Policy Routing 3 Line Internasional + 1 Line IIX Lokal

Ilustration

ini adalah load balance, tapi bisa juga di sebut sebagai policy routing, jadi kalau ada 1 link ingin di ambil link lokalnya saja, bisa di lempar ke link 1, contoh kasus aku ada 3 wisp, tapi aku ingin ambil 3 line inter-nya dari ke 3 line ini, tapi lokalnya aku lempar ke wisp 1 saja,
============================================
1. pastikan ip2nya sudah siap ya 
--------------------------------------
/ip address> pr
Flags: X - disabled, I - invalid, D - dynamic 
# ADDRESS NETWORK INTERFACE 
0 3.3.3.8/27 3.3.3.0 ns 
1 13.13.13.1/27 13.13.13.0 ether3 
2 1xx.1xx.6x.10x/27 1xx.1xx.xx.xxx ns 
3 172.10.1.1/30 172.10.1.0 monitoring 
4 100.100.100.17/27 100.100.100.0 ns 
5 10.10.10.26/24 10.10.10.0 ns
============================================
2. lalu import dahulu nice dari web _http://mikrotik.co.id/getfile.php?nf=nice.rsc
---------------
3. kita langsung ke mangle, ingat kuncinya di sini...
-------------------------------------------------
Flags: X - disabled, I - invalid, D - dynamic 
0 chain=prerouting action=mark-connection new-connection-mark=con-iix 
passthrough=yes dst-address-list=nice 

1 chain=prerouting action=mark-routing new-routing-mark=routing-iix 
passthrough=yes in-interface=ether3 connection-mark=con-iix 

2 chain=prerouting action=mark-connection new-connection-mark=salak m 
passthrough=yes connection-state=new dst-address-list=!nice 
connection-mark=!con-iix nth=3,3 

3 chain=prerouting action=mark-routing new-routing-mark=salak m passthrough=n>
in-interface=ether3 connection-mark=salak m 

4 chain=prerouting action=mark-connection new-connection-mark=salak 71 
passthrough=yes connection-state=new dst-address-list=!nice 
connection-mark=!con-iix nth=3,2 

5 chain=prerouting action=mark-routing new-routing-mark=salak 71 
passthrough=no in-interface=ether3 connection-mark=salak 71 

6 chain=prerouting action=mark-connection new-connection-mark=jagakarsa 
passthrough=yes connection-state=new dst-address-list=!nice 
connection-mark=!con-iix nth=3,1 

7 chain=prerouting action=mark-routing new-routing-mark=jagakarsa 
passthrough=no in-interface=ether3 connection-mark=jagakarsa 

8 chain=prerouting action=mark-packet new-packet-mark=packet-iix 
passthrough=no connection-mark=con-iix 

9 chain=output action=mark-packet new-packet-mark=packet-iix passthrough=no 
connection-mark=con-iix 

10 chain=prerouting action=mark-packet new-packet-mark=packet-int 
passthrough=no 

11 chain=output action=mark-packet new-packet-mark=packet-int passthrough=no
=============
4. kita ke ip route..
======
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
0 A S dst-address=0.0.0.0/0 gateway=3.3.3.1 
gateway-status=3.3.3.1 reachable bridge1 distance=1 scope=30 
target-scope=10 routing-mark=routing-iix 

1 A S dst-address=0.0.0.0/0 gateway=10.10.10.1 
gateway-status=10.10.10.1 reachable bridge1 distance=1 scope=30 
target-scope=10 routing-mark=salak m 

2 A S dst-address=0.0.0.0/0 gateway=3.3.3.1 
gateway-status=3.3.3.1 reachable bridge1 distance=1 scope=30 
target-scope=10 routing-mark=salak 71 

3 A S dst-address=0.0.0.0/0 gateway=100.100.100.1 
gateway-status=100.100.100.1 reachable bridge1 distance=1 scope=30 
target-scope=10 routing-mark=jagakarsa 

4 ADC dst-address=3.3.3.0/27 pref-src=3.3.3.8 gateway=bridge1 
gateway-status=bridge1 reachable distance=0 scope=10 

5 ADC dst-address=10.10.10.0/24 pref-src=10.10.10.26 gateway=bridge1 
gateway-status=bridge1 reachable distance=0 scope=10 

6 ADC dst-address=13.13.13.0/27 pref-src=13.13.13.1 gateway=ether3 
gateway-status=ether3 reachable distance=0 scope=10 

7 ADC dst-address=100.100.100.0/27 pref-src=100.100.100.17 gateway=bridge1 
gateway-status=bridge1 reachable distance=0 scope=10 

8 ADC dst-address=115.124.68.96/27 pref-src=115.124.68.108 gateway=bridge1 
gateway-status=bridge1 reachable distance=0 scope=10 

9 ADC dst-address=172.10.1.0/30 pref-src=172.10.1.1 gateway=bridge1 
gateway-status=bridge1 reachable distance=0 scope=10
=========
5. nat nya
Flags: X - disabled, I - invalid, D - dynamic 
0 chain=srcnat action=masquerade out-interface=alat 1 
1 chain=srcnat action=masquerade out-interface=alat 2
3 chain=srcnat action=masquerade out-interface=alat 3
dalam nat sebenernya alat itu bisa di kategorikan sebagai modem 1 2 3. dalam praktek saya ini hanyya menngunakan 1 cpe tapi narik 3 line sekaligus

dalam praktek ini bisa saja punya 3 line speedy, 1 speedy ingin di pakai link lokalnya saja, sedangkan 2 line lagi di ambil 22 nya inter maupun lokal,

mohon maav kalau ada salah2 nulis 
membuka arcive jaman masih pake speedy.. mudah2an bermanfaat

Baca Selengkapnya!!

Blokir Bruteforce pada Mikrotik

Memang tak bisa di pungkiri port SSH pada mikrotik sering di jadikan sasaran empuk para cracking buat menyelinap di router, hal itu bisa di atasi dengan cara membuat aturan di firewall, jika gagal login 10 kali maka IP nya akan di blokir 10 hari.. oke langsung saja amati gambar ini dan pahami sendiri

Penampakan Cracking menyerang dengan Bruteforce

Untuk mengatasi nya buka terminal mikrotik anda, dan copy paste script berikut :

ip firewall filter
add action=drop chain=input comment="SECURITY - BRUTEFORCE BLOCKING" disabled=no dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new \
    disabled=no dst-port=22 protocol=tcp

Hasil Copas nya bisa di liat IP>Firewall>Filter Rule

Baca Selengkapnya!!

SMKN5 Banjarmasin Sekarang dah Banyak Berubah

Tak terasa sudah 2 tahun saya lulus dari SMKN5 Banjarmasin, tepatnya dijalan Teluk Dalam samping LP Lembaga Permasyarakatan. Lantas saya mampir sebentar untuk melihat - lihat keadaan sekarang, dari depannya saja sudah banyak perubahan..lantas saya masuk kedalam ingin melihat kelas sekolah saya dulu, WOW... cakep amat, jadi ngiri inget sekolah dulu... lantas saya masuk lebih dalam sampe ujung sekolahan, dan mengambadikan sedikit gambar - gambar bangunan keadaan sekarang.. mulai dari parkiran sekolahah yang sudah tertata rapi, sampai dengan kelas - kelas baru yang baru dibangun, bahkan dulu kantin yang terlihat kumuh, sekarang sudah rapi layaknya kantin - kantin sekolah lain..

Bangunan Kelas Tekhnik Komputer Jaringan Sekarang

Bengkel Bangunan

Kantin Baru "Keren yah"

Bangunan baru gk tau namanya, yang pasti dibelakang deket basket

Baca Selengkapnya!!

INSTALASI SQUID 3 HEAD

konfigurasi Jaringan
====================

port ethernet no.3 ------- SQUID
Klien ---- Switch ---- port ethernet no.2
port ethernet no.1-------Modem

Konfigurasi di MikroTik
=======================

#copy paste command dibawah ini menggunakan menu New Terminal di Winbox#
--------------------------------------------------------------------------
kasi nama interface dan IP address
----------------------------------
/interface ethernet
set 2 name=ether3-proxy

/ip address
add address=192.168.5.1/24 interface=ether3-proxy

Mangle dan Routing TPROXY
-------------------------
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY ROUTING" disabled=yes dst-port=80,443 in-interface=ether2-local new-routing-mark=tproxy_rm passthrough=no \
protocol=tcp
add action=mark-connection chain=prerouting disabled=yes dst-port=80,443 in-interface=ether3-proxy new-connection-mark=tproxy_cm passthrough=yes protocol=tcp \
src-address=!192.168.5.2
add action=mark-routing chain=prerouting connection-mark=tproxy_cm disabled=yes in-interface=!ether3-proxy new-routing-mark=tproxy_rm passthrough=no

add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.5.2 routing-mark=tproxy_rm scope=30 target-scope=10

Instalasi pada PC Proxy
=======================

--Instalasi Web Proxy di Ubuntu Server 12.04 part 1 - Instalasi Ubuntu Server 12.04---

Hardware (silahkan disesuaikan)
========
- Proc Core 2 Duo
- HDD 40 GB
- RAM 1 GB
- CD/DVD RW

Software
========
- Download Ubuntu Server ver 12.04 (iso)
- Download & Install Putty Installer
- Download & Install WinSCP Installer

Persiapan
=========
- Install NIAT terlebih dahulu :-)
- Burn iso file ke CD /DVD
- Set BIOS PC untuk First Boot melalui CD/DVD

Instalasi Ubuntu Server ver 12.04 Lts
=====================================

Silahkan ikuti petunjuk instalasi dibawah ini. Jumlah cache dan besaran cache sila disesuaikan

---- Configure Language, Location, locales ----
- English [ Tekan Enter ]
- Install Ubuntu Server [ Tekan Enter ]
- English [ Tekan Enter ]
- Other [ Tekan Enter ]
- Asia [ Tekan Enter ]
- Indonesia [ Tekan Enter ]
- United States [ Tekan Enter ]

----Configure the keyboard----
- No [ Tekan Enter ]
- English (US) [ Tekan Enter ]
- English (US) [ Tekan Enter ]

---- Configure the network ----
- Continue [ Tekan Enter ]
- Configure Network Manually [ Tekan Enter ]
- IP Address : 192.168.5.2 [ Tekan Enter ]
- Netmask : 255.255.255.0 [ Tekan Enter ]
- Gateway : 192.168.5.1 [ Tekan Enter ]
- Name Server address : 192.168.5.1 [ Tekan Enter ]
- Hostname : BelajarJaringan [ Tekan Enter ]
- Domain name : [ Tekan Enter ]
- Full name for new user : Belajar Jaringan [ Tekan Enter ]
- username for your account : belajar [ Tekan Enter ]
- choose a password for the new user : passwordku [ Tekan Enter ]
- Re-enter password to verify : passwordku [ Tekan Enter ]
- Encrypt your home directory? : No [ Tekan Enter ]

---- Configure the clock ----
- Jakarta

---- Partition disk ----
- Manual
- SCSI1 (0,0,0) (sda) - 42.9 GB [ Tekan Enter ]
- Create New Partition table on this device ? Yes [ Tekan Enter ]

- pri/log 42.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 1 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih /boot - static files of the boot loader [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Bootable flag [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

- pri/log 41.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 2 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih swap area [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

- pri/log 39.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 19.9 GB [ Tekan Enter ] ------------------> Saya sisakan 20 GB untuk cache dir
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih / - the root file system [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

- pri/log 20 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 20 GB [ Tekan Enter ]
- Type for the new partition : Logical [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih ReiserFS journaling file system
- Pilih Mount point [ Tekan Enter ]
- Pilih Enter manually [ Tekan Enter ]
- Hapus /Home ganti menjadi /cache1 [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar], Pilih Notail [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]

- Pilih Finish partitioning and write changes to disk [ Tekan Enter ]
- Write the changes to disks : Yes [ Tekan Enter ]

--- Configure the package manager ----
- HTTP proxy information (blank for none) : [ Tekan Enter ]

--- Configure tasksel ---
- How do you want to manage upgrade on this system? : No automatic updates [ Tekan Enter ]

--- Software selection ---
- Pilih OpenSSH Server [Tekan Tombol Spacebar] [ Tekan Enter ]

--- Install the GRUB boot loader on a hard disk---
- Install the GRUB boot loader to the master boot record? : Yes [ Tekan Enter ]

--- [!!] Finish the installation ---
- Pilih Continue [ Tekan Enter ]
- keluarkan CD Installer

Mengganti Password root
=======================
1. Login ke Proxy melalui WinSCP/ Putty dengan login yg Anda buat sewaktu install
2. ketik perintah dibawah ini
sudo su [tekan ENTER]
(masukkan password user yang anda buat sewaktu install)
3. ketik lagi
passwd root [tekan ENTER]
ENTER new UNIX password : (masukkan password baru untuk root)
Retype new UNIX password : (masukkan kembali password yang sama)

pastikan muncul tulisan : passwd : password updated successfully

Instalasi Squid 3 HEAD
======================
Petunjuk:
--------------
- Login ke Program WinSCP menggunakan user root
- Copy Paste Perintah-Perintah dibawah ini melalui Putty (Copy lalu Klik kanan pada putty tekan Enter) :

apt-get update
apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev
apt-get install sysv-rc-conf

wget http://www1.it.squid-cache.org/Versions/v3/3.HEAD/squid-3.HEAD-20130527-r12855.tar.gz
tar xzvf squid-3.HEAD-20130527-r12855.tar.gz

cd squid-3.HEAD-20130527-r12855

./configure --prefix=/usr \
--bindir=/usr/bin --sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid3 --sysconfdir=/etc/squid3 \
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid3 \
--infodir=/usr/share/info --mandir=/usr/share/man \
--disable-dependency-tracking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp --enable-esi --enable-icap-client \
--disable-wccp --disable-wccpv2 \
--enable-kill-parent-hack --enable-cache-digests --enable-follow-x-forwarded-for --enable-x-accelerator-vary --enable-zph-qos \
--with-default-user=proxy --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 \
--enable-ssl --enable-ssl-crtd --disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu
make && make install

chown -R proxy:proxy /cache1
chown -R proxy:proxy /var/log/squid3

## Copy 2 file berikut menggunakan Program WinSCP
=================================================
- File "squid.conf" (sila download di http://pastebin.com/PKZkLfpD) yang telah diubah dan disesuaikan dengan kebutuhan ke folder: /etc/squid3/
- File "squid" (sila download di http://pastebin.com/8xLYXZQC)ke folder: /etc/init.d/

ijin execute squid
==========================
chmod +x /etc/init.d/squid

Setup SSL Bump
==============
cd /etc/squid3
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
chown -R nobody /var/squid3/lib/ssl_db/
/usr/lib/squid3/ssl_crtd -c -s /var/squid3/lib/ssl_db/certs


swap dir
========
squid -z


Copy Paste Perintah-Perintah dibawah ini pada file /etc/rc.local
================================================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat

iptables -t mangle -F
iptables -t mangle -X

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.5.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129


/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
exit 0


---------------------------------------------------------------------------------------------
Selesai. Hasil test bisa dilihat disini >> http://www.flickr.com/photos/96503603@N07/

Baca Selengkapnya!!