfig_rl1=”inet 192.168.1.1 netmask 255.255.255.0″
hostname=”router.nover.net.id”

router# cat /etc/rc.local
/usr/local/bin/portsentry -tcp
/usr/local/bin/portsentry -udp
/usr/sbin/squid -D
/sbin/ipfw add 350 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any www
/sbin/ipfw add 350 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 3128
/sbin/ipfw add 350 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 8080
/sbin/ipfw add 350 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 9000
/sbin/ipfw add 350 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 10000
/sbin/ipfw add deny tcp from any to any 135-137
/sbin/ipfw add deny udp from any to any 135-137
/sbin/ipfw add deny tcp from any to any 6257
/sbin/ipfw add deny udp from any to any 6257
/sbin/ipfw add deny tcp from any to any 6699
/sbin/ipfw add deny udp from any to any 6699
/sbin/ipfw add deny tcp from any to any 2754
/sbin/ipfw add deny udp from any to any 2754
/sbin/ipfw add deny tcp from any to any 2535
/sbin/ipfw add deny udp from any to any 2535
/sbin/ipfw add deny tcp from any to any 4661-4672
/sbin/ipfw add deny udp from any to any 4661-4672
/sbin/ipfw add deny tcp from any to any 1214
/sbin/ipfw add deny udp from any to any 1214
/sbin/ipfw add deny tcp from any to any 1024
/sbin/ipfw add deny udp from any to any 1024
/sbin/ipfw add deny tcp from any to any 6881-6889
/sbin/ipfw add deny udp from any to any 6881-6889
/sbin/ipfw add deny tcp from any to any 6346
/sbin/ipfw add deny udp from any to any 6346
/sbin/ipfw add deny tcp from any to any 8000
/sbin/ipfw add deny udp from any to any 8000
/sbin/ipfw add deny tcp from any to any 8372
/sbin/ipfw add deny udp from any to any 8372
/sbin/ipfw add deny tcp from any to any 8360
/sbin/ipfw add deny udp from any to any 8360

router# ifconfig
rl0: flags=8843 mtu 1500
options=8
inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::21c:f0ff:fe5b:9838%rl0 prefixlen 64 scopeid 0×1
ether 00:1c:f0:5b:98:38
media: Ethernet autoselect (100baseTX )
status: active
rl1: flags=8843 mtu 1500
options=8
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::21c:f0ff:fe5b:96ce%rl1 prefixlen 64 scopeid 0×2
ether 00:1c:f0:5b:96:ce
media: Ethernet autoselect (100baseTX )
status: active
vr0: flags=8802 mtu 1500
ether 00:1b:b9:d3:01:77
media: Ethernet autoselect (none)
status: no carrier
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×5
pfsync0: flags=0<> mtu 2020
pflog0: flags=0<> mtu 33208
tun0: flags=8051 mtu 1492
inet 125.xxx.xx.xx –> 125.162.82.1 netmask 0xffffffff
Opened by PID 241

# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.413.2.6.2.2 2004/10/24 18:02:52 scottl Exp $

machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident NOVERNET

# To statically compile in device wiring instead of /boot/device.hints
#hints “GENERIC.hints” # Default places to look for devices.

options IPDIVERT
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options HZ=1000

options SYSVMSG
options MSGMNB=8192
options MSGMNI=40
options MSGSEG=512
options MSGSSZ=64
options MSGTQL=2048
options SYSVSHM
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096

device pf
device pflog
device pfsync

options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ

options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET

options IPFILTER
options IPFILTER_LOG

router# /usr/sbin/squid -v
Squid Cache: Version 2.6.STABLE18
configure options: ‘–prefix=/usr’ ‘–sysconfdir=/etc/squid’ ‘–enable-async-io=24′ ‘–with-aufs-threads=24′ ‘–with-pthreads’ ‘–with-aio’ ‘–with-dl’ ‘–enable-storeio=aufs,diskd’ ‘–enable-removal-policies=heap’ ‘–enable-icmp’ ‘–enable-delay-pools’ ‘–enable-snmp’ ‘–enable-cache-digests’ ‘–enable-ipf-transparent’ ‘–enable-pf-transparent’ ‘–disable-ident-lookups’ ‘–disable-hostname-checks’ ‘–enable-underscores’ ‘–enable-ssl’ ‘–disable-wccp’ ‘–disable-wccpv2′
router# df -kh
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 19G 1.3G 16G 8% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad4s1d 10G 3.3G 6.2G 35% /cache1
/dev/ad4s1e 10G 3.3G 6.2G 35% /cache2
/dev/ad4s1f 10G 3.4G 6.2G 36% /cache3
/dev/ad4s1g 10G 3.5G 6.0G 37% /cache4
/dev/ad4s1h 9.5G 1.6G 7.1G 19% /cache5

http_port 3128 transparent
icp_port 3130

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
#no_cache deny QUERY

cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99

ipcache_size 4096
ipcache_low 98
ipcache_high 99

fqdncache_size 4096
maximum_object_size 32 MB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir diskd /cache1 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache2 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache3 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache4 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache5 6000 20 256 Q1=72 Q2=88

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
access_log none
cache_log none
allow_underscore on
pid_filename /var/run/squid/squid.pid
cache_store_log none

##REFRESH PATTERN
refresh_pattern yahoo 0 20% 4320
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern -i ? 2 20% 4320 reload-into-ims
refresh_pattern -i cgi-bin 2 20% 4320 reload-into-ims
refresh_pattern http://.*login.yahoo.com/ 10080 20% 4320
refresh_pattern http://.*338a.com/ 3600 20% 4320
refresh_pattern http://*.ibcbet.com/ 0 20% 4320
refresh_pattern . 960 90% 43200 reload-into-ims

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100

client_lifetime 3 hours
shutdown_lifetime 10 seconds
half_closed_clients off
high_memory_warning 400 mb
high_response_time_warning 0
high_page_fault_warning 2
strip_query_terms off
log_fqdn off
memory_pools off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/24

#acl porn url_regex “/etc/squid/bokep.txt”
#acl noporn url_regex “/etc/squid/nobokep.txt”

acl TIME time SMTWHFA 10:00-20:00
acl download url_regex -i ftp .exe$ .mp3$ .mp4$ .tar.gz$ .gz$ .tar.bz2$ .rpm$ .zip$ .rar$
acl download url_regex -i .avi$ .mpg$ .mpeg$ .rm$ .iso$ .wav$ .mov$ .dat$ .mpe$ .mid$ .mp4$
acl download url_regex -i .midi$ .rmi$ .wma$ .wmv$ .ogg$ .ogm$ .m1v$ .mp2$ .mpa$ .wax$ .msi$
acl download url_regex -i .m3u$ .asx$ .wpl$ .wmx$ .dvr-ms$ .snd$ .au$ .aif$ .asf$ .m2v$ .rfx$
acl download url_regex -i .m2p$ .ts$ .tp$ .trp$ .div$ .divx$ .mod$ .vob$ .aob$ .dts$ .3g2$
acl download url_regex -i .ac3$ .cda$ .vro$ .deb$ .cab$ .qt$ .flv$ .swf$ .3gp$ .vqf$ .asf$

acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 84
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 445 213 137 138 32768
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny VIRUS
#http_access deny porn !noporn
http_access deny BADPORTS
http_access allow lan
http_access allow localhost
http_access deny all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
extension_methods register-http-method
ftp_user areksitiung@yahoo.com
ftp_list_width 32
ftp_passive on

forwarded_for off
store_objects_per_bucket 15
store_avg_object_size 13 kb
debug_options ALL,1 98,2
max_open_disk_fds 100
store_dir_select_algorithm round-robin

cache_mgr areksitiung@yahoo.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.nover.net.id
logfile_rotate 1
pipeline_prefetch on
vary_ignore_expire on
cachemgr_passwd cimpronet
buffered_logs on
ignore_unknown_nameservers off
ie_refresh off

delay_pools 3
delay_class 1 1
delay_parameters 1 10000/15000
delay_access 1 allow download TIME
delay_access 1 deny all

ext_if =’tun0′
all_if =’{ tun0 rl1 }’
int_if =’rl1 ‘
noacc =’{ 67 68 69 135 136 137 138 139 213 445 552 554 1034 1080
1433 1434 4000 4444 4661 4662 6257 6346 6347 6699
7070 }’
dfltport=’{ 20 21 80 443 6660:6670 5001 5010 5050 5100 }’
p2p=’{1214 3000:4900 4661:4672 6257 6699 6346 6881:6889 4662 4672}’
prioport=’{ 22 161 162 1740:1900 2075 2212 3000:3200 3700:3999
4001:4900 5000 6900 7000 8000 8360:8364 8352 8372
10011 10021 10031 10041 10051 10061 10071 10102 13412
13413 13450 20000 20201 20202 }’
gameport=’{ 1740:1900 2075 3000:3200 3700:3999 4001:4900 5000 5121 6121 6900
7000 8000 8360:8364 8352 8372 10011 10021 10031 10041 10051 10061
10071 10102 13412 13413 13450 20000 20201 20202 64113 64381 }’
cached =’{ 80 3128 8080 8081 }’
ssh1port=’{ 22 2212 1680 1870 }’
snmpport=’{ 161 162 }’

bio =’block in on’
boo =’block out on’
biqo =’block in quick on’
bdiqo =’block drop in quick on’
bilqo =’block in log quick on’
boqo =’block out quick on’
bdqo =’block drop quick on’
bdoqo =’block drop out quick on’
bdqlo =’block drop quick on’
bqo =’block quick on’
bolqo =’block out log quick on’
poqo =’pass out quick on’
piqo =’pass in quick on’
polqo =’pass out log quick on’
pilqo =’pass in log quick on’
prio =’priority’
pif =’proto tcp from’
pqo =’pass quick on’
puifa =’proto { udp icmp } from any’
puif =’proto { udp icmp } from’
ptufa =’proto { tcp udp } from any’
ptuif =’proto { tcp udp icmp } from’
ptuifa =’proto { tcp udp icmp } from any’
ptuf =’proto { tcp udp } from’
puf =’proto udp from’
ptfa =’proto tcp from any’
pufatap =’proto udp from any to any port’
pufap =’proto udp from any port’
pif =’proto icmp from’
ptf =’proto tcp from’
pifa =’proto icmp from any’
ptufap =’proto { tcp udp } from any port’
fata =’from any to any’
priq0 =’{ q_def0, q_pri0 }’
priq1 =’{ q_def1, q_pri1 }’
apriq0 =’(q_def0, q_pri0)’
apriq1 =’(q_def1, q_pri1)’
fat =’from any to’
poo =’pass out on’
pio =’pass in on’
pef =’persist file’
pst =’persist’
tbl =’table’
crd =’cbq(red default)’
crb =’cbq(red borrow)’
ptt =’proto tcp to’
ks =’keep state’
ms =’modulate state’
st =’set timeout’
bw =’bandwidth’
fa =’from any’
cd =’cbq(default)’
cr =’cbq(red)’
cq =’cbq queue’
hq =’hfsc queue’
fs =’flags S/SA’
qu =’queue’
ql =’qlimit’
rt =’realtime’
ls =’linkshare’
ul =’upperlimit’
pt =’proto tcp’

$st { interval 30, frag 10 }
$st { tcp.first 120, tcp.opening 30, tcp.established 86400 }
$st { tcp.closing 500, tcp.finwait 45, tcp.closed 40 }
$st { udp.first 60, udp.single 30, udp.multiple 60 }
$st { icmp.first 20, icmp.error 10 }
$st { other.first 60, other.single 30, other.multiple 60 }

set limit { states 20000, frags 20000 }
set optimization normal
set block-policy return
set state-policy if-bound
set loginterface $int_if
set loginterface $ext_if

$tbl $pst
$tbl $pst

scrub in
scrub out no-df random-id

#nat on $ext_if from 192.168.1.0/28 -> 202.152.58.197
##nat on xl0 from 192.168.10.0/24 -> 172.16.10.3
nat on tun0 from 192.168.1.0/24 -> 125.162.xx.xxx

#nat on ethernet public from network local -> ip public

rdr on rl1 proto tcp from 192.168.1.0/24 to any port www -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 8080 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 3128 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 9000 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 10000 -> 192.168.1.1 port 3128

$biqo $all_if proto { tcp udp } to port $noacc
$biqo $all_if proto { tcp udp } from port $noacc

$boqo $ext_if to 255.255.255.255
$biqo $ext_if from 255.255.255.255
$boqo $int_if to 255.255.255.255
$biqo $int_if from 255.255.255.255

pass quick on lo0

$bdiqo $all_if from
$bdoqo $all_if to

block in quick on $all_if proto icmp to 69.46.28.205
block in quick on $all_if proto icmp from 69.46.28.205
block in quick on $all_if proto icmp to 70.87.51.179
block in quick on $all_if proto icmp from 70.87.51.179

pass quick proto { tcp udp } to port $snmpport
pass quick proto { tcp udp } from port $snmpport

pass quick inet proto { tcp udp } to port { 123 }
pass quick inet proto { tcp udp } from port { 123 }

pass out proto tcp to port 21 keep state

pass quick inet proto icmp

router# cat /etc/ppp/ppp.conf
#################################################################
# PPP  Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.8 2001/06/21 15:42:26 brian Exp $
#################################################################

default:
set device PPPoE:rl0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun
add default HISADDR
enable dns
speedy:
set authname 11140xxxxx@telkom.net
set authkey xxxxx

Tags:

 

Fri 28 Nov 2008

Kisah Si Semut dan Gajah

Posted by harinto under NET, OS, IT
No Comments

Suatu hari, seekor gajah sedang asyik berenang di sungai, di bawah teriknya panas matahari. Jadi akhirnya dia turun ke sungai, berendam.

Tiba-tiba seekor semut memanggil si gajah dari pinggir sungai, “Jah, Gajah, sini dong!”

Jawab si gajah, “Aah, apaan seh kamu?! Lagi panas banget neeh!”

“Sini dulu dong! Penting neeh, guwe buru-buru mo pergi soalnya. Ato kalo nggak, lo bangun sebentar deh!” teriak si semut.

“Aah, kenapa seh ni anak!” jawab gajah beranjak bangun.

“Oooh, ya udah deh jah, kagak jadi, udah berendam lagi deh lo.” kata si gajah.

“Ah rese’ lo! Kenapa seh lo suruh guwe bangun doang?” maki si gajah.

“Nggak papa, guwe pikir lo pake celana renang guwe.” kata semut santai.

ref.beritanet.com

Tags: