Jumat, 07 Agustus 2009

Membuat router speedy menggunakan mikrotik

maaf kalo salah coz baru belajar,,hehhehehehhe,,,

Anggap saja qt sudah berhasil menginstal mikrotiknya,,,

sekarang qt lanjut ke setting mikrotiknya,hal yg petama qt lakukan adalah membuat IP address, dan memiliki minimal 2 interfaces. Interfaces pertama adalah untuk dari modem ADSL ke Mikrotik, interfaces 2 untuk switch.

[INTERNET]——[MODEM ADSL]——[ROUTER MIKROTIK]——[SWITCH]———[CLIENT]

[shoei@Naon she?] > ip address add address=192.168.1.2/24 interface=ether1 (buat ke modem)

[shoei@Naon she?] > ip address add address=192.168.10.1/24 interface=ether1 (buat ke switch)

qt liat IP yg qt buat

[shoei@Naon she?] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.10.1/24 192.168.10.0 192.168.10.255 Switch
1 192.168.1.2/24 192.168.1.0 192.168.1.255 ether1

[shoei@Naon she?] > interface pppoe-client add name=pppoe-client-speedy user=142xxxxxxxxx@telkom.net
password=XXXXXXXXXX interface=speedy service-name=internet disabled=no

saya buat PPPOE di mikrotik karena saya modusnya briged

[shoei@Naon she?] > ip dns set primary-dns=(DNS utama speedy)

[shoei@Naon she?] > ip dns print
primary-dns: 222.124.204.34
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 90KiB
Selanjutnya setting masquerade, untuk meneruskan perintah dari routing dari semua client ke NAT firewall mikrotik,,

[shoei@Naon she?] >ip firewall nat add chain=srcnat action=masquerade

maaf kalo ada yg salah coz masih belajar,,hehheehhe,,

coz saya lupa-lupa ingat,,hehehhehe
Diposting oleh di Tidak ada komentar:

firewall di mikrotik

skrip bwt firewall di mikrotik

0 ;;; block discovery mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
1 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
2 ;;; block discovery mikrotik
chain=output mac-protocol=ip dst-port=5678 ip-protocol=udp action=drop
3 ;;; block discovery mikrotik
ip firewall filter add chain=input in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
4 ;;; block winbox mikrotik
ip firewall filter add chain=forward in-interface=ether1 mac-protocol=ip dst-port=8291 ip-protocol=tcp action=drop
5 ;;; block request DHCP
ip firewall filter add chain=input mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
6 ;;; block request DHCP
ip firewall filter add chain=forward mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
7 ;;; block request DHCP
ip firewall filter add chain=output mac-protocol=ip dst-port=68 ip-protocol=udp action=drop

8;;;block tracert

ip firewall filter add chain=forward protocol=icmp icmp-options=11:0 action=drop comment="Drop
Traceroute"
ip firewall filter add chain=forward protocol=icmp icmp-options=3:3 action=drop comment="Drop Traceroute"

Mudah-mudahan bemanfaat,,
Diposting oleh di Tidak ada komentar:

packet priority mikrotik

0 ;;; .::By shoei::. Prio P2P
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=prio_conn_p2p passthrough=yes

1 chain=prerouting connection-mark=prio_conn_p2p action=mark-packet
new-packet-mark=prio_p2p_packet passthrough=no

2 ;;; Prio Download_Services
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

3 chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

4 chain=prerouting protocol=tcp dst-port=143 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

5 chain=prerouting protocol=tcp dst-port=993 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

6 chain=prerouting protocol=tcp dst-port=995 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

7 chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

8 chain=prerouting protocol=tcp dst-port=80 connection-bytes=500000-0
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

9 chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection
new-connection-mark=prio_conn_download_services passthrough=yes

10 chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_download_services
passthrough=yes

11 chain=prerouting connection-mark=prio_conn_download_services
action=mark-packet new-packet-mark=prio_download_packet passthrough=yes

12 ;;; Prio Ensign_Services
chain=prerouting protocol=tcp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

13 chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes
14 chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

15 chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

16 chain=prerouting protocol=tcp dst-port=23 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

17 chain=prerouting protocol=tcp dst-port=80 connection-bytes=0-500000
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

18 chain=prerouting protocol=tcp dst-port=179 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

19 chain=prerouting protocol=tcp dst-port=8000 action=mark-connection
new-connection-mark=prio_conn_ensign_services passthrough=yes

20 chain=prerouting connection-mark=prio_conn_ensign_services
action=mark-packet new-packet-mark=prio_ensign_packet passthrough=no

21 ;;; Prio User_Request
chain=prerouting protocol=tcp dst-port=22 packet-size=1400-1500
action=mark-connection new-connection-mark=prio_conn_ensign_services
passthrough=yes

22 chain=prerouting dst-address-list=user_request action=mark-connection
new-connection-mark=prio_conn_user_services passthrough=yes

23 chain=prerouting connection-mark=prio_conn_user_services
action=mark-packet new-packet-mark=prio_request_packet passthrough=yes

24 chain=prerouting protocol=gre action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

25 ;;; Prio_Communication
chain=prerouting protocol=tcp dst-port=5100 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

26 chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

27 chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

28 chain=prerouting protocol=tcp dst-port=1869 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

29 chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

30 chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

31 chain=prerouting protocol=tcp dst-port=6660-7000 action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

32 chain=prerouting protocol=ipencap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

33 chain=prerouting protocol=ipsec-esp action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

34 chain=prerouting protocol=ipsec-ah action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

35 chain=prerouting protocol=ipip action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

36 chain=prerouting protocol=encap action=mark-connection
new-connection-mark=prio_conn_comm_services passthrough=yes

37 chain=prerouting connection-mark=prio_conn_comm_services
action=mark-packet new-packet-mark=prio_comm_packet passthrough=no

nah kl skrip ini bwt paket pritory berdasarkan bandwitch
38 X ;;; .:: By Rendy ::. mark basic client
chain=forward src-address-list=Basic_class_client action=mark-connection
new-connection-mark=Basic_client_conn passthrough=yes

39 X chain=forward connection-mark=basic_client_conn action=mark-packet
new-packet-mark=basic_clien_traffic passthrough=no

40 X ;;; mark srandard client traffic
chain=forward src-address-list=Standard_class_client
action=mark-connection new-connection-mark=standard_client_conn
passthrough=yes

41 X chain=forward connection-mark=standard_client_conn action=mark-packet
new-packet-mark=standard_client_traffic passthrough=no

42 X ;;; mark business client traffic
chain=forward src-address-list=Business_class_client
action=mark-connection new-connection-mark=business_client_conn
passthrough=yes

43 X chain=forward connection-mark=Business_client_conn action=mark-packet
new-packet-mark=business_client_traffic passthrough=no

44 X ;;; Check for unmarked traffic
chain=forward action=log log-prefix=""
Diposting oleh di Tidak ada komentar:

UBUNTU 8.10 with SQUID 2.7.STABLE3 + MYSQL_AUTH

UBUNTU 8.10 (Intrepid Ibex)

with SQUID 2.7.STABLE3 + MYSQL_AUTH

Installasi paket ubuntu 8.10

1. Install squid dengan perintah
# apt-get install squid
lalu ikuti intruksinya

2. Install gcc dan g++ dengan perintah
# apt-get install gcc g++

3. Install mysql perlengkapannya dengan perintah
# apt-get install mysql-server mysql-client libmysqlclient15-dev
ikuti istruksi-intruksi (seperti memasukan password root My SQL)

~ New password for the MySQL “root” user: <– yourrootsqlpassword
~ Repeat password for the MySQL “root” user: <– yourrootsqlpassword

Setelah MySQL terinstall, buat database untuk menyimpan username dan password untuk autentifikasi proxy. Perintahnya sebagai berikut :
# mysql -u root -p

~ Enter password: masukan password MySQL
~ Welcome to the MySQL monitor. Commands end with ; or \g.
~ Your MySQL connection id is 108
~ Server version: 5.0.67-0ubuntu6 (Ubuntu)
~
~ Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
~
~ mysql>

Sekarang kita akan mebuat database untuk mysql_auth
~mysql> CREATE DATABASE dbsquid;

~mysql> USE dbsquid;

~Reading table information for completion of table and column names

~You can turn off this feature to get a quicker startup with -A

~

~Database changed

~mysql> CREATE TABLE user (username text, password text);

~mysql> INSERT INTO user VALUE (’nobody’,'nobody’);

Download dan compilasi

4. Download mysql_auth dengan perintah
# wget http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz

5. Download patch dari mysql_auth 0.8 dengan perintah
# wget http://www.zero-sys.net/portal/download/additionalselect.patch

6. Extract paket mysql_auth 0.8 dengan perintah
# tar xvzf mysql_auth-0.8.tar.gz
lalu masuk ke directory mysql_auth-0.8
# cd mysql_auth-0.8

7. Patch paket mysql_auth 0.8 dengan perintah
# patch -p1 <>

8. Karena mysql_auth haris di compile dulu, dan mysql_auth memerlukan file library mysql.h dan libmysqlclient.a, maka cari dua file tersebut dan lakukan perubahan file Makefile
# locate mysql.h
~ /usr/include/mysql/mysql.h
# locate libmysqlclient.a
~ /usr/lib/libmysqlclient.a
# nano Makefile
karena file mysql.h terapat pada directory /usr/include/mysql dan libmysqlclient.a pada /usr/lib, makacari dan rubah bagian CFLAGS = … menjadi CFLAGS = -I/usr/include/mysql/ -L/usr/lib/
lalu cari juga bagian
$(INSTALL) -o nobody -g nogroup -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf
rubah menjadi
$(INSTALL) -o nobody -g nogroup -m 644 $(CONF) /usr/local/squid/etc/mysql_auth.conf


“ini nih yg biking gw mabok knapa mysql_auth ga jalan2 n portnya ajah ga kebuka2,
tapi pas liat syslog ada error
(mysql_auth): Can’t open mysql_auth config file: /usr/local/squid/etc/mysql_auth.conf!
ya dah dech dirubah lah permission file /usr/local/squid/etc/mysql_auth.conf jadi 644. Buat keamanan setelah selesai dijalanin squid-nya, rubah lagih permission-ny ke 600 ^^”

9. Sekarang rubah file Konfigurasi dari mysql_auth dengan perintah
# nano src/mysql_auth.conf
baca baik-baik, karena kita harus merubah atribut MYSQL (nama user mysql dan passworny, nama databases, nama table, nama field username, nama filed password) dengan konfigurasi MYSQL.
(blom di bahas ya installasi mysql?? ^^ tar lah, yg penting ini dulu)

10. Terakhir Compile dan install dengan perintah
# make
# make install

Kalo compilasi berhasi, dengan tampilan empat baris paling bawah seperti ini :

~ /usr/bin/install -o nobody -g nogroup -m 755 mysql_auth /usr/local/squid/libexec/mysql_auth
~ /usr/bin/install -o root -g root -m 700 mypasswd /usr/local/bin/mypasswd
~ /usr/bin/install -o nobody -g nogroup -m 644 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf
~ /usr/bin/install -o nobody -g nogroup -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf.default

Brarti kopilasi berhasil ^^. Sekarang kita test mysql_auth berfungsi atau tidak, dengan menjalan kan perintah berikut :
# /usr/local/squid/libexec/mysql_auth

Lalu masukan
ini salah

ERR

nobody nobody

OK

Akan muncuk OK jika username/password ada di database, atau ERR jika username/password tidak dalam database atau ada masalah.

Untuk selanjutnya, bisa juga menambah user dan password dalam database dengan menggunakan program bawaan mysql_auth, yaitu mypasswd dengan menjalankan perintah :
# /usr/local/bin/mypasswd

Contoh :
# /usr/local/bin/mypasswd apnet informatika

Squid Configurasi

11. Karena dah ngantuk berat, baca sendiri yah file configurasi saya
# mv /etc/squid/squid.conf.cadangan
# nano /etc/squid/squid.conf

#— keterangan masing2 perintah di tandai # dibawah perintah
http_port 2323
#port 2323 untuk proxy 2323 transparent
visible_hostname boerzproxy
#sebagai penjunjuk nama host
dns_nameservers 127.0.0.1
#karena saya junga menyeting DNS jadi, nameservernya di arahkan ke komputersendiri
cache_mgr mathofany@boerz.com
#cuman unutk mejeng nama
auth_param basic realm BoerZ Network
auth_param basic program /usr/local/squid/libexec/mysql_auth
auth_param basic children 5
auth_param basic credentialsttl 1 minutes
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
acl kompgw src 192.168.3.23/255.255.255.255
#inditifikasi computer gw..he..he.. biat khusus
acl lan src 192.168.16.0/24
#menginditifikasi network 192.168.3.x sebagai jaringan khusus (SSID BOERZ_WiFi)
acl kamar src 192.168.3.0/24
#menginditifikasi network 192.168.3.x sebagai kamar
acl umum src 172.16.23.0/24
#menginditifikasi network 172.16.23.x sebagai umum (SSID boerz_internet)
acl all src 0.0.0.0/0.0.0.0
#standar inditifikasi squid
acl pemakai proxy_auth REQUIRED
http_access allow pemakai
# ini neh2 yg network ga jelas pake autentifikasi
http_access deny kompgw
#khusus komputer gw di matiin, biar nge NAT ajah
http_access allow umum
#umum diijinkan untuk berSquid
http_access deny kamar
#karena mau coba mysql_auth jadi di matiin ajah
http_access allow lan
#lan untuk bisa kemana2
http_access deny all
#network ja jelas di matiin biar lewat mysql_auth
#untuk di bawah ini standarlah, bisa di baca di http://www.brennan.id.au/11-Squid_Web_Proxy.html
icp_port 0
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
log_fqdn off
# delay ah bwt SSID boerz_internet
delay_pools 1
delay_class 1 1
#delay_access 1 allow umum
delay_parameters 1 8000/8000
#========================================================================$
# OPTIONS WHICH AFFECT THE NEIGHBOUR SELECTION ALGORITHM# ======================================================================$
dead_peer_timeout 30 seconds
mcast_icp_query_timeout 10
log_icp_queries on
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
request_timeout 30 seconds
#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin ?
#no_cache deny QUERY
# ======================================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#=======================================================================$
cache_mem 32 MB
#nanti ganti ke 128
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

12. Terkahir jalankan atau restart daemon squid dengan perintah
# /etc/init.d/squid restart
klo terdapat [OK] berarti selesai sudah

Karena untuk autentifikasi squid ga bisa di setting transparent, maka harus menyeting browser client dengan IP dan PORT squid server ^^. Klo di mozila masuk ke Tools, Options, Advanced, Network, dan klik tombol Setting. Setelah keluar jendela Connection setting, pilih Manual Proxy Configuration, lalu masukan alamat proxy server kita dan portnya, lalu klik Use this proxy server for all protocol

Pada konfigurasi file squid.conf, untuk acl yg di http_access allow, bisa menggunakan proxy transparent. Jadi tidak usah memasukan ip proxy server dan port-nya. Dengan memasukan firewall iptables sebagai berikut :

#iptables -t nat -A PREROUTING -i eth3 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:2323

#iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp -dport 80 -j REDIRECT --to-ports 2323

Dimana 192.168.1.1 merupakan IP computer squid server dan 2323 adalah port squid server
Dan karena ada acl kompgw src 192.168.3.23/255.255.255.255 yg di NAT, jadi kita tambahkan

# iptables -t nat -I POSTROUTING -s 192.168.3.23 -o eth2 -j MASQUERADE

Referensi :

http://www.howtoforge.com/perfect-server-ubuntu-8.10
http://people.arxnet.hu/airween/mysql_auth/
http://www.zero-sys.net/portal/squid+mysql_auth+patch.html
http://boerz.wordpress.com/2008/03/17/nat_dhcp_firewall/
http://www.boerz.com

Time Quota With SQUID and MySQL_AUTH

Setelah melakukan installasi di atas,

1. Tambahkan field quota di table dbsquid yg dibuat di atas

2. Buka file source code mysql_auth.c
# nano src/ mysql_auth.c

3. Edit file tersebut sehingga menjadi seperti di bawah ini :

/*
* mysql_auth – mysql based authenticator for Squid Proxy
*
* mysql_auth.c
* (C) 2002 Ervin Hegedus
* edited by boerz
* Released under GPL, see COPYING-2.0 for details.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include “define.h”
#include “extern.h”
long waktu(char namauser[]){
FILE *handle;
char buffer[256],kata[256],sukukata[10][256],nama[256],status[256];
int i,j,k;
time_t clockval;
time_t now=time(NULL);
struct tm tnow, datatgl;
tnow = *localtime(&now);
char bulan[3],tahun[5];
int nbulan,ntahun,dtbulan,dttahun;
strftime(bulan,3,”%m”,&tnow);
strftime(tahun,5,”%Y”,&tnow);
nbulan=atoi(bulan);
ntahun=atoi(tahun);
long totaldurasi,durasi;
if((handle=fopen(”/var/log/squid/access.log”,”r”))==NULL){
printf(”File na atuh cauu…!\n”);
return(0);
}
totaldurasi=0;
while(!feof(handle)){
fgets(buffer,256,handle);
i=j=k=0;
durasi=0;
while(buffer[i]){
if(i>0){
if(isspace(buffer[i])){
if(isspace(buffer[i-1])){
i++;
}else{
strcpy(sukukata[k],kata);
bzero(kata,256);
i++;
j=0;
k++;
if(k>=10)break;
}
}else{
kata[j]=buffer[i];
i++;
j++;
}
}else{
kata[j]=buffer[i];
i++;
j++;
}
}
sscanf(sukukata[3],”%s”,&status);
if(strcmp(status,”TCP_DENIED/407″)!=0){
//simpan nama
sscanf(sukukata[7],”%s”,&nama);
if(strcmp(nama,namauser)==0){
sscanf(sukukata[1],”%ld”,&durasi);
sscanf(sukukata[0],”%lu”,&clockval);
datatgl=*localtime(&clockval);
strftime(bulan,3,”%m”,&datatgl);
strftime(tahun,5,”%Y”,&datatgl);
dtbulan=atoi(bulan);
dttahun=atoi(tahun);
if((nbulan==dtbulan) && (ntahun==dttahun)){
totaldurasi+=durasi;
//printf(”%s = %ld\n”,nama,durasi);
}
}
}
}
fclose(handle);
return(totaldurasi-durasi);
} //long waktu
int main ()
{
MYSQL connect;
MYSQL_RES *result;
MYSQL_ROW row;
struct my_params parameters;
char user[MAX_STRLEN], password[MAX_STRLEN];
long quota;
char query[MAXLENGTH], input[MAX_STRLEN];
char *tstring;
setbuf (stdout, NULL);
/*
* try open and read config file, config file place’ see define.h
*/
if (parse (&parameters) != 0) {
// question to squid devels: is require print ERR message
// when some error occur at initialize of authenticator?
fprintf (stdout, “ERR\n”);
exit (1);
}
/*
* first, it must to initialize MYSQL variable
*/
mysql_init (&connect);
if (&connect == NULL) {
syslog (LOG_WARNING, “Can’t initialize MYSQL structure!”);
puts (”ERR”);
exit (1);
}
/*
* try connect to mysql database, with those user/password, what are
* defined in mysql_auth.conf – this is the squid -> mysql connect pair!
*/
mysql_real_connect (&connect, parameters.var_host_name, parameters.var_user_name,\
parameters.var_user_password, parameters.var_database_name,\
0, parameters.var_mysqld_socket, 0);
/*
* if error returns, log trough syslog
*/
if (mysql_errno (&connect)) {
syslog (LOG_WARNING, “Can’t connect to mysql server: %s.\n”, parameters.var_host_name);
syslog (LOG_WARNING, “Error was: %d – %s.\n”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
exit (1);
}
/*
* try to select from table – there is all the same,
* what will the result
*/
memset (query, 0, strlen (query) + 1);
sprintf (query, “SELECT * FROM %s WHERE %s LIKE ’squid’ AND %s LIKE ’squid’”, \
parameters.var_table_name,\
parameters.var_user_column,\
parameters.var_password_column);
mysql_query (&connect, query);
// error occur, example invalid table name…
if (mysql_errno (&connect)) {
syslog (LOG_WARNING, “Can’t select from table – error was: %d – %s”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
exit (1);
}
/*
* these are requires for mysql fuctions
*/
result = mysql_use_result (&connect);
while (mysql_fetch_row (result));
mysql_free_result(result);
/**********************************
* start of auth method
**********************************/
memset (input, 0, MAX_STRLEN);
while (fgets(input, MAX_STRLEN, stdin)) {
user[0] = ”;
password[0] = ”;
/*
* may be this method is too difficult – who knows more about safety of strtok()?
*/
tstring = strtok (input, ” “);
if (tstring == NULL) { // empty username
puts (”ERR”);
continue;
}
else {
strcpy (user, tstring);
tstring = strtok (NULL, ” \n”);
if (tstring == NULL) { // empty password
puts (”ERR”);
continue;
}
else {
if (strcasecmp (parameters.var_encrypt_password_form, “yes”) == 0) {
sprintf (password, “password (\”%s\”)”, tstring);
}
else {
sprintf (password, “‘%s’”, tstring);
}
}
}
memset (query, 0, strlen (query) + 1);
//waktu(user) ukurannya per milli second jadi 1 jam = 1* 60 * 60 * 1000 = 3600000 milisecond
// waktu ukuran -1 berarti unlimited
sprintf (query, “SELECT * FROM %s WHERE %s LIKE ‘%s’ AND %s LIKE %s AND (quota >= ‘%ld’ OR quota = ‘-1′)”, \
parameters.var_table_name,\
parameters.var_user_column, user,\
parameters.var_password_column, password, waktu(user)
);
//printf(”%ld\n”,waktu(user));
mysql_query (&connect, query);
/*
* may be when mysql_auth runs, meantime lost
* connection,
* mysql admin change permission, etc…
* in this case don’t will exit, just return ERR
* message
*/
if (mysql_errno (&connect)) { syslog (LOG_WARNING, “Can’t select from table – error was: %d – %s”,\
mysql_errno (&connect), mysql_error (&connect));
puts (”ERR”);
}
else {
result = mysql_use_result (&connect);
while ((row = mysql_fetch_row (result)));
/*
* the number of result is 1 – this doesn’t allow
* more than one account!!!
*/
if (mysql_num_rows (result) == 1) {
puts (”OK”);
}
else {
syslog (LOG_WARNING, “%s login failed.”, user);
puts (”ERR”);
}
mysql_free_result(result);
}
memset (input, 0, MAX_STRLEN);
}
mysql_close (&connect);
return 0;
}

4. Compile code di atas menggunakan perintah berikut :

# gcc -o mysql_auth src/mysql_auth.c src/confparser.c -lmysqlclient -I/usr/include/mysql/ -L/usr/lib/

5. Stop daemon squid

# /etc/init.d/squid stop

6. Copikan hasil compilasi source code untuk auth_param basic program ke target file /usr/local/squid/libexec/mysql_auth dengan perintah
# cp ./mysql_auth /usr/local/squid/libexec/mysql_auth

Jalankan kembali daemon squid
# /etc/init.d/squid start

7. Lakukan test authentifikasi dengan menjalankan file compilasi

# /usr/local/squid/libexec/mysql_auth

# boerz 12345
~ ERR

8. Isikan field quota di database dbsquid dengan nilai besar seperti 50000000 ( dalam ukuran milidetik).

9. Jalankan kembali langkah 7 di dapatkan hasil seperti di bawah ini

# /usr/local/squid/libexec/mysql_auth

# boerz 12345
~ OK

10. Test di browser ^^… karena credentialsttl 1 minutes maka coneksi terputus authentifikasi dalam 1 menit setelah tidak melakukan browsing ^^

referensi ini saya ambil dari http://boerz.wordpress.com/2009/01/01/ubuntu-810-with-squid-27stable3-mysql_auth/#more-201


Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)