~]*[ rahox ]*[~: March 2016

Tuesday, March 29, 2016

Config Smokeping

Langkah langkah membuat sokeping latency grapher :

Install :

apt-get install smokeping sendmail -y

Buat file /etc/apache2/sites-enabled/smokeping.conf dan chmod 644

ScriptAlias /smokeping/smokeping.cgi /usr/lib/cgi-bin/smokeping.cgi
Alias /smokeping /usr/share/smokeping/www

<Directory "/usr/share/smokeping/www">
Options FollowSymLinks
</Directory>

Enable modul smokeping.conf

root@pi /etc/apache2/mods-available # a2ensite smokeping.conf
Enabling site smokeping.
To activate the new configuration, you need to run:
service apache2 reload

Enable modul cgi (karena sokeping butuh cgi)

root@pi /etc/apache2/sites-available # a2enmod cgi
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Your MPM seems to be threaded. Selecting cgid instead of cgi.
Enabling module cgid.
To activate the new configuration, you need to run:
service apache2 restart

Edit file /etc/smokeping/config.d/Targets

*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing Latency Grapher

+ Local

menu = Local
title = Local Network
#parents = owner:/Test/James location:/

++ LocalMachine

menu = Local Machine
title = This host
host = localhost
#alerts = someloss


+ GlobalSite
menu = INTER
title = International Sites
 
++ Dota2
menu    = Dota2
title   = Dota2-103.28.54.1
host    = 103.28.54.1

++ Dota2-55
menu    = Dota2-55
title   = Dota2-103.28.55.250
host    = 103.28.55.250

++ GhostRecon
menu = GhostRecon
title = GhostRecon 54.64.204.13
host    = 54.64.204.13

++ AVA
menu = AVA
title = AVA 119.46.129.61
host = 119.46.129.61


++ PSO2
menu    = PSO2
title   = PhantasyStarOnline2-121.52.201.113
host    = 121.52.201.113

++ SOXDN2
menu    = SOXDN2
title   = SOXDN2-112.140.186.203
host    = 112.140.186.203

++ StormDN
menu    = StormDN
title   = StormDN-198.44.249.1
host    = 198.44.249.1

++ EVE
menu    = EVE
title   = EVE-119.81.16.118
host = 119.81.16.118

++ Facebook
menu = Facebook
title = Facebook 31.13.79.246
host = 31.13.79.246
 
++ Yahoo
menu = Yahoo
title = Yahoo
host = 106.10.139.246


+ LocalSites
menu = LOCAL
title = Local Sites
 

++ CBN
menu    = CBN
title   = CBN
host    = 202.158.92.218

++ Detik
menu = Detik
title = Detik 203.190.241.43
host = 203.190.241.43

++ Detik69
menu    = Detik
title   = Detik 203.190.242.69
host    = 203.190.242.69
 
++ Dizzel
menu    = Dizzel
title   = Dizzel-103.18.35.1
host    = 103.18.35.1

++ DotaNusa
menu = DotaNusa
title = dota.nusa.net.id
host = 202.162.207.111

++ GarenaLOL
menu    = GarenaLOL
title   = Garena LOL - 103.248.58.254
host    = 103.248.58.254

++ PBGarenaID
menu    = PBGarenaID
title   = PointBlank Garena ID
host    = 43.252.187.1

++ Asiasoft-AVA
menu    = Asiasoft-AVA
title   = Asiasoft-AVA 203.1.25.21
host    = 203.1.25.21

++ GarenaFifa
menu    = GarenaFifaSg
title   = Garena FifaOnline3 Singapore - 203.116.219.129
host    = 203.116.219.129

++ SpecialForce2
menu    = SpecialForce2
title   = Special Force 2 - 103.249.58.254 - via 202.43.74.76 
host    = 202.43.74.76

++ DotaGoGamers
menu    = DotaGoGamers
title   = dota.gogamers.us
host    = 49.128.182.218

++ Gemscool-Lama
menu = GemscoolLama
title = Gemscool-203.89.146.118
host = 203.89.146.118

++ Gemscool-Baru-21
menu    = GemscoolBaru
title   = Gemscool-49.50.7.21
host    = 49.50.7.21

#++ Gemscool-Baru-254
#menu = GemscoolBaru-254
#title = Gemscool-49.50.7.254-(tracert via telkom)
#host = 49.50.7.254

++ MusuhAbadi
menu    = MusuhAbadi
title   = MusuhAbadi-103.29.186.20
host    = 103.29.186.20

++ Wavegame
menu = Wavegame
title = Wavegame-116.212.98.1
host = 116.212.98.1

++ Lytogame
menu = Lytogame
title = Lytogame-202.93.16.1
host = 202.93.16.1

++ LytogameCF
menu    = LytogameCF
title   = Lytogame CrossFire-202.93.21.80
host    = 202.93.21.80

++ Megaxus
menu = Megaxus
title = Megaxus-122.102.47.10
host = 122.102.47.10
#122.102.48.1

++ XSHOT
menu    = XSHOT
title   = XSHOT-180.178.110.20
host    = 180.178.110.20

++ CSO
menu    = CSO
title   = CSO-122.102.53.48
host    = 122.102.53.48

++ HeroesOfNewerth
menu = HON
title = HeroesOfNewerth-103.4.175.34
host = 103.4.175.34


+ CPE
menu  = CPE
title  = CPE All Client

++ SSN
menu    = SSN
title = SSN 113.20.143.1
host    = 113.20.143.1


+ ContohParent
menu    = ContohParent
title   = Ini Adalah Contoh Parent

++ gcp
menu    = gcp
title   = gcp
host    = 10.10.2.2

Lalu buka browser http://ip-smokepingnya.net/smokeping/smokeping.cgi

Saturday, March 26, 2016

Bagi yang penasaran aja...
Manipulasi speedtest (speed, IP, ISP)-squid 3.x TPROXY mode Feat Apache2 dalam 1 mesin

===url:
http://www.speedtest.net/
http://speedtest.telin.co.id/
http://speedtest.cbn.net.id/

===sample url yg direwrite:
--speedtest >> unt yg ini uda pada jago
http://nms-bdg.neuviz.net.id/speedtest/speedtest/latency.txt?x=1458959070078
http://nms-bdg.neuviz.net.id/speedtest/speedtest/random350x350.jpg?x=1458959071250&y=1
http://nms-bdg.neuviz.net.id/speedtest/speedtest/upload.php?x=0.17716197622939944

--IP/ISP
http://www.speedtest.net/id/speedtest-config.php?x=1439780380789
http://api.ookla.com/ipaddress.php

=======script rewriter.pl======
#!/usr/bin/perl
# @ http://www2.fh-lausitz.de/launic/comp/misc/squid/projekt_youtube/
# referensi dan terimakasih khususnya pada MikroTiker N SquidLover-Ces Pun-Syaifudin JW aka Ucok Karnadi
#### var
use IO::File;
$|=1;
STDOUT->autoflush(1);
$debug=0; ## recommended:0
$bypassallrules=0; ## recommended:0
$sucks=""; ## unused
$sucks="sucks" if ($debug>=1);
$timenow="";
$printtimenow=1; ## print timenow: 0|1
my $logfile = '/tmp/rewrite-ruwet.log';

open my $logfh, '>>', $logfile
or die "Couldn't open $logfile for appending: $!\n" if $debug;
$logfh->autoflush(1) if $debug;

while (<>) {
$timenow=time()." " if ($printtimenow);
‪#‎print‬ $logfh "$timenow"."in : $_" if ($debug>=1);
#print $logfh "in : $_" if ($debug>=1);
chop; ## strip eol
my $urlku = $_;
#@X = split;
@X = split(" ",$urlku);
$a = $X[0]; ## chanel
$b = $X[1]; ## url
$c = $X[2]; ## ip
$u = $b; ## url

print $logfh "in : $_\n" if ($debug>=1);

if ($bypassallrules){
$out="$u"; ## map 1:1

} elsif ($u=~ m/^http:\/\/.*\/(speedtest\/.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/$1";

} elsif ($u=~ m/^http:\/\/.*speedtest\.net\/id\/(.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/speedtest/$1";

} elsif ($u=~ m/^http:\/\/.*api\.ookla\.com\/(.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/speedtest/$1";

} else {
$out="ERR";
}
print $logfh "out: $a $out\n" if ($debug>=1);
print "$a $out\n";
}
close $logfh if ($debug);

===edit squid.conf

acl speedtest url_regex \/speedtest\/.*\.(jpg|png|txt|php).*
acl speedtest2 url_regex ^http:\/\/.*speedtest\.net\/id\/.*\.php.*
acl speedtest3 url_regex ^http:\/\/.*api\.ookla\.com\/.*\.php

url_rewrite_access allow speedtest
url_rewrite_access allow speedtest2
url_rewrite_access allow speedtest3

url_rewrite_access deny all

url_rewrite_program /etc/squid/rewrite-ruwet.pl

redirector_bypass on

cache_peer 192.168.4.1 parent 8081 0 no-digest no-tproxy
dead_peer_timeout 5 seconds
cache_peer_access 192.168.4.1 allow speedtest
cache_peer_access 192.168.4.1 allow speedtest2
cache_peer_access 192.168.4.1 allow speedtest3

cache_peer_access 192.168.4.1 deny all

url_rewrite_children 32 startup=10 idle=1 concurrency=50

Reff tambahan yg msh gagal:
http://www.squid-cache.org/Doc/config/always_direct/
http://www.squid-cache.org/Doc/config/never_direct/

Wednesday, March 23, 2016

Install Wordpress on Nginx

Melanjutkan bahasan pada link berikut ini mengenai instalasi wordpress di web server berbasis nginx.

root@raspberrypi:~# cd /var/www/html/
root@raspberrypi:/var/www/html# wget https://wordpress.org/latest.tar.gz

Setelah terdownload, buka web server Anda. Ketika tidak mau langsung ke setup wordpress, pastikan default index nya menggunakan index.php, Cek konfigurasi nginx.conf

root@raspberrypi:/var/www/html# nano /etc/nginx/sites-enabled/default

Tambahkan index.php pada tag indexing

# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;

*) saya tambahkan index.php pada file tersebut
Jangan lupa restart nginx

root@raspberrypi:/var/www/html# /etc/init.d/nginx restart
[ ok ] Restarting nginx (via systemctl): nginx.service.
root@raspberrypi:/var/www/html#

Buka lagi web servernya lalu muncul setup wordpress.
Langkah selanjutnya yakni buat akun mysql, Caranya :
Masuk ke mysql

root@raspberrypi:/var/www/html# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.46-0+deb8u1 (Debian)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Lalu ikuti langkah-langkah seperti berikut

mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "userku"@"localhost" IDENTIFIED BY "rahasia";
Query OK, 0 rows affected (0.00 sec)

keterangan :
wordpress = nama database
userku = user database
rahasia = passwordnya

Buka browser lagi dan ikuti langkah2nya instalasi Wordpress hingga selesai :)

Install NginX PHP5 Mysql-Server on Raspberry

apt-get install nginx php5-fpm php5-mysql mysql-server

nano /etc/nginx/sites-available/default

Perhatikan bagian ini

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

                # With php5-cgi alone:
                #fastcgi_pass 127.0.0.1:9000;
                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

Ingat, kasih tanda # pada fastcgi_pass 127.0.0.1:9000; karena bentrok dengan yang dibawahnya
Pastikan konfigurasi nginx.conf betul

root@raspberrypi:/home/pi# nginx -t -c /etc/nginx/nginx.conf
nginx: [emerg] "fastcgi_pass" directive is duplicate in /etc/nginx/sites-enabled/default:51
nginx: configuration file /etc/nginx/nginx.conf test failed

Kalau salah cek lagi mungkin ada yang keliru dikit, Cek lagi untuk memastikan nginx.conf

root@raspberrypi:/home/pi# nginx -t -c /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Lalu restart fpm-php nya

root@raspberrypi:/home/pi# /etc/init.d/php5-fpm restart
[ ok ] Restarting php5-fpm (via systemctl): php5-fpm.service.
root@raspberrypi:/home/pi#

Restart nginx

root@raspberrypi:/home/pi# /etc/init.d/nginx restart
[ ok ] Restarting nginx (via systemctl): nginx.service.
root@raspberrypi:/home/pi#

Sekarang buat file /var/www/html/info.php yang isinya

<?php phpinfo();?>

Lalu buka browser sampai muncul seperti ini.

Selanjutnya bisa anda install wordpress, dll.

Tambahan :

Setting agar tidak bisa upload file dot php untuk menangguangi phpshell dan me-restrict file yang terhiden seperti .htaccess
tambahkan berikut ini pada file /etc/nginx/sites-available/default tadi. Taruh dibawah
fastcgi_pass unix:/var/run/php5-fpm.sock;
}

        # Deny access to any files with a .php extension in the uploads directory
        # Works in sub-directory installs and also in multisite network
        # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
        #
        location ~* /(?:uploads|files)/.*\.php$ {
                deny all;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one

        location ~ /\.ht {
                deny all;
        }

Mengatasi Raspberry Pi Space Left

Jika pernah nyoba raspberry, biasanya setingan mountpoint diatur defaultnya kecil. Sehingga kurang leluasa untuk instalasi package yang diinginkan. Misalnya begini :

$ df -h
Filesystem      Size Used Avail Use% Mounted on
rootfs          1.8G 1.7G     0 100% /
/dev/root       1.8G 1.7G     0 100% /
devtmpfs         93M     0   93M   0% /dev
tmpfs            19M 220K   19M   2% /run
tmpfs           5.0M     0 5.0M   0% /run/lock
tmpfs            37M     0   37M   0% /run/shm
/dev/mmcblk0p1   56M   17M   40M 30% /boot
tmpfs            37M     0   37M   0% /tmp

Perhatikan rootfs dan /dev/root penggunaan 100%

Padahal sdcard anda lebih besar dari itu, 32GB sekalipun akan percumah karena memang dibatasi oleh pengaturan defaultnya raspberry.

SOLUSI :
ketikkan pada console/terminal raspberry : raspi-config

root@raspberrypi:/home/pi# raspi-config

Lalu pilih Expand Filesystem dan ikuti petunjuknya lalu restart.

Hasilnya :

root@raspberrypi:/home/pi# df -h
Filesystem      Size Used Avail Use% Mounted on
/dev/root        30G 1.1G   27G   4% /
devtmpfs        459M     0 459M   0% /dev
tmpfs           463M     0 463M   0% /dev/shm
tmpfs           463M 6.2M 457M   2% /run
tmpfs           5.0M 4.0K 5.0M   1% /run/lock
tmpfs           463M     0 463M   0% /sys/fs/cgroup
/dev/mmcblk0p1   60M   20M   41M 34% /boot

Instalasi Unbound

Apa itu Unbound ?
Unbound adalah salah satu aplikasi DNS Server.
Fungsinya apa ?
Sebagai resolver
Apa itu resolver ?
Untuk menerjemahkan Domain ke IP.
Misalkan detik.com itu ip servernya 203.190.242.69 dan 203.190.241.43
Maka butuh DNS Server untuk meresolve detik.com ke ip tadi

Install Unbound

root@pi:/home/pi# apt-get install unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libunbound2 unbound-anchor
The following NEW packages will be installed:
libunbound2 unbound unbound-anchor
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 864 kB of archives.
After this operation, 1,998 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main libunbound2 armhf 1.4.22-3 [272 kB]
Get:2 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound-anchor armhf 1.4.22-3 [96.6 kB]
Get:3 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound armhf 1.4.22-3 [495 kB]
Fetched 864 kB in 1s (707 kB/s)
Selecting previously unselected package libunbound2:armhf.
(Reading database ... 31542 files and directories currently installed.)
Preparing to unpack .../libunbound2_1.4.22-3_armhf.deb ...
Unpacking libunbound2:armhf (1.4.22-3) ...
Selecting previously unselected package unbound-anchor.
Preparing to unpack .../unbound-anchor_1.4.22-3_armhf.deb ...
Unpacking unbound-anchor (1.4.22-3) ...
Selecting previously unselected package unbound.
Preparing to unpack .../unbound_1.4.22-3_armhf.deb ...
Unpacking unbound (1.4.22-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u3) ...
Setting up libunbound2:armhf (1.4.22-3) ...
Setting up unbound-anchor (1.4.22-3) ...
Setting up unbound (1.4.22-3) ...
Processing triggers for libc-bin (2.19-18+deb8u3) ...
Processing triggers for systemd (215-17+deb8u3) ...
root@pi:/home/pi#

Lalu masuk ke directory /etc/unbound

root@pi:/home/pi# cd /etc/unbound/
root@pi:/etc/unbound# wget ftp://ftp.internic.net/domain/named.cache
--2016-03-23 09:20:07-- ftp://ftp.internic.net/domain/named.cache
           => ‘named.cache’
Resolving ftp.internic.net (ftp.internic.net)... 192.0.32.9, 2620:0:2d0:200::9
Connecting to ftp.internic.net (ftp.internic.net)|192.0.32.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /domain ... done.
==> SIZE named.cache ... 3171
==> PASV ... done.    ==> RETR named.cache ... done.
Length: 3171 (3.1K) (unauthoritative)

named.cache                               100%[=======================================================================================>]   3.10K --.-KB/s   in 0.002s

2016-03-23 09:20:13 (1.99 MB/s) - ‘named.cache’ saved [3171]

root@pi:/etc/unbound#

ubah permission unbound

root@pi:/etc/unbound# unbound-control-setup
setup in directory /etc/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created.
root@pi:/etc/unbound# chown unbound:root unbound_*
root@pi:/etc/unbound# chmod 440 unbound_*
root@pi:/etc/unbound#

edit file /etc/unbound/unbound.conf

server:
 verbosity: 1
# statistics-interval: 120 = default
 statistics-interval: 0
# statistics-cumulative: yes = default
 statistics-cumulative: yes
# num-threads:    = sesuaikan dengan core prosesor
 num-threads: 2
 interface: 0.0.0.0
# outgoing-range: 512  = default
 outgoing-range: 4096
# num-queries-per-thread: 1024 = default
 num-queries-per-thread: 4096
# msg-cache-size: 16m  = default
 msg-cache-size: 128m
# rrset-cache-size: 32m  = default
 rrset-cache-size: 128m
# msg-cache-slabs: 4  = default
 msg-cache-slabs: 1
# rrset-cache-slabs: 4  = default
 rrset-cache-slabs: 1
 cache-max-ttl: 86400
 infra-host-ttl: 60
 infra-lame-ttl: 120
 infra-cache-numhosts: 10000
 infra-cache-lame-size: 10k
 do-ip4: yes
 do-ip6: no
 do-udp: yes
 do-tcp: yes
 do-daemonize: yes
# REFUSE ALL
 access-control: 0.0.0.0/0 refuse
# TELKOM
# access-control: 36.64.0.0/12 allow
#       access-control: 36.80.0.0/13 allow
#       access-control: 36.88.0.0/16 allow
#       access-control: 61.94.0.0/16 allow
#       access-control: 110.136.0.0/14 allow
#       access-control: 118.96.0.0/15 allow
#       access-control: 118.98.0.0/17 allow
#       access-control: 125.160.0.0/13 allow
#       access-control: 180.241.0.0/12 allow
#       access-control: 202.134.0.0/21 allow
#       access-control: 222.124.0.0/16 allow
#       access-control: 203.130.192.0/18 allow
# My Subnet
 access-control: xx.xxx.2.0/24 allow
# localhost
 access-control: 127.0.0.0/8 allow
# rfc1918
 access-control: 192.168.0.0/16 allow
 access-control: 172.16.0.0/12 allow
 access-control: 10.0.0.0/8 allow

 chroot: "/etc/unbound"
 username: "unbound"
 directory: "/etc/unbound"
 logfile: "/etc/unbound/unbound.log"
 use-syslog: no
 pidfile: "/var/run/unbound.pid"
 root-hints: "/etc/unbound/named.cache"

 identity: "DNS"
 version: "1.4"
 hide-identity: yes
 hide-version: yes
 harden-glue: yes
 do-not-query-address: 127.0.0.1/8
 do-not-query-localhost: yes
 module-config: "iterator"

 #zone localhost
 local-zone: "localhost." static
 local-data: "localhost. 10800 IN NS localhost."
 local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
 local-data: "localhost. 10800 IN A 127.0.0.1"
 local-zone: "127.in-addr.arpa." static
 local-data: "127.in-addr.arpa. 10800 IN NS localhost."
 local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
 local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

        #zone rahox.net.id
        local-zone: "rahox.net.id." static
        local-data: "rahox.net.id. 86400 IN NS ns1.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN SOA rahox.net.id. hostmaster.rahox.net.id. 3 3600 1200 604800 86400"
        local-data: "rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "www.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "cache.google.com. 86400 IN A 118.98.111.1"
        local-data: "ns1.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "mail.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "rahox.net.id. 86400 IN MX 10 mail.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN TXT v=spf1 a mx ~all"

# PTR RECORD
        local-zone: "181.128.49.in-addr.arpa." static
        local-data: "181.128.49.in-addr.arpa. 10800 IN NS rahox.net.id."
        local-data: "181.128.49.in-addr.arpa. 10800 IN SOA rahox.net.id. hostmaster.rahox.net.id. 4 3600 1200 604800 864000"
        local-data: "202.181.128.49.in-addr.arpa. 10800 IN PTR rahox.net.id."

# STATIC RESOLVER
# START HERE
 local-data: "images.via.com. 86400 IN A 23.200.179.234"
        local-data: "cfs.u-ad.info. 86400 IN A 127.0.0.1"
        local-data: "www.hao123.com. 86400 IN A 74.125.68.100"
# fbstatic-a.akamaihd.net
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.203"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.224"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.210"
# download.microsoft.com
        local-data: "download.microsoft.com. 86400 IN A 184.29.95.47"
        local-data: "download.microsoft.com. 86400 IN A 118.98.42.121"
# www2.ati.com
        local-data: "www2.ati.com. 86400 IN A 23.51.11.227"
# akamai vimeo
# local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.82"
#       local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.75"
# local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.48"
#       local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.50"
# fbcdn-video - ip 88,97,121,136,146
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.121"

# login garenaplus messenger
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.172.49"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.207"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.177"
               local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.144"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.174"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.141"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.204"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.173"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.200"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.146"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.172"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.178"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.150"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.188"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.176"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.190"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.148"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.201"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.171"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.175"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.142"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.206"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.186"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.187"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.170"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.143"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.149"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.147"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.189"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.202"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.203"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.145"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.205"
# acer
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.40"
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.50"
# asus
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.35"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.35"
# samsung
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.48"
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.33"
# nvidia
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.48"
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.33"
# wdc
        local-data: "download.wdc.com. 86400 IN A  125.160.18.48"
        local-data: "download.wdc.com. 86400 IN A  125.160.18.33"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.48"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.19"
# adobe
        local-data: "get3.adobe.com. 86400 IN A  23.192.114.114"
# oracle
        local-data: "download.oracle.com. 86400 IN A 125.160.18.24"
        local-data: "download.oracle.com. 86400 IN A 125.160.18.43"
# intel
        local-data: "ark.intel.com. 86400 IN A 125.160.18.27"
        local-data: "ark.intel.com. 86400 IN A 125.160.18.58"

forward-zone:
        name: "dl.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "cdn.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "akamai.net"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.com"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.co.id"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77

forward-zone:
 name: "."
 forward-addr: 8.8.8.8
 forward-addr: 208.67.222.222


remote-control:
 control-enable: yes
 control-interface: 127.0.0.1
 control-port: 953
 server-key-file: "/etc/unbound/unbound_server.key"
 server-cert-file: "/etc/unbound/unbound_server.pem"
 control-key-file: "/etc/unbound/unbound_control.key"
 control-cert-file: "/etc/unbound/unbound_control.pem"

Sampai di sini sudah selesai, jangan lupa restart service unbound

root@pi:/etc/unbound# /etc/init.d/unbound restart
[ ok ] Restarting unbound (via systemctl): unbound.service.

Jangan lupa seting resolv.conf seperti berikut ini

root@pi:/etc/unbound# cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1

Dan pada network interfaces konfigurasinya ganti seperti berikut

# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 172.16.17.18
        netmask 255.255.255.252
        gateway 172.16.17.17
        dns-nameservers 127.0.0.1

Restart interfaces

root@pi:/etc/unbound# /etc/init.d/networking restart
[ok] Restarting networking (via systemctl): networking.service

Sekarang tahap uji coba apakah Unbound telah berjalan sebagaimana mestinya

root@pi:/etc/unbound# nslookup detik.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   detik.com
Address: 203.190.242.69
Name:   detik.com
Address: 203.190.241.43

Generator Addresslist Mikrotik to File

studi kasus :
ada sebuah router yang menyimpan address-list penting seperti addresslist game. dengan harapan address list pada router client SAMA dengan router utama tadi dan secara otomatis ter-update dengan interval waktu yang telah ditentukan. Jadi ketika si router utama melakukan update addresslist maka client secara otomatis mengikuti apa yang ada pada address list router utama tadi.

konsep :
export address list tertentu pada router utama
terbentuklah file spesifik yang nantinya sebagai master export address list router client

pada mikrotik buat script export addresslist berdasarkan list name
asumsi kali ini menggunakan list=cidr_games pada /ip firewall address-list

:global nama "cidr_games"
/ip firewall address-list ;export file=all-addr ;remove [find list!="$nama"] ;export file="$nama-addr" ;remove [find] ;/import all-addr.rsc ;
:delay 5
/file remove all-addr.rsc
:log warning message="Export $nama finished..."

setelah itu terbentuk file cidr_games-addr.rsc pada mikrotik
dan file ini nantinya akan didownload oleh si mesin generator (linux)

install ncftp yang digunakan untuk mendownload addresslist via ftp
apt-get install ncftp

crontab -e
# auto download addresslist cidr_game dari core router tiap jam 5:10 pagi
10 5 * * * /root/addresslistgenerator/GetFromRouter
11 5 * * * /bin/chmod 755 /var/www/pub/addresslist/*

nano /root/addresslistgenerator/GetFromRouter
rm -rfv /var/www/pub/addresslist/cidr_games-addr.rsc
ncftpget -b -P 211 -u uftp -p pftp 49.128.181.182 /var/www/pub/addresslist/ /cidr_games-addr.rsc
sleep 5
chmod 755 /var/www/pub/addresslist/cidr_games-addr.rsc

di mikrotik tambahkan user uftp

/user add address="" disabled=no group=ftponly name=uftp

jangan lupa cek port ftp mikrotiknya

/ip service set ftp address="" disabled=no port=211

langsung dari router client

/tool fetch mode=ftp address=10.10.182.1 port=211 user=uftp password=pftp src-path=/cidr_games-addr.rsc
/import cidr_games-addr.rsc
:log warning message="import cidr_games sukses..."

Repository Raspbian Jessie

Berikut ini repositori rapbian di /etc/apt/sources.list

# Uncomment line below then 'apt-get update' to enable 'apt-get source'
deb-src http://archive.raspbian.org/raspbian/ jessie main contrib non-free rpi

# jessie main
deb http://kartolo.sby.datautama.net.id/debian/ jessie main
deb-src http://kartolo.sby.datautama.net.id/debian/ jessie main

# jessie-updates, previously known as 'volatile'
deb http://kartolo.sby.datautama.net.id/debian/ jessie-updates main contrib non-free
deb-src http://kartolo.sby.datautama.net.id/debian/ jessie-updates main contrib non-free

jika menemui error sperti ini misalnya

Fetched 18.4 MB in 2min 44s (112 kB/s)
Reading package lists... Done
W: GPG error: http://kartolo.sby.datautama.net.id jessie-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: GPG error: http://kartolo.sby.datautama.net.id jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1

SOLUSI :

root@raspberrypi:/home/pi# apt-get install debian-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
debian-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 265 not upgraded.
Need to get 40.1 kB of archives.
After this operation, 111 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
debian-archive-keyring
Install these packages without verification? [y/N] y
Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main debian-archive-keyring all 2014.3 [40.1 kB]
Fetched 40.1 kB in 0s (195 kB/s)
Selecting previously unselected package debian-archive-keyring.
(Reading database ... 30314 files and directories currently installed.)
Preparing to unpack .../debian-archive-keyring_2014.3_all.deb ...
Unpacking debian-archive-keyring (2014.3) ...
Setting up debian-archive-keyring (2014.3) ...

OK, ulangi lagi apt-get update

root@raspberrypi:/home/pi# apt-get update
Ign http://kartolo.sby.datautama.net.id jessie InRelease
Get:1 http://kartolo.sby.datautama.net.id jessie-updates InRelease [142 kB]
Hit http://archive.raspbian.org jessie InRelease
Get:2 http://kartolo.sby.datautama.net.id jessie Release.gpg [2,373 B]
Hit http://kartolo.sby.datautama.net.id jessie Release
Get:3 http://kartolo.sby.datautama.net.id jessie-updates/main Sources [4,092 B]
Get:4 http://kartolo.sby.datautama.net.id jessie-updates/contrib Sources [32 B]
Get:5 http://kartolo.sby.datautama.net.id jessie-updates/non-free Sources [920 B]
Get:6 http://kartolo.sby.datautama.net.id jessie-updates/main armhf Packages [4,620 B]
Hit http://archive.raspbian.org jessie/main Sources
Get:7 http://kartolo.sby.datautama.net.id jessie-updates/contrib armhf Packages [32 B]
Get:8 http://kartolo.sby.datautama.net.id jessie-updates/non-free armhf Packages [516 B]
Get:9 http://kartolo.sby.datautama.net.id jessie-updates/contrib Translation-en [14 B]
Get:10 http://kartolo.sby.datautama.net.id jessie-updates/main Translation-en [3,259 B]
Get:11 http://kartolo.sby.datautama.net.id jessie-updates/non-free Translation-en [496 B]
Hit http://kartolo.sby.datautama.net.id jessie/main Sources
Hit http://kartolo.sby.datautama.net.id jessie/main armhf Packages
Hit http://kartolo.sby.datautama.net.id jessie/main Translation-en
Hit http://archive.raspbian.org jessie/contrib Sources
Hit http://archive.raspbian.org jessie/non-free Sources
Hit http://archive.raspbian.org jessie/rpi Sources
Hit http://archive.raspberrypi.org jessie InRelease
Hit http://archive.raspberrypi.org jessie/main armhf Packages
Hit http://archive.raspberrypi.org jessie/ui armhf Packages
Ign http://archive.raspberrypi.org jessie/main Translation-en_GB
Ign http://archive.raspberrypi.org jessie/main Translation-en
Ign http://archive.raspberrypi.org jessie/ui Translation-en_GB
Ign http://archive.raspberrypi.org jessie/ui Translation-en
Fetched 159 kB in 36s (4,400 B/s)
Reading package lists... Done

Config Catalyst 2950

Pertama tama, siapkan dulu putty atau hyperterminal.

Pada kondisi catalyst mati, tekan tombol mode cisco catalyst, lalu tancapkan kabel power. Lihat pada layar putty apabila sudah booting lepaskan tombol mode. Nanti keluar tampilan seperti berikut ini

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950-24 starting...
Base ethernet MAC Address: 00:0e:d7:91:80:00
Xmodem file system is available.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

    flash_init
    load_helper
    boot

switch:

switch: load_helper
# untuk menambah perintah yang ter-hiden
switch: flash_init
# inisialisasi flashing
Initializing Flash...
flashfs[0]: 80 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 5402624
flashfs[0]: Bytes available: 2338816
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch: dir flash:
# untuk melihat isi dari flash
Directory of flash:/

2    -rwx 313       <date>               env_vars
3    -rwx 3097872   <date>               c2950-i6q4l2-mz.121-22.EA4.bin
4    -rwx 2647      <date>               config.text
5    -rwx 1276      <date>               vlan.dat
7    -rwx 110       <date>               info
8    -rwx 5         <date>               private-config.text
9    drwx 2304      <date>               html
84   -rwx 110       <date>               info.ver

2338816 bytes available (5402624 bytes used)
switch: dir flash:
Directory of flash:/

2    -rwx 313       <date>               env_vars
3    -rwx 3097872   <date>               c2950-i6q4l2-mz.121-22.EA4.bin
4    -rwx 2647      <date>               config.text
5    -rwx 1276      <date>               vlan.dat
7    -rwx 110       <date>               info
8    -rwx 5         <date>               private-config.text
9    drwx 2304      <date>               html
84   -rwx 110       <date>               info.ver

2338816 bytes available (5402624 bytes used)
switch: rename flash:config.text flash:config_old.text
# karena config.text dijalankan setelah diflash, maka harus direname config.text ke config_old.text
switch: boot
# untuk melakukan flashing
switch: boot
Loading "flash:c2950-i6q4l2-mz.121-22.EA4.bin"...##############################
File "flash:c2950-i6q4l2-mz.121-22.EA4.bin" uncompressed and installed, entry po
int: 0x80010000
executing...
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 23-Mar-05 15:33 by yenanh
Image text-base: 0x80010000, data-base: 0x80562000

Initializing flashfs...

flashfs[1]: 80 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orph
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 5402624
flashfs[1]: Bytes available: 2338816
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
Done initializing flashfs.
POST: System Board Test : Passed
POST: Ethernet Controller Test : Passed
ASIC Initialization Passed

POST: FRONT-END LOOPBACK TEST : Passed
cisco WS-C2950-24 (RC32300) processor (revision M0) with 21039K bytes of memory.

Processor board ID FOC0801X0YR
Last reset from system-reset
Running Standard Image
Running Standard Image

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0E:D7:91:80:00
Motherboard assembly number: 73-5781-12
Power supply part number: 34-0965-01
Motherboard serial number: FOC080102Y8
Power supply serial number: PHI075000NP
Model revision number: M0
Motherboard revision number: B0
Model number: WS-C2950-24
System serial number: FOC0801X0YR

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>en
Switch#

Sampai di sini setingan kembali default. Saatnya config agar switch bisa diremote

Switch#conf t
Switch(config)#enable secret passwordhere
Switch(config)#hostname rhx-sw
rhx-sw(config)#exit

Perhatikan passwordhere merupakan password yang nantinya Anda set sendiri.Password itu nantinya digunakan untuk login pertama. Nanti ada password mode admin untuk mengkonfigurasi secara keseluruhan catalyst anda.

rhx-sw# config
rhx-sw(config)#line vty 0 15
rhx-sw(config-line)#password passwordhere
rhx-sw(config-line)#login
rhx-sw(config-line)#exit

line vty 1 15 bermaksud membuat koneksi untuk remote sampai 16 interasksi. Gampangnya bisa diremote 16 putty. Tentu hal ini bisa anda atur berapa yang dikehendaki. Lalu password admin nya anda atur juga.

Nah sekarang membuat IP pada vlan1 (karena default port yang belum terkonfigurasi adalah vlan1) agar bisa diremote.

rhx-sw# conf t
rhx-sw(config)#int vlan 1
rhx-sw(config-if)#ip address 10.10.111.2 255.255.255.252
rhx-sw(config-if)#no sh
rhx-sw(config-if)#ip
00:20:12: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
rhx-sw(config-if)#ip default-gateway 10.10.111.1
rhx-sw(config)# exit

Nanti bisa diremote dengan ip 10.10.111.2
Sampai di sini sudah selesai, namun perhatikan setiap konfigurasi harus anda simpan agar ketika mati listrik dan up kembali maka setingan akan tersimpan

rhx-sw#write memory
00:21:46: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK]

rhx-sw#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Selesai :)

Wednesday, March 16, 2016

Review Flashdisk Jetflash Trancend

Awalnya hanya iseng aja beli tang krimping, tapi apalah daya tak seperti yang didamba. auwah :D biasa sob, ane punya tang krimping udah bertahun tahun menemani tanpa ada kendala, hanya saja pisau pemotongnya saja yang perlu diasah, ya kali aja beli dengan spek yang sama kan enak bisa buat backup klo kenapa napa.

Ngga sengaja liet liet barang yang terpampang kok banyak bgt flashdish jadi pengen beli. Mulailah percakapan sama mbaknya yang cantik :D

Q : Mbak, ada flashdisk yang buanter ?

M : Ada mas, merknya sandisk, tp sandisk yang produk lama, klo yg sekarang hampir smua flashdisk kecepatannya sama mbak.

Q : ok mbak, sepengetahuan mbak rekomendasi yg paling cepet apa nih

M : Coba Transcend mas, relatif kenceng daripada yg lainnya, tp lebih bagus lagi yang produk lama mas, cuma harganya ya lebih mahal daripada yang baru

Q : emang ada mbak ? Ngga nyari yg murah mbak, yg penting buanter transfer rate nya

M : ada mas bntar tak ambilkan

Q : *setelah tak liet liet* eh iya, bodynya emang lebih lusuh daripada yg lainnya, batinku ah kan ini hanya case nya aja yg kumuh, barangkali aja performa tetep yang terbaik, Ok deh mbak masih ada ngga yg ky gini lagi ?

M : Ngga ada mas, tinggal yg warna putih

Q: oh yauda mbak yg item aja tak ambil smua

Akhire smpe dirumah wow bener bener terkejut saia :D speed read nya segitu, sungguh kencang dibandingkan dengan yang lainnya.

Buat kamu yang pengen beli flashdisk, rekomended banget sob.

Syntax Highliter Mikrotik di NotepadPlusPlus

Tau ngga sih sebenarnya Notepad++ pun dapat menggunakan plugin syntax highliter untuk bahasa pemrograman RouterOS. Jadi nantinya sobat semua ketika melakukan oprek script dapat dibaca enak di Notepad Plus Plus. Begini caranya :

Download dan Install Notepad++ jika belum terinstall di komputer anda di http://notepad-plus-plus.org/
Download Syntax-Highlighter Mikrotik dan extract file XML Notepad++ nya.
Buka Notepad++
Klik Klik Language > Defined Your Language > dan klik Import, Impor file xml yang baru saja Anda download.
Buka file script .rsc mikrotik Anda, dan highlight syntax kode script mikrotik akan terlihat.
Atau buka file apapun dan pilih bahasa “RouterOS”.

Kemudian hasilnya seperti ini

Snifing

ARP Poisoning Menggunakan Ettercap Di Ubuntu

Pada tutorial ini saya menggunakan Ubuntu 9.04. Pertama-tama install aplikasi ettercap dengan mengetikkan perintah apt-get install ettercap Setelah selesai menginstall, jalankan aplikasi ettercap dengan mengetikkan perintah sudo ettercap -G -n 255.255.255.0 pada konsol. Opsi -G adalah mengaktifkan mode gui, sedang opsi -n menentukan netmask dari jaringan anda. Maka akan muncul tampilan gui dari ettercap.
Pada tutorial ini saya menggunakan Ubuntu 9.04. Pertama-tama install aplikasi ettercap dengan mengetikkan perintah

apt-get install ettercap

Setelah selesai menginstall, jalankan aplikasi ettercap dengan mengetikkan perintah sudo ettercap -G -n 255.255.255.0 pada konsol. Opsi -G adalah mengaktifkan mode gui, sedang opsi -n menentukan netmask dari jaringan anda. Maka akan muncul tampilan gui dari ettercap.

Tampilan GUI ettercap

Sebelum melanjutkan ke tahapan selanjutnya, kita buat dulu skenarionya.
Di tutorial ini, kita akan menggunakan studi kasus dibawah ini dimana ada sebuah komputer A dengan ip 192.168.1.2, komputer B dengan IP 192.168.1.100.
Komputer A akan melakukan koneksi ke sebuah web server. Secara physical view, komputer A akan mengirimkan paket ke ruter dengan ip 192.168.1.1 kemudian oleh ruter tersebut diteruskan ke web server yang dimaksud. Secara logical view, koneksi antara komputer dengan web server terjadi seperti yang ditunjukkan pada gambar dibawah.

Kemudian setelah terjadi ARP Poisoning, maka komputer B dengan IP 192.168.1.100 yang menjalankan ettercap akan diset sebagai “man in the middle”. Sehingga secara physical view, komputer B akan dianggap sebagai ruter oleh komputer A, dan si ruter akan menganggap komputer B adalah komputer A.

ARP spoffing skenario

Dengan kata lain, semua paket-paket data yang dikirimkan oleh komputer A akan mampir dulu ke komputer B, dan semua paket-paket yang ditujukan untuk komputer A akan mampir juga ke komputer B. Bayangkan apabila paket-paket tersebut adalah paket-paket yang bersifat private, seperti username dan password.
Sekarang langsung saja kita praktikkan ARP Poisoning ini menggunakan ettercap. Sekarang kita kembali ke tampilan awal dari ettercap.

Kemudian pilih Sniff -> unfied sniffing

Pilih interface yang akan kita gunakan, dalam kasus ini saya menggunakan interface eth0

Scan host yang ada di dalam jaringan kita, pilih Hosts -> Scan for hosts

Untuk melihat alamat-alamat MAC & IP yang ada di jaringan anda pilih Hosts -> Host lists

Kemudian sesuai dengan skenario yang sudah diceritakan sebelumnya, kita akan melakukan ARP poison ke komputer A dengan ip 192.168.1.2 dan ruter dengan ip 192.168.1.1.
Pilih ip 192.168.1.1 kemudian klik pada tombol “Add to Target 1″
Pilih ip 192.168.1.2 kemudian klik pada tombol “Add to Target 2″

Cek target kita

Jalankan ARP poisoning, pilih Mitm -> Arp poisoning

Centang pada sniff remote connection

terakir, start sniffer untuk mendapatkan statistik dari paket-paket data yang dikirim dan diterima komputer A.
Pilih Start -> start sniffing

Sekarang kita tinggal menunggu user yang menggunakan komputer A mengirimkan data-da

Tuning Kernel FreeBSD Untuk Optimalisasi Squid

Yak, FreeBSD memang dikenal sebagai OS turunan UNIX yg handal dan enteng di kalangan server, namun untuk mendapatkan performa yang memuaskan tentu ada tips-tips khusus. Diantaranya membuang driver yang tidak perlu, tuning cache, mematikan service yg tidak perlu, dan lain sebagainya. Demikian kira kira yang perlu disetting saat built-up kernel.

options MAXFILES=4096
options NMBCLUSTERS=10240
options MSGMNB=16384
options MSGMNI=42
options MSGSEG=2049
options MSGSSZ=64
options MSGTQL=2048
options SHMSEG=64
options SHMMNI=96
options SHMMAX=2097152
options SHMALL=4096
options MAXDSIZ=”(384*1024*1024)”
options DFLDSIZ=”(384*1024*1024)”
options MAXSSIZ=”(256*1024*1024)”

Tambahkan opsi mountimg partition cache pada /etc/fstab = noatime. Untuk optimalisasi cache_dir pada file squid.conf tambahkan diskd.

Pada sysctl, edit seperti berikut :

kern.maxusers=384
kern.ipc.nmbuf=20480
kern.ipc.nmbclusters=32768
vfs.vmiodirenable=1
kern.ipc.maxsockbuf=2097152
kern.ipc.somaxconn=8192
kern.ipc.maxsockbuf=1048576
kern.ipc.maxsockets=16424
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
net.inet.icmp.icmplim=300
net.inet.icmp.icmplim_output=0
net.inet.tcp.delayed_ack=0
net.inet.ip.portrange.last=40000

Atau pada saaat akan mengkompile kernel, aturlah parameter-parameter source kernel seperti berikut ini. Pengaturan ini asumsinya RAM yang saya gunakan 512 MB.

options MAXFILES=4096
options NMBCLUSTERS=10240
options MAXDSIZ=”(384*1024*1024)” #Perhatikan pada bagian ini
options DFLDSIZ=”(384*1024*1024)” #Perhatikan pada bagian ini
options MAXSSIZ=”(256*1024*1024)” #Perhatikan pada bagian ini
become for :
maxusers 384
options NBUF=20480
options MAXFILES=65536
options NMBCLUSTERS=32768
options MAXDSIZ=”(640*1024*1024)”
options DFLDSIZ=”(640*1024*1024)”
options MAXSSIZ=”(512*1024*1024)”

(mungkin jika setelah berjalan 1 bulan dg beban penuh dan ternyata memori belum mulai swap ke hardisk angkanya bisa dinaikkan lagi mjd 768,768,640, tapi jangan setinggi memori fisiknya lho)
dg opsi kompilasi (optimasi):
COPTFLAGS=”-O2 -pipe”
dan semua module masuk ke kernel (NO_MODULES=true) (NFS, mouse, usb, pseudo device, debug/verbose support, dll/non-esensial jika memang tidak diperlukan dimatikan saja biar jadi ‘extra langsung dan singset’ kayak atlit sprinter, he he he …).
Terus layanan non-esensial dimatikan saja, cron, inetd, and sendmail, dll di /etc/rc.conf (dari contoh Squid bake-off). http://www.squid-cache.org/Benchmarking/bakeoff-02/SQUID.txt. Kalau bisa periferal yg tidak diperlukan dimatikan juga di BIOS-nya (mis. serial/parallel port, dll).
Terus yg ini nemu di milis tapi saya pribadi belum pernah mencoba (copy-n-paste saja ya, he he ) dan tinggal disesuaikan saja setelah dihitung ulang (kira2 angka2 di atas benar nggak ya?) :
Tambahan Dari Forum

# Options to accelerate Squid
/sbin/sysctl -w vfs.vmiodirenable=1
/sbin/sysctl -w kern.ipc.somaxconn=8192
/sbin/sysctl -w net.inet.tcp.delayed_ack=0
/sbin/sysctl -w net.inet.ip.portrange.last=4000
/sbin/sysctl -w kern.maxfiles=65536
/sbin/sysctl -w net.inet.tcp.sendspace=65535
/sbin/sysctl -w net.inet.tcp.recvspace=65535
# extra
/sbin/sysctl -w kern.ipc.maxsockbuf=2097152
/sbin/sysctl -w kern.ipc.maxsockets=16424
/sbin/sysctl -w kern.maxfilesperproc=32768
/sbin/sysctl -w net.inet.tcp.rfc1323=1
/sbin/sysctl -w net.inet.udp.recvspace=65535
/sbin/sysctl -w net.inet.udp.maxdgram=57344
/sbin/sysctl -w net.local.stream.recvspace=65535
/sbin/sysctl -w net.local.stream.sendspace=65535
/sbin/sysctl -w net.inet.tcp.blackhole=2
/sbin/sysctl -w net.inet.udp.blackhole=1

Reset Password MySQL

Bagi Anda yang sering bedah-bedah database mysql, secara tidah sengaja atau memang bener bener lupa password, gunakan cara berikut ini untuk reset password root. Langkah langkahnya seperti berikut :

1.Matikan Service mysql nya

#killall mysqld

2.Jalankan kembali mysqlnya dengan opsi –skip-grant-tables

# /usr/local/mysql/bin/mysqld_safe –skip-grant-tables &

dengan perintah di atas mysql akan di jalankan dengan metode safe mode

3. Kemudian Masuk ke Mysql

# /usr/local/mysql/bin/mysql -u root mysql

4. Dan rubah passwordnya…

#mysql> update user set Password=PASSWORD(’password-baru‘) WHERE User=’root’;

#mysql> flush privileges;

#mysql> exit

5. Dan restart mysql nya

#killall mysqld

#/usr/local/mysql/bin/mysqld_safe &

6. Coba Masuk ke Mysql

# /usr/local/mysql/bin/mysql -u root -p

Enter password: -> Gunakan password yg baru di buat

Selesai. semoga bermanfaat. salam...

Monday, March 14, 2016

Script Limit Device Android di Mikrotik

Bagi anda yang menemui kendala ketika wifi access-point disetting sebagai bridge(bukan mode route) dan tanpa menggunakan sistem hotspot mikrotik, maka yang terjadi semua device akan terkoneksi langsung. Baik itu gadget maupun PC / Laptop langsung bisa konek tanpa adanya limitasi berdasarkan jenis device. Bisa Anda bayangkan ketika HP Android melakukan update playstore tentu rakus bandwidth. Jika bandwidth Anda besar tentu ngga begitu menemui kendala, namun bila bandwidth pas pasan, bisa lebih terasa. Berikut tips agar pengguna android dilimit berdasarkan hostname saat mendapatkan dhcp dari mikrotik

Pertama tama buat rule di layer7 mikrotik. Ini bertujuan agar device android/blackberry ditangkap mikrotik

/ip firewall layer7-protocol
add name=android regexp="(^(android|BLACKBERRY|MITO|CIMB|Windows|iPhone|BLACKBER).*\$)"

Lalu buat script berikut

:global layer7 [/ip firewall layer7-protocol find name="android"]
:global regexandroid [/ip firewall layer7-protocol get $layer7 regexp ]
# perhatikan bagian ini (pakai titik)
:global net 192.168.7.
:for e from=2 to=62 do={
   :global iddhcp [/ip dhcp-server lease find address=($net . $e)];
   :if ([:len $iddhcp] > 0 ) do={
       :local hostname [/ip dhcp-server lease get $iddhcp host-name ];
       :if ($hostname ~ $regexandroid= true ) do= {
           :global halah [/queue simple find name=($net . $e)]
           :if ([:len $halah] > 0 ) do={
               /queue simple remove ($net . $e)
               /queue simple add name=($net . $e) comment="$hostname" \
               target-addresses=($net . $e)\
               max-limit=512000/512000
               :log info "Query sudah ada. ($hostname) ip=$net$e dihapus" }
           :if ([:len $halah] <= 0 ) do={
               /queue simple add name=($net . $e) \
               target-addresses=($net . $e) comment="$hostname" \
               max-limit=512000/512000
               :log warning "query belum ada. android found : ($hostname) ip=$net$e ditambahkan" }
   } else={
       :global halah [/queue simple find name=$net . $e]
       :if (hostname = "" ) do={
           :if ([:len $halah] > 0 ) do={
               /queue simple remove ($net . $e)
               /queue simple add name=($net . $e) comment="hostname kosong tp aktiv" \
               target-addresses=($net . $e) \
               max-limit=1000000/1000000
               :log info "aktiv hostname tdk diketahui : $hostname ip=$net$e remove add" }
           :if ([:len $halah] <= 0 ) do={
               /queue simple add name=($net . $e) \
               target-addresses=($net . $e) comment="hostname kosong tp aktiv" \
               max-limit=1000000/1000000
               :log info "aktiv hostname tdk diketahui : $hostname ip=$net$e add" }
       } else={
           :if ([:len $halah] > 0 ) do={
               /queue simple remove ($net . $e)
               /queue simple add name=($net . $e) comment="$hostname" \
               target-addresses=($net . $e) \
               max-limit=2000000/2000000
               :log info "bukan : $hostname ip= $net$e remove add" }
           :if ([:len $halah] <= 0 ) do={
               /queue simple add name=($net . $e)\
               target-addresses=($net . $e) comment="$hostname" \
               max-limit=2000000/2000000
               :log info "bukan : $hostname ip=$net$e add" }
       }
   }
} else={
       :global halah [/queue simple find name=($net . $e)]
           :if ([:len $halah] > 0 ) do={
               /queue simple remove ($net . $e)
               /queue simple add name=($net . $e) comment="kosong" \
               target-addresses=($net . $e) \
               max-limit=1000000/1000000
               :log info "bukan : ... ip=$net$e remove add" }
           :if ([:len $halah] <= 0 ) do={
               /queue simple add name=($net . $e) \
               target-addresses=($net . $e) comment="kosong"\
               max-limit=1000000/1000000
               :log info "bukan : .. ip=$net$e add" }
   }
}

Atau jika hanya ingin menambahkan yang statusnya bound saja (yang mendapatkan ip dari dhcp server) cukup pakai script berikut ini

:global layer7 [/ip firewall layer7-protocol find name="android"]
:global regexandroid [/ip firewall layer7-protocol get $layer7 regexp ]
:for e from 2 to 62 do={
    :global iddhcp [/ip dhcp-server lease find address=("192.168.7." . $e)];
    :if ([:len $iddhcp] > 0 ) do={
        :local hostname [/ip dhcp-server lease get $iddhcp host-name ];
        :if ($hostname ~ $regexandroid= true ) do= {
            :global halah [/queue simple find name="192.168.7.$e"]
            :if ([:len $halah] > 0 ) do={
                /queue simple remove "192.168.7.$e"
                /queue simple add name=("192.168.7.".$e) comment="$hostname" \
                target-addresses=("192.168.7." . $e ) \
                max-limit=512000/512000
                :log info "android found : $hostname ip= 192.168.7.$e remove add" }
            :if ([:len $halah] <= 0 ) do={
                /queue simple add name=("192.168.7.".$e) \
                target-addresses=("192.168.7." . $e ) comment="$hostname" \
                max-limit=512000/512000
                :log info "android found : $hostname ip= 192.168.7.$e add" }
    } else={
        :global halah [/queue simple find name="192.168.7.$e"]
        :if (hostname = "" ) do={
            :if ([:len $halah] > 0 ) do={
                /queue simple remove "192.168.7.$e"
                /queue simple add name=("192.168.7.".$e) comment="hostname kosong tp aktiv" \
                target-addresses=("192.168.7." . $e ) \
                max-limit=1000000/1000000
                :log info "aktiv hostname tdk diketahui : $hostname ip= 192.168.7.$e remove add" }
            :if ([:len $halah] <= 0 ) do={
                /queue simple add name=("192.168.7.".$e) \
                target-addresses=("192.168.7." . $e ) comment="hostname kosong tp aktiv" \
                max-limit=1000000/1000000
                :log info "aktiv hostname tdk diketahui : $hostname ip= 192.168.7.$e add" }
        } else={
            :if ([:len $halah] > 0 ) do={
                /queue simple remove "192.168.7.$e"
                /queue simple add name=("192.168.7.".$e) comment="$hostname" \
                target-addresses=("192.168.7." . $e ) \
                max-limit=2000000/2000000
                :log info "bukan : $hostname ip= 192.168.7.$e remove add" }
            :if ([:len $halah] <= 0 ) do={
                /queue simple add name=("192.168.7.".$e) \
                target-addresses=("192.168.7." . $e ) comment="$hostname" \
                max-limit=2000000/2000000
                :log info "bukan : $hostname ip= 192.168.7.$e add" }
        }
    }
}
}

Kalau sudah, silahkan jalankan script tadi. Semoga bermanfaat dan silahkan kembangkan sendiri.

~][ rahox ][~