all about tutorial
Jumat, 27 April 2012
Hacking untuk pemula
Sejarah Linux
Jumat, 07 Agustus 2009
Membuat router speedy menggunakan mikrotik
Anggap saja qt sudah berhasil menginstal mikrotiknya,,,
sekarang qt lanjut ke setting mikrotiknya,hal yg petama qt lakukan adalah membuat IP address, dan memiliki minimal 2 interfaces. Interfaces pertama adalah untuk dari modem ADSL ke Mikrotik, interfaces 2 untuk switch.
[INTERNET]——[MODEM ADSL]——[ROUTER MIKROTIK]——[SWITCH]———[CLIENT]
[shoei@Naon she?] > ip address add address=192.168.1.2/24 interface=ether1 (buat ke modem)
[shoei@Naon she?] > ip address add address=192.168.10.1/24 interface=ether1 (buat ke switch)
qt liat IP yg qt buat
[shoei@Naon she?] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.10.1/24 192.168.10.0 192.168.10.255 Switch
1 192.168.1.2/24 192.168.1.0 192.168.1.255 ether1
[shoei@Naon she?] > interface pppoe-client add name=pppoe-client-speedy user=142xxxxxxxxx@telkom.net
password=XXXXXXXXXX interface=speedy service-name=internet disabled=no
saya buat PPPOE di mikrotik karena saya modusnya briged
[shoei@Naon she?] > ip dns set primary-dns=(DNS utama speedy)
[shoei@Naon she?] > ip dns print
primary-dns: 222.124.204.34
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 90KiB
Selanjutnya setting masquerade, untuk meneruskan perintah dari routing dari semua client ke NAT firewall mikrotik,,
[shoei@Naon she?] >ip firewall nat add chain=srcnat action=masquerade
maaf kalo ada yg salah coz masih belajar,,hehheehhe,,
coz saya lupa-lupa ingat,,hehehhehe
firewall di mikrotik
0 ;;; block discovery mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
1 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
2 ;;; block discovery mikrotik
chain=output mac-protocol=ip dst-port=5678 ip-protocol=udp action=drop
3 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
4 ;;; block winbox mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=8291 ip-protocol=tcp action=drop
5 ;;; block request DHCP
ip firewall filter add chain=input mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
6 ;;; block request DHCP
ip firewall filter add chain=forward mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
7 ;;; block request DHCP
ip firewall filter add chain=output mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
8;;;block tracert
ip firewall filter add chain=forward protocol=icmp icmp-options=11:0 action=drop comment="Drop
Traceroute"
ip firewall filter add chain=forward protocol=icmp icmp-options=3:3 action=drop comment="Drop Traceroute"
Mudah-mudahan bemanfaat,,
packet priority mikrotik
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=prio_conn_p2p passthrough=yes
1 chain=prerouting connection-mark=prio_conn_p2p action=mark-packet
new-packet-mark=prio_p2p_packet passthrough=no
2 ;;; Prio Download_Services
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
3 chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
4 chain=prerouting protocol=tcp dst-port=143 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
5 chain=prerouting protocol=tcp dst-port=993 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
6 chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
7 chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
8 chain=prerouting protocol=tcp dst-port=80 connection-bytes=500000-0
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes
9 chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes
10 chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes
11 chain=prerouting connection-mark=prio_conn_download_services
action=mark-packet new-packet-mark=prio_download_packet passthrough=yes
12 ;;; Prio Ensign_Services
chain=prerouting protocol=tcp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
13 chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
14 chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
15 chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
16 chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
17 chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes
18 chain=prerouting protocol=tcp dst-port=179 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
19 chain=prerouting protocol=tcp dst-port=8000 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
20 chain=prerouting connection-mark=prio_conn_ensign_services
action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no
21 ;;; Prio User_Request
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes
22 chain=prerouting dst-address-list=user_request action=mark-connection
new-connection-mark=prio_conn_user_services passthrough=yes
23 chain=prerouting connection-mark=prio_conn_user_services
action=mark-packet new-packet-mark=prio_request_packet passthrough=yes
24 chain=prerouting protocol=gre action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
25 ;;; Prio_Communication
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
26 chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
27 chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
28 chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
29 chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
30 chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
31 chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
32 chain=prerouting protocol=ipencap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
33 chain=prerouting protocol=ipsec-esp action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
34 chain=prerouting protocol=ipsec-ah action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
35 chain=prerouting protocol=ipip action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
36 chain=prerouting protocol=encap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes
37 chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet new-packet-mark=prio_comm_packet passthrough=no
nah kl skrip ini bwt paket pritory berdasarkan bandwitch
38 X ;;; .:: By Rendy ::. mark basic client
chain=forward src-address-list=Basic_class_client action=mark-connection
new-connection-mark=Basic_client_conn passthrough=yes
39 X chain=forward connection-mark=basic_client_conn action=mark-packet
new-packet-mark=basic_clien_traffic passthrough=no
40 X ;;; mark srandard client traffic
chain=forward src-address-list=Standard_class_client
action=mark-connection new-connection-mark=standard_client_conn
passthrough=yes
41 X chain=forward connection-mark=standard_client_conn action=mark-packet
new-packet-mark=standard_client_traffic passthrough=no
42 X ;;; mark business client traffic
chain=forward src-address-list=Business_class_client
action=mark-connection new-connection-mark=business_client_conn
passthrough=yes
43 X chain=forward connection-mark=Business_client_conn action=mark-packet
new-packet-mark=business_client_traffic passthrough=no
44 X ;;; Check for unmarked traffic
chain=forward action=log log-prefix=""
UBUNTU 8.10 with SQUID 2.7.STABLE3 + MYSQL_AUTH
UBUNTU 8.10 (Intrepid Ibex)
with SQUID 2.7.STABLE3 + MYSQL_AUTH
Installasi paket ubuntu 8.10
1. Install squid dengan perintah
# apt-get install squid
lalu ikuti intruksinya
2. Install gcc dan g++ dengan perintah
# apt-get install gcc g++
3. Install mysql perlengkapannya dengan perintah
# apt-get install mysql-server mysql-client libmysqlclient15-dev
ikuti istruksi-intruksi (seperti memasukan password root My SQL)
~ New password for the MySQL “root” user: <– yourrootsqlpassword
~ Repeat password for the MySQL “root” user: <– yourrootsqlpassword
Setelah MySQL terinstall, buat database untuk menyimpan username dan password untuk autentifikasi proxy. Perintahnya sebagai berikut :
# mysql -u root -p
Sekarang kita akan mebuat database untuk mysql_auth
~mysql> CREATE DATABASE dbsquid;
~mysql> USE dbsquid;
~Reading table information for completion of table and column names
~You can turn off this feature to get a quicker startup with -A
~
~Database changed
~mysql> CREATE TABLE user (username text, password text);
~mysql> INSERT INTO user VALUE (’nobody’,'nobody’);
Download dan compilasi
4. Download mysql_auth dengan perintah
# wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz
5. Download patch dari mysql_auth 0.8 dengan perintah
# wget http://www.zero-sys.net/portal/download/additionalselect.patch
6. Extract paket mysql_auth 0.8 dengan perintah
# tar xvzf mysql_auth-0.8.tar.gz
lalu masuk ke directory mysql_auth-0.8
# cd mysql_auth-0.8
7. Patch paket mysql_auth 0.8 dengan perintah
# patch -p1 <>
8. Karena mysql_auth haris di compile dulu, dan mysql_auth memerlukan file library mysql.h dan libmysqlclient.a, maka cari dua file tersebut dan lakukan perubahan file Makefile
# locate mysql.h
~ /usr/include/mysql/mysql.h
# locate libmysqlclient.a
~ /usr/lib/libmysqlclient.a
# nano Makefile
karena file mysql.h terapat pada directory /usr/include/mysql dan libmysqlclient.a pada /usr/lib, makacari dan rubah bagian CFLAGS = … menjadi CFLAGS = -I/usr/include/mysql/ -L/usr/lib/
lalu cari juga bagian
$(INSTALL) -o nobody -g nogroup -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf
rubah menjadi
$(INSTALL) -o nobody -g nogroup -m 644 $(CONF) /usr/local/squid/etc/mysql_auth.conf
“ini nih yg biking gw mabok knapa mysql_auth ga jalan2 n portnya ajah ga kebuka2,
tapi pas liat syslog ada error
(mysql_auth): Can’t open mysql_auth config file: /usr/local/squid/etc/mysql_auth.conf!
ya dah dech dirubah lah permission file /usr/local/squid/etc/mysql_auth.conf jadi 644. Buat keamanan setelah selesai dijalanin squid-nya, rubah lagih permission-ny ke 600 ^^”
9. Sekarang rubah file Konfigurasi dari mysql_auth dengan perintah
# nano src/mysql_auth.conf
baca baik-baik, karena kita harus merubah atribut MYSQL (nama user mysql dan passworny, nama databases, nama table, nama field username, nama filed password) dengan konfigurasi MYSQL.
(blom di bahas ya installasi mysql?? ^^ tar lah, yg penting ini dulu)
10. Terakhir Compile dan install dengan perintah
# make
# make install
Kalo compilasi berhasi, dengan tampilan empat baris paling bawah seperti ini :
~ /usr/bin/install -o nobody -g nogroup -m 755 mysql_auth /usr/local/squid/libexec/mysql_auth ~ /usr/bin/install -o root -g root -m 700 mypasswd /usr/local/bin/mypasswd ~ /usr/bin/install -o nobody -g nogroup -m 644 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf ~ /usr/bin/install -o nobody -g nogroup -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf.defaultBrarti kopilasi berhasil ^^. Sekarang kita test mysql_auth berfungsi atau tidak, dengan menjalan kan perintah berikut :
# /usr/local/squid/libexec/mysql_auth
Lalu masukan
ini salah
ERR
nobody nobody
OK
Akan muncuk OK jika username/password ada di database, atau ERR jika username/password tidak dalam database atau ada masalah.
Untuk selanjutnya, bisa juga menambah user dan password dalam database dengan menggunakan program bawaan mysql_auth, yaitu mypasswd dengan menjalankan perintah :
# /usr/local/bin/mypasswd
Contoh :
# /usr/local/bin/mypasswd apnet informatika
Squid Configurasi
11. Karena dah ngantuk berat, baca sendiri yah file configurasi saya
# mv /etc/squid/squid.conf.cadangan
# nano /etc/squid/squid.conf
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
log_fqdn off # delay ah bwt SSID boerz_internet
delay_pools 1
delay_class 1 1
#delay_access 1 allow umum
delay_parameters 1 8000/8000 #========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM# ======================================================================$ dead_peer_timeout 30 seconds
mcast_icp_query_timeout 10
log_icp_queries on
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
request_timeout 30 seconds
#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin ?
#no_cache deny QUERY # ======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$ cache_mem 32 MB
#nanti ganti ke 128
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
12. Terkahir jalankan atau restart daemon squid dengan perintah
# /etc/init.d/squid restart
klo terdapat [OK] berarti selesai sudah
Karena untuk autentifikasi squid ga bisa di setting transparent, maka harus menyeting browser client dengan IP dan PORT squid server ^^. Klo di mozila masuk ke Tools, Options, Advanced, Network, dan klik tombol Setting. Setelah keluar jendela Connection setting, pilih Manual Proxy Configuration, lalu masukan alamat proxy server kita dan portnya, lalu klik Use this proxy server for all protocol
Pada konfigurasi file squid.conf, untuk acl yg di http_access allow, bisa menggunakan proxy transparent. Jadi tidak usah memasukan ip proxy server dan port-nya. Dengan memasukan firewall iptables sebagai berikut :
#iptables -t nat -A PREROUTING -i eth3 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:2323
#iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp -dport 80 -j REDIRECT --to-ports 2323
Dimana
192.168.1.1 merupakan IP computer squid server dan
2323 adalah port squid server
Dan karena ada
acl kompgw src 192.168.3.23/255.255.255.255 yg di NAT, jadi kita tambahkan
# iptables -t nat -I POSTROUTING -s 192.168.3.23 -o eth2 -j MASQUERADE
Referensi :
Time Quota With SQUID and MySQL_AUTH
Setelah melakukan installasi di atas,
1. Tambahkan field quota di table dbsquid yg dibuat di atas
2. Buka file source code mysql_auth.c
# nano src/ mysql_auth.c
3. Edit file tersebut sehingga menjadi seperti di bawah ini :
/* * mysql_auth – mysql based authenticator for Squid Proxy * * mysql_auth.c * (C) 2002 Ervin Hegedus * edited by boerz * Released under GPL, see COPYING-2.0 for details. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include4. Compile code di atas menggunakan perintah berikut :
# gcc -o mysql_auth src/mysql_auth.c src/confparser.c -lmysqlclient -I/usr/include/mysql/ -L/usr/lib/
5. Stop daemon squid
# /etc/init.d/squid stop
6. Copikan hasil compilasi source code untuk auth_param basic program ke target file /usr/local/squid/libexec/mysql_auth dengan perintah
# cp ./mysql_auth /usr/local/squid/libexec/mysql_auth
Jalankan kembali daemon squid
# /etc/init.d/squid start
7. Lakukan test authentifikasi dengan menjalankan file compilasi
# /usr/local/squid/libexec/mysql_auth
# boerz 12345
~ ERR
8. Isikan field quota di database dbsquid dengan nilai besar seperti 50000000 ( dalam ukuran milidetik).
9. Jalankan kembali langkah 7 di dapatkan hasil seperti di bawah ini
# /usr/local/squid/libexec/mysql_auth
# boerz 12345
~ OK
10. Test di browser ^^… karena credentialsttl 1 minutes maka coneksi terputus authentifikasi dalam 1 menit setelah tidak melakukan browsing ^^
referensi ini saya ambil dari http://boerz.wordpress.com/2009/01/01/ubuntu-810-with-squid-27stable3-mysql_auth/#more-201