I have a very simple method by which you can easily recover the password and also un-protect the worksheet or workbook. Please note : this method will only remove the protection from the excel file and not the password used to open the excel file itself
Open the excel file which is password protected and goto Macro's (I am using Office 2007 so the menu's maybe different View >> Macros). Click on "Record Macro >> OK" and then click on "Stop Recording" from the same menu. Now goto "View Macros", you will find a Macro with a default name E.g. Macro1 - Select the macro name and click on Edit. Now a Visual Basic Editor opens up. Re-place the default code and Paste the below code.
XXXXXXXXXXXXXXXXXX
Sub Macro1()
'
' Breaks worksheet and workbook structure passwords. Jason S
' probably originator of base code algorithm modified for coverage
' of workbook structure / windows passwords and for multiple passwords
' Jason S http://jsbi.blogspot.com
' Reveals hashed passwords NOT original passwords
Const DBLSPACE As String = vbNewLine & vbNewLine
Const AUTHORS As String = DBLSPACE & vbNewLine & "Adapted from Bob McCormick base code by" & "Jason S http://jsbi.blogspot.com"
Const HEADER As String = "AllInternalPasswords User Message"
Const VERSION As String = DBLSPACE & "Version 1.0 8 Sep 2008"
Const REPBACK As String = DBLSPACE & "Please report failure to jasonblr@gmail.com "
Const ALLCLEAR As String = DBLSPACE & "The workbook should be cleared"
Const MSGNOPWORDS1 As String = "There were no passwords on " & AUTHORS & VERSION
Const MSGNOPWORDS2 As String = "There was no protection to " & "workbook structure or windows." & DBLSPACE
Const MSGTAKETIME As String = "After pressing OK button this " & "will take some time." & DBLSPACE & "Amount of time " & "depends on how many different passwords, the "
Const MSGPWORDFOUND1 As String = "You had a Worksheet " & "Structure or Windows Password set." & DBLSPACE & "The password found was: " & DBLSPACE & "$$" & DBLSPACE & "Note it down for potential future use in other workbooks by " & "the same person who set this password." & DBLSPACE & "Now to check and clear other passwords." & AUTHORS & VERSION
Const MSGPWORDFOUND2 As String = "You had a Worksheet " & "password set." & DBLSPACE & "The password found was: " & DBLSPACE & "$$" & DBLSPACE & "Note it down for potential " & "future use in other workbooks by same person who " & "set this password." & DBLSPACE & "Now to check and clear " & "other passwords." & AUTHORS & VERSION
Const MSGONLYONE As String = "Only structure / windows " & "protected with the password that was just found." & ALLCLEAR & AUTHORS & VERSION & REPBACK
Dim w1 As Worksheet, w2 As Worksheet
Dim i As Integer, j As Integer, k As Integer, l As Integer
Dim m As Integer, n As Integer, i1 As Integer, i2 As Integer
Dim i3 As Integer, i4 As Integer, i5 As Integer, i6 As Integer
Dim PWord1 As String
Dim ShTag As Boolean, WinTag As Boolean
Application.ScreenUpdating = False
With ActiveWorkbook
WinTag = .ProtectStructure Or .ProtectWindows
End With
ShTag = False
For Each w1 In Worksheets
ShTag = ShTag Or w1.ProtectContents
Next w1
If Not ShTag And Not WinTag Then
MsgBox MSGNOPWORDS1, vbInformation, HEADER
Exit Sub
End If
MsgBox MSGTAKETIME, vbInformation, HEADER
If Not WinTag Then
MsgBox MSGNOPWORDS2, vbInformation, HEADER
Else
On Error Resume Next
Do 'dummy do loop
For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126
With ActiveWorkbook
.Unprotect Chr(i) & Chr(j) & Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
If .ProtectStructure = False And .ProtectWindows = False Then
PWord1 = Chr(i) & Chr(j) & Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
MsgBox Application.Substitute(MSGPWORDFOUND1, "$$", PWord1), vbInformation, HEADER
Exit Do 'Bypass all for...nexts
End If
End With
Next: Next: Next: Next: Next: Next
Next: Next: Next: Next: Next: Next
Loop Until True
On Error GoTo 0
End If
If WinTag And Not ShTag Then
MsgBox MSGONLYONE, vbInformation, HEADER
Exit Sub
End If
On Error Resume Next
For Each w1 In Worksheets
'Attempt clearance with PWord1
w1.Unprotect PWord1
Next w1
On Error GoTo 0
ShTag = False
For Each w1 In Worksheets
'Checks for all clear ShTag triggered to 1 if not.
ShTag = ShTag Or w1.ProtectContents
Next w1
If ShTag Then
For Each w1 In Worksheets
With w1
If .ProtectContents Then
On Error Resume Next
Do 'Dummy do loop
For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126
.Unprotect Chr(i) & Chr(j) & Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
If Not .ProtectContents Then
PWord1 = Chr(i) & Chr(j) & Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
MsgBox Application.Substitute(MSGPWORDFOUND2, "$$", PWord1), vbInformation, HEADER
'leverage finding Pword by trying on other sheets
For Each w2 In Worksheets
w2.Unprotect PWord1
Next w2
Exit Do 'Bypass all for...nexts
End If
Next: Next: Next: Next: Next: Next
Next: Next: Next: Next: Next: Next
Loop Until True
On Error GoTo 0
End If
End With
Next w1
End If
MsgBox ALLCLEAR & AUTHORS & VERSION & REPBACK, vbInformation, HEADER
'
End Sub
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Finally, run the Macro(View >> Macros >> View Macros >> Run). You will get the password of the protected workbook and worksheet in Excel. I have tested the above in Microsoft Office Excel XP / 2003 / 2007
Jumat, 28 Oktober 2011
Sabtu, 15 Oktober 2011
SHaring Internet COnection di Ubuntu Server
1. mulai dengan melakukan konfigurasi network anda sampai anda bisa koneksi ke internet dengan desktop anda. lalu konfigurasikan ethernet yang terkoneksi ke jaringan lokal agar memiliki IP statik, sebagai contoh saya di kantor menggunakan 192.168.0.1, di rumah menggunakan 10.0.0.1.
2. edit file /proc/sys/net/ipv4/ip_forward (sudo nano /proc/sys/net/ipv4/ip_forward), ganti angka 0 menjadi 1.
3. jalankan perintah sudo iptables -t nat -A POSTROUTING -j MASQUERADE.
4. lakukan instalasi dnsmasq dan ipmasq: sudo apt-get install dnsmasq ipmasq.
5. restart dnsmasq: /etc/init.d/dnsmasq restart.
6. konfigurasikan ipmasq agar dijalankan setelah network aktif: dpkg-reconfigure ipmasq
7. tambahkan baris net.ipv4.ip_forward = 1 ke dalam file /etc/sysctl.conf: sudo nano /etc/sysctl.conf.
8. untuk mempermudah setting klien internet connection sharing ini, bisa juga dengan menambahkan sebuah DHCP server, namun belum saya lakukan pada saat ini.
9. di klien, lakukan konfigurasi agar gateway dan DNS merujuk ke IP instalasi ubuntu ini.
THanks To Ryosaeba
2. edit file /proc/sys/net/ipv4/ip_forward (sudo nano /proc/sys/net/ipv4/ip_forward), ganti angka 0 menjadi 1.
3. jalankan perintah sudo iptables -t nat -A POSTROUTING -j MASQUERADE.
4. lakukan instalasi dnsmasq dan ipmasq: sudo apt-get install dnsmasq ipmasq.
5. restart dnsmasq: /etc/init.d/dnsmasq restart.
6. konfigurasikan ipmasq agar dijalankan setelah network aktif: dpkg-reconfigure ipmasq
7. tambahkan baris net.ipv4.ip_forward = 1 ke dalam file /etc/sysctl.conf: sudo nano /etc/sysctl.conf.
8. untuk mempermudah setting klien internet connection sharing ini, bisa juga dengan menambahkan sebuah DHCP server, namun belum saya lakukan pada saat ini.
9. di klien, lakukan konfigurasi agar gateway dan DNS merujuk ke IP instalasi ubuntu ini.
THanks To Ryosaeba
Minggu, 14 Agustus 2011
Konfigurasi InterVLAN Cisco Switch 2950
KONFIGURASI DI ROUTER VLAN
Router>
Router>en
Router#config t
Router(config)#hostname RouterVLAN
RouterVLAN(config)#int f0/0
RouterVLAN(config-if)#no sh
RouterVLAN(config-if)#int f0/0.1------à Masuk ke subinterface mode
RouterVLAN(config-subif)#encapsulation dot1q 1
RouterVLAN(config-subif)#ip add 192.168.1.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.2
RouterVLAN(config-subif)#encapsulation dot1q 2
RouterVLAN(config-subif)#ip add 192.168.2.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.3
RouterVLAN(config-subif)#encapsulation dot1q 3
RouterVLAN(config-subif)#ip add 192.168.3.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.4
RouterVLAN(config-subif)#encapsulation dot1q 4
RouterVLAN(config-subif)#ip add 192.168.4.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#int f0/0.5
RouterVLAN(config-subif)#encapsulation dot1q 5
RouterVLAN(config-subif)#ip add 192.168.5.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.6
RouterVLAN(config-subif)#encapsulation dot1q 6
RouterVLAN(config-subif)#ip add 192.168.6.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.7
RouterVLAN(config-subif)#encapsulation dot1q 7
RouterVLAN(config-subif)#ip add 192.168.7.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#enable password cantik------àpassword bebas
RouterVLAN(config)#line vty 0 15
RouterVLAN(config-line)#password cantik
RouterVLAN(config-line)#login
RouterVLAN(config-line)#exit
RouterVLAN(config-line)#^Z --------àTekan Ctrl+Z
Ketikan perintah RouterVLAN#sh ip route
Dan hasilnya seperti berikut
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/0.3
C 192.168.4.0/24 is directly connected, FastEthernet0/0.4
C 192.168.5.0/24 is directly connected, FastEthernet0/0.5
C 192.168.6.0/24 is directly connected, FastEthernet0/0.6
C 192.168.7.0/24 is directly connected, FastEthernet0/0.7
RouterVLAN#
KONFIGURASI SWITCH 1 /VLAN
Switch>en
Switch#config t
Switch(config)#hostname VLAN
VLAN(config)#^Z
VLAN#vlan database
VLAN(vlan)#vlan 2 name Server
VLAN(vlan)#vlan 3 name Fakultas-Ekonomi
VLAN(vlan)#vlan 4 name Fakultas-Kedokteran
VLAN(vlan)#vlan 5 name Fakultas-WebServer2
VLAN(vlan)#vlan 6 name Fakultas-pertanian
VLAN(vlan)#vlan 7 name Fakultas-teknik
VLAN(vlan)#exit
VLAN#config t
VLAN(config)#int f0/1
VLAN(config-if)#switchport mode trunk
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int f0/3
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 2
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/7
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/9
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config-if)#int f0/11
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config)#int f0/4
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/8
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 5
VLAN(config-if)#int f0/10
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 7
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int vlan 1
VLAN(config-if)#ip add 192.168.1.2 255.255.255.0
VLAN(config-if)#no sh
VLAN(config-if)#exit
VLAN(config)#ip default-gateway 192.168.1.1
VLAN(config)#end
VLAN#config t
VLAN(config)#enable password cantik
VLAN(config)#line vty 0 15
VLAN(config-line)#password cantik
VLAN(config-line)#login
VLAN(config-line)#exit
VLAN(config-line)#^Z
Ketikan perintah VLAN#sh vlan.
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 Server active Fa0/3
3 Fakultas-Ekonomi active Fa0/7
4 Fakultas-Kedokteran active Fa0/9, Fa0/11
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
VLAN#
KONFIGURASI SWITCH 2/SWITCH-VLAN2
Switch>en
Switch#config t
Switch(config)#hostname SWITCH-VLAN2
SWITCH-VLAN2(config)#^Z
SWITCH-VLAN2#vlan database
SWITCH-VLAN2(vlan)#vlan 5 name Fakultas-WebServer2
SWITCH-VLAN2(vlan)#vlan 6 name Fakultas-pertanian
SWITCH-VLAN2(vlan)#vlan 7 name Fakultas-teknik
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/2
SWITCH-VLAN2(config-if)#switchport mode trunk
SWITCH-VLAN2(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/4
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/8
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/5
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 5
SWITCH-VLAN2(config-if)#int f0/10
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 7
SWITCH-VLAN2(config-if)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config-if)#ip default-gateway 192.168.1.1
SWITCH-VLAN2(config)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#enable password cantik
SWITCH-VLAN2(config)#line vty 0 15
SWITCH-VLAN2(config-line)#password cantik
SWITCH-VLAN2(config-line)#login
SWITCH-VLAN2(config-line)#exit
SWITCH-VLAN2(config-line)#^Z
Ketikan perintah SWITCH-VLAN2#sh vlan
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
Catatan:
VLAN1 adalah default,
Standarisasi IP address pada InterVLAN
Switch1/VLAN SWITCH-VLAN2
VLAN2
NETWORK 192.168.2.0/24
Gateway 192.168.2.1 VLAN5
NETWORK 192.168.5.0/24
Gateway 192.168.5.1
VLAN3
NETWORK 192.168.3.0/24
Gateway 192.168.3.1 VLAN6
NETWORK 192.168.6.0/24
Gateway 192.168.6.1
VLAN2
NETWORK 192.168.4.0/24
Gateway 192.168.4.1 VLAN7
NETWORK 192.168.7.0/24
Gateway 192.168.7.1
VLAN 1 Default
Network 192.168.1.0/24
Gateway 192.168.1.1
Semoga bermanfaat terutama bagi yang sedang mangambil ujian sertifikasi CCNA3. Experience is the best teacher. Kritik saran dan koreksi silahkan Email di waji4ntoe@yahoo.co.id
Refrerensi
http://www.cisco.com
Modul CCNA3
CCNA Exam Prep (Exam640-801) By David Minutella, Jeremy Cioara, Heather Stevenson
Thanks to Gembel Corp
Router>
Router>en
Router#config t
Router(config)#hostname RouterVLAN
RouterVLAN(config)#int f0/0
RouterVLAN(config-if)#no sh
RouterVLAN(config-if)#int f0/0.1------à Masuk ke subinterface mode
RouterVLAN(config-subif)#encapsulation dot1q 1
RouterVLAN(config-subif)#ip add 192.168.1.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.2
RouterVLAN(config-subif)#encapsulation dot1q 2
RouterVLAN(config-subif)#ip add 192.168.2.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.3
RouterVLAN(config-subif)#encapsulation dot1q 3
RouterVLAN(config-subif)#ip add 192.168.3.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.4
RouterVLAN(config-subif)#encapsulation dot1q 4
RouterVLAN(config-subif)#ip add 192.168.4.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#int f0/0.5
RouterVLAN(config-subif)#encapsulation dot1q 5
RouterVLAN(config-subif)#ip add 192.168.5.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.6
RouterVLAN(config-subif)#encapsulation dot1q 6
RouterVLAN(config-subif)#ip add 192.168.6.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.7
RouterVLAN(config-subif)#encapsulation dot1q 7
RouterVLAN(config-subif)#ip add 192.168.7.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#enable password cantik------àpassword bebas
RouterVLAN(config)#line vty 0 15
RouterVLAN(config-line)#password cantik
RouterVLAN(config-line)#login
RouterVLAN(config-line)#exit
RouterVLAN(config-line)#^Z --------àTekan Ctrl+Z
Ketikan perintah RouterVLAN#sh ip route
Dan hasilnya seperti berikut
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/0.3
C 192.168.4.0/24 is directly connected, FastEthernet0/0.4
C 192.168.5.0/24 is directly connected, FastEthernet0/0.5
C 192.168.6.0/24 is directly connected, FastEthernet0/0.6
C 192.168.7.0/24 is directly connected, FastEthernet0/0.7
RouterVLAN#
KONFIGURASI SWITCH 1 /VLAN
Switch>en
Switch#config t
Switch(config)#hostname VLAN
VLAN(config)#^Z
VLAN#vlan database
VLAN(vlan)#vlan 2 name Server
VLAN(vlan)#vlan 3 name Fakultas-Ekonomi
VLAN(vlan)#vlan 4 name Fakultas-Kedokteran
VLAN(vlan)#vlan 5 name Fakultas-WebServer2
VLAN(vlan)#vlan 6 name Fakultas-pertanian
VLAN(vlan)#vlan 7 name Fakultas-teknik
VLAN(vlan)#exit
VLAN#config t
VLAN(config)#int f0/1
VLAN(config-if)#switchport mode trunk
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int f0/3
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 2
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/7
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/9
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config-if)#int f0/11
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config)#int f0/4
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/8
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 5
VLAN(config-if)#int f0/10
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 7
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int vlan 1
VLAN(config-if)#ip add 192.168.1.2 255.255.255.0
VLAN(config-if)#no sh
VLAN(config-if)#exit
VLAN(config)#ip default-gateway 192.168.1.1
VLAN(config)#end
VLAN#config t
VLAN(config)#enable password cantik
VLAN(config)#line vty 0 15
VLAN(config-line)#password cantik
VLAN(config-line)#login
VLAN(config-line)#exit
VLAN(config-line)#^Z
Ketikan perintah VLAN#sh vlan.
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 Server active Fa0/3
3 Fakultas-Ekonomi active Fa0/7
4 Fakultas-Kedokteran active Fa0/9, Fa0/11
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
VLAN#
KONFIGURASI SWITCH 2/SWITCH-VLAN2
Switch>en
Switch#config t
Switch(config)#hostname SWITCH-VLAN2
SWITCH-VLAN2(config)#^Z
SWITCH-VLAN2#vlan database
SWITCH-VLAN2(vlan)#vlan 5 name Fakultas-WebServer2
SWITCH-VLAN2(vlan)#vlan 6 name Fakultas-pertanian
SWITCH-VLAN2(vlan)#vlan 7 name Fakultas-teknik
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/2
SWITCH-VLAN2(config-if)#switchport mode trunk
SWITCH-VLAN2(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/4
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/8
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/5
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 5
SWITCH-VLAN2(config-if)#int f0/10
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 7
SWITCH-VLAN2(config-if)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config-if)#ip default-gateway 192.168.1.1
SWITCH-VLAN2(config)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#enable password cantik
SWITCH-VLAN2(config)#line vty 0 15
SWITCH-VLAN2(config-line)#password cantik
SWITCH-VLAN2(config-line)#login
SWITCH-VLAN2(config-line)#exit
SWITCH-VLAN2(config-line)#^Z
Ketikan perintah SWITCH-VLAN2#sh vlan
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
Catatan:
VLAN1 adalah default,
Standarisasi IP address pada InterVLAN
Switch1/VLAN SWITCH-VLAN2
VLAN2
NETWORK 192.168.2.0/24
Gateway 192.168.2.1 VLAN5
NETWORK 192.168.5.0/24
Gateway 192.168.5.1
VLAN3
NETWORK 192.168.3.0/24
Gateway 192.168.3.1 VLAN6
NETWORK 192.168.6.0/24
Gateway 192.168.6.1
VLAN2
NETWORK 192.168.4.0/24
Gateway 192.168.4.1 VLAN7
NETWORK 192.168.7.0/24
Gateway 192.168.7.1
VLAN 1 Default
Network 192.168.1.0/24
Gateway 192.168.1.1
Semoga bermanfaat terutama bagi yang sedang mangambil ujian sertifikasi CCNA3. Experience is the best teacher. Kritik saran dan koreksi silahkan Email di waji4ntoe@yahoo.co.id
Refrerensi
http://www.cisco.com
Modul CCNA3
CCNA Exam Prep (Exam640-801) By David Minutella, Jeremy Cioara, Heather Stevenson
Thanks to Gembel Corp
Kamis, 11 Agustus 2011
FileZilla Server: Implicit SSL part 2
On a local network FTP works just fine however when connecting to the Internet you need to consider a user (FTP client) more importantly the mode of transfer, active or passive. Everything is geared to make it easier for the client hence your server must support passive mode. The following covers this mode and the added complication of running a FTP server behind a wireless router with NAT.
FTP Basics
FTP uses two ports, a 'command' (control) port and 'data' port traditionally these are assigned ports 21 and 20 respectively. Depending on the operating mode, the data port is not always on port 20. Most browsers use passive mode for connection this mode changes the data port as follows.
Top
Passive FTP
In passive mode a client initiates both connections to the server. A client first opens two consecutive random unprivileged ports (ports above 1023). The first port contacts the server on port 21, and issues the “PASV” command. In response the server opens a random unprivileged port and sends the “PORT P” command back to the client. The client then initiates the connection from it’s second port to transfer data.
A secure FTP server follows the above procedure with one minor difference the command port used is reserved port 990.
What’s important when using a NAT device is the need to forward ports 20, 21, 990 and all unprivileged ports. In reality unprivileged ports are restricted to a small range for example 50000 to 50100.
During a data transfer the FTP server needs to send its visible IP address back to a client. Because of address translation through a NAT device the FTP servers has no way of determining this IP address. It needs to be set during FTP server configuration, not a problem if you have a fixed IP address however a dynamic IP is problematic.
The FileZilla team neatly resolves this issue by providing a dynamic IP address resolution service.
Top
Active FTP
If you have ever set-up an FTP client behind a NAT (Network Address Translation) router you will have been forced to changed mode from active to passive. Reason for this, active FTP will not work behind a NAT device.
Top
Summary
The above is intended to explain why you need to twiddle certain settings and how to choose options for your installation. All settings for passive mode are on a single page making the whole set-up process easier.
Top
Configure Passive Mode
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. A) Select Passive mode settings
5. B) Default: Select this if directly connected to the Internet.
6. C) Use the following IP: If connected to the Internet via a NAT router and you have a fixed IP address enter it here.
7. D) Retrieve external IP address from: If connected to the Internet via a NAT router and you have a dynamic IP address select this radio button. Enables FileZilla’s dynamic IP address resolution service
8. E) Don’t use external IP for local connection. Default is checked, no need to change this.
9. F) Use custom port range: Check this box to enable, we do need to restrict the range of random ports. This also restricts (minimises) the ports that require forwarding in the router.
10. G) Enter range of ports you want to allow, 50000-50100 is reasonable. Allows 100 ports consider reducing this if you do not expect a high number of simultaneous connections.
11. H) Click OK
Uc filezilla 9.gif
Top
Configure NAT Router
You need to forward ports 20, 21, 990 and the range (50000-50100) to your PC’s IP address (192.168.1.6)
Replace the values in brackets with your own.
There is a vast range of routers hence I have not provided any detailed set-up instructions.
Again I point you to PortForwrd a website dedicated to this topic with detailed instructions how to forward ports on most routers.
When setting up your router, example shown on the right hopefully provides a clue what to look for.
FTP Basics
FTP uses two ports, a 'command' (control) port and 'data' port traditionally these are assigned ports 21 and 20 respectively. Depending on the operating mode, the data port is not always on port 20. Most browsers use passive mode for connection this mode changes the data port as follows.
Top
Passive FTP
In passive mode a client initiates both connections to the server. A client first opens two consecutive random unprivileged ports (ports above 1023). The first port contacts the server on port 21, and issues the “PASV” command. In response the server opens a random unprivileged port and sends the “PORT P” command back to the client. The client then initiates the connection from it’s second port to transfer data.
A secure FTP server follows the above procedure with one minor difference the command port used is reserved port 990.
What’s important when using a NAT device is the need to forward ports 20, 21, 990 and all unprivileged ports. In reality unprivileged ports are restricted to a small range for example 50000 to 50100.
During a data transfer the FTP server needs to send its visible IP address back to a client. Because of address translation through a NAT device the FTP servers has no way of determining this IP address. It needs to be set during FTP server configuration, not a problem if you have a fixed IP address however a dynamic IP is problematic.
The FileZilla team neatly resolves this issue by providing a dynamic IP address resolution service.
Top
Active FTP
If you have ever set-up an FTP client behind a NAT (Network Address Translation) router you will have been forced to changed mode from active to passive. Reason for this, active FTP will not work behind a NAT device.
Top
Summary
The above is intended to explain why you need to twiddle certain settings and how to choose options for your installation. All settings for passive mode are on a single page making the whole set-up process easier.
Top
Configure Passive Mode
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. A) Select Passive mode settings
5. B) Default: Select this if directly connected to the Internet.
6. C) Use the following IP: If connected to the Internet via a NAT router and you have a fixed IP address enter it here.
7. D) Retrieve external IP address from: If connected to the Internet via a NAT router and you have a dynamic IP address select this radio button. Enables FileZilla’s dynamic IP address resolution service
8. E) Don’t use external IP for local connection. Default is checked, no need to change this.
9. F) Use custom port range: Check this box to enable, we do need to restrict the range of random ports. This also restricts (minimises) the ports that require forwarding in the router.
10. G) Enter range of ports you want to allow, 50000-50100 is reasonable. Allows 100 ports consider reducing this if you do not expect a high number of simultaneous connections.
11. H) Click OK
Uc filezilla 9.gif
Top
Configure NAT Router
You need to forward ports 20, 21, 990 and the range (50000-50100) to your PC’s IP address (192.168.1.6)
Replace the values in brackets with your own.
There is a vast range of routers hence I have not provided any detailed set-up instructions.
Again I point you to PortForwrd a website dedicated to this topic with detailed instructions how to forward ports on most routers.
When setting up your router, example shown on the right hopefully provides a clue what to look for.
FileZilla Server: Implicit SSL part 1
Implicit SSL
Due to the number of steps required setting up a secure FTP server is relatively difficult because of this I have split this over two pages. The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.
Server certificate
FileZilla has a built in certificate generator making this process very easy.
Enable SSL support:
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. From the left menu clcik on SSL/TLS settings A)
5. Check Enable SSL/TSL support B)
6. Default Allow explicit SSL/TLS on normal connections C)
7. Checks Force explicit SSL/TLS D)
8. Default Listen for SSL/TLS –only connections on port 990 E)
9. Click Generate new certificate F)
Note: No need to fill in Private key or Certificate files or Key password boxes.
Fill in certificate details:
11. Seclect Key size 4096bit G)
12. Insert 2-Digit country code H)
13. Fill in some real or dummy information a)-f)
14. Fill in Common name I) Use localhost or your real domain name
15. Use browse J) and navigate to folder *\udrive\filezilla_server
this is where the certificate will be saved.
16. Click Generate certificate K) this will take a while.
17. When complete click OK L)
Enable user to use SSL:
18. From admin select Edit > Users
19. Select a user account M)
20. Check Bypass N)
21. Check Force SSL for user login O)
22. Click OK P)
23. Restart server
Client
I am assuming your are using FireFox and FireFTP
1. Enter a host R) either use IP address 127.0.0.1 or host name localhost
2. Enter an Account name Q) Can be anything you like.
3. Enter login name S) e.g fred (ftp user name)
4. Enter password T) for fred (ftp user account password)
5. Click on Connection tab U)
6. From the drop down menu V) select Implicit SSL (Good)
7. Check the port number 990 is set W)
8. Finally click OK X)
Local test:
From FireFTP click the Connect button enter name an password.
Your browser will have a whinge, create a certificate exception.
FTP folder will display.
Local network test:
On another PC connected to your network repeat the above steps 1-11.
Note: At step 1 enter your PC’s IP address. (See previous page how to obtain IP address)
That confirms you can access the FTP server across your network.
Source : http://wiki.uniformserver.com
Due to the number of steps required setting up a secure FTP server is relatively difficult because of this I have split this over two pages. The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.
Server certificate
FileZilla has a built in certificate generator making this process very easy.
Enable SSL support:
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. From the left menu clcik on SSL/TLS settings A)
5. Check Enable SSL/TSL support B)
6. Default Allow explicit SSL/TLS on normal connections C)
7. Checks Force explicit SSL/TLS D)
8. Default Listen for SSL/TLS –only connections on port 990 E)
9. Click Generate new certificate F)
Note: No need to fill in Private key or Certificate files or Key password boxes.
Fill in certificate details:
11. Seclect Key size 4096bit G)
12. Insert 2-Digit country code H)
13. Fill in some real or dummy information a)-f)
14. Fill in Common name I) Use localhost or your real domain name
15. Use browse J) and navigate to folder *\udrive\filezilla_server
this is where the certificate will be saved.
16. Click Generate certificate K) this will take a while.
17. When complete click OK L)
Enable user to use SSL:
18. From admin select Edit > Users
19. Select a user account M)
20. Check Bypass N)
21. Check Force SSL for user login O)
22. Click OK P)
23. Restart server
Client
I am assuming your are using FireFox and FireFTP
1. Enter a host R) either use IP address 127.0.0.1 or host name localhost
2. Enter an Account name Q) Can be anything you like.
3. Enter login name S) e.g fred (ftp user name)
4. Enter password T) for fred (ftp user account password)
5. Click on Connection tab U)
6. From the drop down menu V) select Implicit SSL (Good)
7. Check the port number 990 is set W)
8. Finally click OK X)
Local test:
From FireFTP click the Connect button enter name an password.
Your browser will have a whinge, create a certificate exception.
FTP folder will display.
Local network test:
On another PC connected to your network repeat the above steps 1-11.
Note: At step 1 enter your PC’s IP address. (See previous page how to obtain IP address)
That confirms you can access the FTP server across your network.
Source : http://wiki.uniformserver.com
Selasa, 19 Juli 2011
[Solved] Error 1606: Could not access network location 0\” in windows Xp
The error was faced by one of our readers who was irritated with the problem that whenever he tried to install or uninstall any program there comes an error message reading “Error 1606:Could not access network location 0\”
Well the fix is not that difficult but requires some Registry Tweaking so it would be better if you have a backup of your registry, but if you are confident enough then you can do it without that as well.
Steps:
1. Type regedit in the Run box to open the registry editor.
2. Now navigate to HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> Current Version -> Explorer -> User Shell Folders
3. Locate the key named “Recent” in the right side and delete it by right clicking on it.
4. Windows may require a restart.
The problem would have gone but if it hasn’t then have a look at these MS articles.
Well the fix is not that difficult but requires some Registry Tweaking so it would be better if you have a backup of your registry, but if you are confident enough then you can do it without that as well.
Steps:
1. Type regedit in the Run box to open the registry editor.
2. Now navigate to HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> Current Version -> Explorer -> User Shell Folders
3. Locate the key named “Recent” in the right side and delete it by right clicking on it.
4. Windows may require a restart.
The problem would have gone but if it hasn’t then have a look at these MS articles.
Senin, 11 Juli 2011
Installing LAMP on Ubuntu 10.04 and 10.10
If you're developing websites, it's nice to be able to test your code in the privacy of your own computer rather that out in the public internet. In order to do that, you'll need to install a webserver on your development computer. LAMP (Linux, Apache, MySQL, php) is one of the most common web hosting platforms, so it's a perfect environment for you to build and test your website code. If you carefully follow these step by step instructions, you'll have your own LAMP setup running in no time.
Install LAMP on Ubuntu
The Ubuntu developers have made it easy to install the LAMP server packages with a single command. Simply open a terminal window and enter the following.
sudo apt-get install lamp-server^
No, that's not a typo. Please make sure to include the caret (^). The command will not work without it.
sudo apt-get install lamp-server^
The apt package manager will show all the packages that need to be installed. Hit to confirm that you want to install them.
LAMP packages
You will then be prompted to change the password for the root user on the MySQL database.
Set MySQL root password
Enter the password you want. You'll be prompted to enter it a second time to confirm.
After you confirm your password, apt will continue to install the rest of the packages.
Congratulations, your LAMP installation is now complete! That was the easy part, now you need to get a few things configured to make your system easy to work with.
Test Apache
Open a web browser and enter the address http://localhost/. You should see a web page that says "It Works!"
Testing Apache
Test php
Now that you know Apache works, you'll want to test the php installation. You'll need to create a file in /var/www called testing.php. Open a terminal and enter:
sudo nano /var/www/testing.php
Enter the following line into the text editor, save the file and exit.
Next, restart Apache with the following terminal command:
sudo /etc/init.d/apache2 restart
Now go back to your web browser and enter the address http://localhost/testing.php/. You should see a page displaying version information for your php installation.
php Information
Configure MySQL
Since I'm installing LAMP for a web development environment, I want the MySQL database to be bound to the localhost IP address. This should be 127.0.0.1 for your system. You can verify it with this terminal command.
cat /etc/hosts | grep localhost
You'll now want to verify that the correct bind address is set up in MySQL's my.cnf file.
cat /etc/mysql/my.cnf | grep bind-address
You should see a line that looks like this:
bind-address = 127.0.0.1
If the IP address doesn't match the one for your system, you'll need to edit the my.cnf file to correct it.
Install phpMyAdmin
You don't need to install phpMyAdmin, but it's a much easier way to get in and adjust things in your MySQL database if you're not familiar with MySQL's commands. You can install phpMyAdmin from the command line with:
sudo apt-get install libapache2-mod-auth-mysql phpmyadmin
The installation will prompt you to select a web server for automatic configuration.
phpMyAdmin Setup
This is important! Use the space bar on your keyboard to select apache2. Make sure there's a * next to apache2 like the picture below and then hit. (Click the picture to enlarge it and see what I'm talking about.)
phpMyAdmin Setup: select apache2
The next screen will explain some information about database configuration. Hit the key to move on.
phpMyAdmin database config
Another screen will come up asking if you want to configure a new database called dbconfig-common. Since this is a fresh installation, use the key to select Yes and hit .
phpMyAdmin dbconfig-common
You'll be prompted next to enter the MySQL root password. Enter the MySQL root password that you created earlier, hit to select Ok and hit .
MySQL root password
You'll then be prompted to enter a MySQL application password for phpmyadmin. You can hit and a random password will be generated. I chose to use the same password that I used for the root MySQL password.
MySQL application password
If you enter your own password, a password confirmation screen will come up. Confirm your password.
MySQL application password confirmation
Your phpMyAdmin installation and configuration is now complete.
Testing phpMyAdmin
Open your web browser and enter the address http://localhost/phpmyadmin/. You should see a page like this.
phpMyAdmin log in
You can log in with the username root and the root password that you created earlier.
Logged into phpMyAdmin
Congratulations, you're now ready to start building your local website. If you're only working on one site you can put all of your files into /var/www. If you'll be working on multiple sites you may want to consider some additional Apache configuration to keep things neat and clean on you system.
Install LAMP on Ubuntu
The Ubuntu developers have made it easy to install the LAMP server packages with a single command. Simply open a terminal window and enter the following.
sudo apt-get install lamp-server^
No, that's not a typo. Please make sure to include the caret (^). The command will not work without it.
sudo apt-get install lamp-server^
The apt package manager will show all the packages that need to be installed. Hit
LAMP packages
You will then be prompted to change the password for the root user on the MySQL database.
Set MySQL root password
Enter the password you want. You'll be prompted to enter it a second time to confirm.
After you confirm your password, apt will continue to install the rest of the packages.
Congratulations, your LAMP installation is now complete! That was the easy part, now you need to get a few things configured to make your system easy to work with.
Test Apache
Open a web browser and enter the address http://localhost/. You should see a web page that says "It Works!"
Testing Apache
Test php
Now that you know Apache works, you'll want to test the php installation. You'll need to create a file in /var/www called testing.php. Open a terminal and enter:
sudo nano /var/www/testing.php
Enter the following line into the text editor, save the file and exit.
Next, restart Apache with the following terminal command:
sudo /etc/init.d/apache2 restart
Now go back to your web browser and enter the address http://localhost/testing.php/. You should see a page displaying version information for your php installation.
php Information
Configure MySQL
Since I'm installing LAMP for a web development environment, I want the MySQL database to be bound to the localhost IP address. This should be 127.0.0.1 for your system. You can verify it with this terminal command.
cat /etc/hosts | grep localhost
You'll now want to verify that the correct bind address is set up in MySQL's my.cnf file.
cat /etc/mysql/my.cnf | grep bind-address
You should see a line that looks like this:
bind-address = 127.0.0.1
If the IP address doesn't match the one for your system, you'll need to edit the my.cnf file to correct it.
Install phpMyAdmin
You don't need to install phpMyAdmin, but it's a much easier way to get in and adjust things in your MySQL database if you're not familiar with MySQL's commands. You can install phpMyAdmin from the command line with:
sudo apt-get install libapache2-mod-auth-mysql phpmyadmin
The installation will prompt you to select a web server for automatic configuration.
phpMyAdmin Setup
This is important! Use the space bar on your keyboard to select apache2. Make sure there's a * next to apache2 like the picture below and then hit
phpMyAdmin Setup: select apache2
The next screen will explain some information about database configuration. Hit the
phpMyAdmin database config
Another screen will come up asking if you want to configure a new database called dbconfig-common. Since this is a fresh installation, use the
phpMyAdmin dbconfig-common
You'll be prompted next to enter the MySQL root password. Enter the MySQL root password that you created earlier, hit
MySQL root password
You'll then be prompted to enter a MySQL application password for phpmyadmin. You can hit
MySQL application password
If you enter your own password, a password confirmation screen will come up. Confirm your password.
MySQL application password confirmation
Your phpMyAdmin installation and configuration is now complete.
Testing phpMyAdmin
Open your web browser and enter the address http://localhost/phpmyadmin/. You should see a page like this.
phpMyAdmin log in
You can log in with the username root and the root password that you created earlier.
Logged into phpMyAdmin
Congratulations, you're now ready to start building your local website. If you're only working on one site you can put all of your files into /var/www. If you'll be working on multiple sites you may want to consider some additional Apache configuration to keep things neat and clean on you system.
Rabu, 11 Mei 2011
Mengubah batas maksimum koneksi pada Windows XP
Sebagai pengguna komputer, mungkin pernah ada kejadian yaitu pada komputer yang menjalankan Windows XP atau Windows 2000, ketika kita mencoba untuk terhubung ke komputer Windows XP baik untuk sharing folder maupun printer, kita menerima sebuah pesan seperti berikut: "No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept". Hal ini bisa terjadi karena jumlah koneksi dari client ke komputer tersebut sudah mencapai jumlah maksimum yaitu 10 koneksi.
Segala bentuk koneksi baik itu sharing file/ folder, printer, dll yang tidak ada aktivitasnya selama interval waktu tertentu, secara otomatis akan diputuskan oleh sistem. Defaultnya, batas waktu untuk autodisconnect ini adalah sekitar 15 menit. Ketika koneksi ini diputus, maka salah satu jalur koneksi (dari 10 jalur koneksi) dapat dipakai oleh koneksi dari komputer lain yang sebelumnya tidak bisa terhubung (lihat message diatas).
Pada umumnya kita sering merestart komputer server, agar semua jalur koneksi kembali kosong, sehingga user lain yang membutuhkan koneksi ke server dapat segera terhubung. Hal ini tentu sangat merepotkan terlebih jika komputer server (dengan sistem operasi windows xp) ini memiliki jumlah client lebih dari 10. Artinya setiap client harus secara bergantian dalam melakukan koneksi ke server ini.
Untuk mengubah batas maksimum koneksi pada windows XP ini, kita dapat menggunakan program yang bernama Intelligent TCPIP.SYS Patcher (definisi Patch bisa dibaca disini)
Cara menggunakan :
1. Download file pendukung disini
2. Extract file PatchTCPIP.zip
3. Jalankan file PatchTCPIP.exe
4. Pada bagian Do you really want to change the limit to 50? (Y=Yes / N=No / C=Change limit), ketik "Y"
5. Tunggu sampai proses pengeditan berakhir
6. Restart komputer
7. Setelah login kembali, coba jalankan kembali file PatchTCPIP.exe, dan lihat pada bagian Current maximum concurrent half-open connection sudah berubah dari 10 ke 50. Artinya batas maksium koneksi ke windows XP tidak lagi hanya 10 client, tetapi menjadi 50 client.
Segala bentuk koneksi baik itu sharing file/ folder, printer, dll yang tidak ada aktivitasnya selama interval waktu tertentu, secara otomatis akan diputuskan oleh sistem. Defaultnya, batas waktu untuk autodisconnect ini adalah sekitar 15 menit. Ketika koneksi ini diputus, maka salah satu jalur koneksi (dari 10 jalur koneksi) dapat dipakai oleh koneksi dari komputer lain yang sebelumnya tidak bisa terhubung (lihat message diatas).
Pada umumnya kita sering merestart komputer server, agar semua jalur koneksi kembali kosong, sehingga user lain yang membutuhkan koneksi ke server dapat segera terhubung. Hal ini tentu sangat merepotkan terlebih jika komputer server (dengan sistem operasi windows xp) ini memiliki jumlah client lebih dari 10. Artinya setiap client harus secara bergantian dalam melakukan koneksi ke server ini.
Untuk mengubah batas maksimum koneksi pada windows XP ini, kita dapat menggunakan program yang bernama Intelligent TCPIP.SYS Patcher (definisi Patch bisa dibaca disini)
Cara menggunakan :
1. Download file pendukung disini
2. Extract file PatchTCPIP.zip
3. Jalankan file PatchTCPIP.exe
4. Pada bagian Do you really want to change the limit to 50? (Y=Yes / N=No / C=Change limit), ketik "Y"
5. Tunggu sampai proses pengeditan berakhir
6. Restart komputer
7. Setelah login kembali, coba jalankan kembali file PatchTCPIP.exe, dan lihat pada bagian Current maximum concurrent half-open connection sudah berubah dari 10 ke 50. Artinya batas maksium koneksi ke windows XP tidak lagi hanya 10 client, tetapi menjadi 50 client.
Jumat, 29 April 2011
Blok Facebook di Jam Kerja dengan Firewall di mikrotik Router
Buat firewall untuk block akses ke facebook
/system script add name="fb-unblock" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disable="yes"
/system script add name="fb-block" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disable="no"
Kemudian Atur jadwal sesuai kebutuhan Anda :
/system scheduler add name="fb-08:00" start-date=Nov/09/2009 start-time=08:00:00 interval=1d on-event="fb-block"
/system scheduler add name="fb-12:00" start-date=Nov/09/2009 start-time=12:00:00 interval=1d on-event="fb-unblock
/system scheduler add name="fb-13:00" start-date=Nov/09/2009 start-time=13:00:00 interval=1d on-event="fb-block"
/system scheduler add name="fb-17:00" start-date=Nov/09/2009 start-time=17:00:00 interval=1d on-event="fb-unblock"
Thanks To Majapahit Crew
/system script add name="fb-unblock" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disable="yes"
/system script add name="fb-block" policy=write,read,policy,test,sniff source={/ip firewall filter set [/ip firewall filter find content="facebook"] disable="no"
Kemudian Atur jadwal sesuai kebutuhan Anda :
/system scheduler add name="fb-08:00" start-date=Nov/09/2009 start-time=08:00:00 interval=1d on-event="fb-block"
/system scheduler add name="fb-12:00" start-date=Nov/09/2009 start-time=12:00:00 interval=1d on-event="fb-unblock
/system scheduler add name="fb-13:00" start-date=Nov/09/2009 start-time=13:00:00 interval=1d on-event="fb-block"
/system scheduler add name="fb-17:00" start-date=Nov/09/2009 start-time=17:00:00 interval=1d on-event="fb-unblock"
Thanks To Majapahit Crew
Setting Anti DDOS di Router Mikrotik
Mencegah lebih baik dari pada mengobati, itulah pepatah lama yang masih berlaku dari jaman sebelum peradaban sampai dengan akhir dunia ini,
begitu juga di dunia Cyber ini, untuk kelancaran arus keluar masuka internet dan untuk menghindari traffic berlebihan yang sengaja seseorang kirimkan untuk mempengaruhi koneksi kita , bahkan bisa membuat koneksi internet kita drop, maka dari itu saya mencoba untuk berbagi setingan Anti DDOS di router Mikrotik
adapun setingannya sebagai berikut :
/ip firewall filter add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-list=DDOS address-list-timeout=15s comment="" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-address-list address-list=DDOS address-list-timeout=15m comment="" disabled=no
/ip firewall filter add chain=input connection-state=established action=accept comment="accept established connection packets" disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment="accept related connection packets" disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment="drop invalid packets" disabled=no
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="Prot Scanner Detection" disabled=no
/ip firewall filteradd chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment="enter to blok ip black attacker" disabled=no
/ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump target chain ICMP" disabled=no
/ip firewall filter add chain=input action=jump jump-target=services comment="jump target chain services" disabled=no
/ip firewall filter add chain=input action=log log-prefix="Filter" comment="Write review Attacker's" disabled=no
/ip firewall filter add chain=input src-address=Subnet wAN action= accept comment="list IP yang boleh akses ke router"
/ip firewall filter add chain=input src-address=Subnet LAN action=accept
/ip firewall filter add chain=input src-address=Subnet DMZ action=accept
/ip firewall filter add chain=input action=drop comment="Blok All Undetection" disabled=no
Selamat mencoba,
Thanks To Mojopahit Crew
begitu juga di dunia Cyber ini, untuk kelancaran arus keluar masuka internet dan untuk menghindari traffic berlebihan yang sengaja seseorang kirimkan untuk mempengaruhi koneksi kita , bahkan bisa membuat koneksi internet kita drop, maka dari itu saya mencoba untuk berbagi setingan Anti DDOS di router Mikrotik
adapun setingannya sebagai berikut :
/ip firewall filter add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-list=DDOS address-list-timeout=15s comment="" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-address-list address-list=DDOS address-list-timeout=15m comment="" disabled=no
/ip firewall filter add chain=input connection-state=established action=accept comment="accept established connection packets" disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment="accept related connection packets" disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment="drop invalid packets" disabled=no
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="Prot Scanner Detection" disabled=no
/ip firewall filteradd chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment="enter to blok ip black attacker" disabled=no
/ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump target chain ICMP" disabled=no
/ip firewall filter add chain=input action=jump jump-target=services comment="jump target chain services" disabled=no
/ip firewall filter add chain=input action=log log-prefix="Filter" comment="Write review Attacker's" disabled=no
/ip firewall filter add chain=input src-address=Subnet wAN action= accept comment="list IP yang boleh akses ke router"
/ip firewall filter add chain=input src-address=Subnet LAN action=accept
/ip firewall filter add chain=input src-address=Subnet DMZ action=accept
/ip firewall filter add chain=input action=drop comment="Blok All Undetection" disabled=no
Selamat mencoba,
Thanks To Mojopahit Crew
Selasa, 08 Maret 2011
Featured
Senin, 14 September 2009
Cara Membuat DNS Server di Ubuntu 9.04
Dalam pembelajaran kali ini saya ingin menjelaskan tentang cara membuat DNS server pada ubuntu 9.04.pengalaman saya jika ingin mengetahui banyak tentang dns server sebaiknya pahami dulu apa itu DNS server???
DNS Server (Domain Name System) : sistem yang menyimpan informasi tentang nama host maupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: internet. DNS menyediakan alamat ip untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surat elektronik (email) untuk setiap domain. Lebih lengkapnya cari aja di wilkipedia... hehe,,,,
Untuk pembuatan DNS nya berikut ini :
1. Pertama - tama update dulu ubuntu-mu.
#apt-get update
root@rafflesia-desktop:~# apt-get update
#apt-get install bind9
3. Setelah proses install bind selesai selanjutnya kamu buat Domain yang akan kamu jadikan DNS nya, dengan mengedit file /etc/bind/named.conf.local
rafflesia@rafflesia-desktop:~$ sudo gedit /etc/bind/named.conf.local
lalu edit file named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "domain-lu.com" IN {
type master;
file "/etc/bind/domain-lu.com";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.domain-lu.com";
};
lalu simpan dengan ctrl+S
(zone "0.168.192.in-addr.arpa" IN maksudnya zona ip pada domain yang dijadikan DNS server.pada penulisan tersebut memang dibalik, jadi jika ip komputer yang akan kamu jadikan sebagai DNS sever adalah 192.168.0.120 maka penulisannya adalah "0.168.192". ip terakhir memang tidak tidak ditulis.bingung yaw,, hehe,,diulang bacanya dan dipahami browww....
4. Lalu kamu buat nama domain-lu.com di directory /etc/bind/domain-lu.com
dengan mengcopy db.127. caranya:
rafflesia@rafflesia-desktop:~$ sudo cp /etc/bind/db.127 /etc/bind/domain-lu.com
Setelah itu kamu copy juga db.127 untuk db.domain-lu.com caranya :
rafflesia@rafflesia-desktop:~$ sudo cp /etc/bind/db.127 /etc/bind/db.domain-lu.com
5. Lalu kamu edit file /etc/bind/domain-lu.com caranya :
rafflesia@rafflesia-desktop:~$ gedit /etc/bind/domain-lu.com
lalu akan muncul text editor yang berisi
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.domain-lu.com. root.domain-lu.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.domain-lu.com.
@ IN A ip_domain-lu
www IN A ip_domain-lu
lalu simpan dengan ctrl+S
(ip_domain-lu maksudnya adalah ip komputer yang ingin dijadikan sebagai DNS server)
6. Kemudian setelah itu kamu edit file db.domain-lu.com yang uda kamu buat tadi.
caranya : rafflesia@rafflesia-desktop:~$ gedit /etc/bind/db.domain-lu.com
muncul deh file tersebut berupa text editor.
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.domain-lu.com. root.domain-lu.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.domain-lu.com.
@ IN PTR ip_domain-lu
ns IN A ip_domain-lu
lalu simpan dengan ctrl+S
7. Setelah itu ganti ip DNS server kamu dengan ip kamu.. paham kan maksudnya broww, dengan mengedit file /etc/resolv.conf
caranya : rafflesia@rafflesia-desktop:~$ sudo gedit /etc/resolv.conf
# Generated by NetworkManager
nameserver 202.134.1.10
nah, umpama nameserver kamu awalnya 202.134.1.10 sekarang kamu ganti dengan ip_komputer yang kamu jadikan DNS server, jadi :
# Generated by NetworkManager
nameserver 192.168.0.120
disini saya menggunakan ip 192.168.0.120 jadi nameserver nya saya isi 192.168.0.120 jadi ya kamu isi ip_komputer yang kamu jadikan DNS server.
paham kan bosssss. hehe,,,
8. Lalu langkah berikutnya adalah restart bind nya
caranya : rafflesia@rafflesia-desktop:~$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind9 [ OK ]
* Starting domain name service... bind9 [ OK ]
jika peringatan tersebut menunjukkan semuanya OK maka konfigurasi DNS kamu berhasil,tidak ada masalah pada konfigurasi DNS yang telah kamu buat. tetapi bila ada peringatan yang menunjukan fail maka se segeralah mengecek kembali konfigurasi DNS yang kamu buat tadi, bisa jadi ada yang kurang,salah penulisan maupun kode juga berpengaruh...
9. Okey kita lanjut, jika tadi proses restart bind9 telah berhasil maka kamu nslookup domain nya.
caranya : rafflesia@rafflesia-desktop:~$ nslookup domain-lu.com
Server: 192.168.0.120
Address: 192.168.0.120#53
Name: domain-lu.com
Address: 192.168.0.120
saya menggunakan ip komputer 192.168.0.120 .Jadi server dan address akan menunjukkan ip komputer kamu yang di jadikan DNS server
10. Lalu kamu ping deh di terminal domain-lu.com apakah sudah terkoneksi apa belum.
caranya : rafflesia@rafflesia-desktop:~$ ping domain-lu.com
PING domain-lu.com (192.168.0.120) 56(84) bytes of data.
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=3 ttl=64 time=0.056 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=4 ttl=64 time=0.054 ms
"(192.168.0.120)" maksudnya adalah server local kamu sekarang berpindah di komputer kamu yang uda kamu buat domain nya untuk dijadikan DNS server.
11. Lalu kamu buka firefox kemudian url nya kamu isi dengan nama domain yang uda kamu buat tadi. misalnya : www.domain-lu.com
Setting file resolv.conf
#nano /etc/resolv.conf
– tulis bagian dibawah –
search domainlo.com
nameserver 192.168.168.1
domain domainlo.com
domain www.domainlo.com
– berakhir diatas tulisan ini –
simpen dengan ctrl+x tekan y kemudian enter.
7. Buat file options di folder /etc/network
# nano /etc/network/options
– isikan seperti dibawah ini –
ip_forward = yes
spoofprotect = yes
syncookies = no
– berakhir disini –
simpen make ctrl+x tekan y kemudian enter.
8. edit juga file hosts di folder /etc
#nano /etc/hosts
– tambahkan dibawahnya –
192.168.168.1 domainlo.com
– berakhir diatas tulisan ini –
simpen seperti biasa
9. restart program bind dan network nya
#/etc/init.d/bind9 restart
#/etc/init.d/networking restart
10. Test dengan perintah
#dig domainlo.com
Senin, 14 September 2009
Cara Membuat DNS Server di Ubuntu 9.04
Dalam pembelajaran kali ini saya ingin menjelaskan tentang cara membuat DNS server pada ubuntu 9.04.pengalaman saya jika ingin mengetahui banyak tentang dns server sebaiknya pahami dulu apa itu DNS server???
DNS Server (Domain Name System) : sistem yang menyimpan informasi tentang nama host maupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan: internet. DNS menyediakan alamat ip untuk setiap nama host dan mendata setiap server transmisi surat (mail exchange server) yang menerima surat elektronik (email) untuk setiap domain. Lebih lengkapnya cari aja di wilkipedia... hehe,,,,
Untuk pembuatan DNS nya berikut ini :
1. Pertama - tama update dulu ubuntu-mu.
#apt-get update
root@rafflesia-desktop:~# apt-get update
#apt-get install bind9
3. Setelah proses install bind selesai selanjutnya kamu buat Domain yang akan kamu jadikan DNS nya, dengan mengedit file /etc/bind/named.conf.local
rafflesia@rafflesia-desktop:~$ sudo gedit /etc/bind/named.conf.local
lalu edit file named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "domain-lu.com" IN {
type master;
file "/etc/bind/domain-lu.com";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/db.domain-lu.com";
};
lalu simpan dengan ctrl+S
(zone "0.168.192.in-addr.arpa" IN maksudnya zona ip pada domain yang dijadikan DNS server.pada penulisan tersebut memang dibalik, jadi jika ip komputer yang akan kamu jadikan sebagai DNS sever adalah 192.168.0.120 maka penulisannya adalah "0.168.192". ip terakhir memang tidak tidak ditulis.bingung yaw,, hehe,,diulang bacanya dan dipahami browww....
4. Lalu kamu buat nama domain-lu.com di directory /etc/bind/domain-lu.com
dengan mengcopy db.127. caranya:
rafflesia@rafflesia-desktop:~$ sudo cp /etc/bind/db.127 /etc/bind/domain-lu.com
Setelah itu kamu copy juga db.127 untuk db.domain-lu.com caranya :
rafflesia@rafflesia-desktop:~$ sudo cp /etc/bind/db.127 /etc/bind/db.domain-lu.com
5. Lalu kamu edit file /etc/bind/domain-lu.com caranya :
rafflesia@rafflesia-desktop:~$ gedit /etc/bind/domain-lu.com
lalu akan muncul text editor yang berisi
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.domain-lu.com. root.domain-lu.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.domain-lu.com.
@ IN A ip_domain-lu
www IN A ip_domain-lu
lalu simpan dengan ctrl+S
(ip_domain-lu maksudnya adalah ip komputer yang ingin dijadikan sebagai DNS server)
6. Kemudian setelah itu kamu edit file db.domain-lu.com yang uda kamu buat tadi.
caranya : rafflesia@rafflesia-desktop:~$ gedit /etc/bind/db.domain-lu.com
muncul deh file tersebut berupa text editor.
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.domain-lu.com. root.domain-lu.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.domain-lu.com.
@ IN PTR ip_domain-lu
ns IN A ip_domain-lu
lalu simpan dengan ctrl+S
7. Setelah itu ganti ip DNS server kamu dengan ip kamu.. paham kan maksudnya broww, dengan mengedit file /etc/resolv.conf
caranya : rafflesia@rafflesia-desktop:~$ sudo gedit /etc/resolv.conf
# Generated by NetworkManager
nameserver 202.134.1.10
nah, umpama nameserver kamu awalnya 202.134.1.10 sekarang kamu ganti dengan ip_komputer yang kamu jadikan DNS server, jadi :
# Generated by NetworkManager
nameserver 192.168.0.120
disini saya menggunakan ip 192.168.0.120 jadi nameserver nya saya isi 192.168.0.120 jadi ya kamu isi ip_komputer yang kamu jadikan DNS server.
paham kan bosssss. hehe,,,
8. Lalu langkah berikutnya adalah restart bind nya
caranya : rafflesia@rafflesia-desktop:~$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind9 [ OK ]
* Starting domain name service... bind9 [ OK ]
jika peringatan tersebut menunjukkan semuanya OK maka konfigurasi DNS kamu berhasil,tidak ada masalah pada konfigurasi DNS yang telah kamu buat. tetapi bila ada peringatan yang menunjukan fail maka se segeralah mengecek kembali konfigurasi DNS yang kamu buat tadi, bisa jadi ada yang kurang,salah penulisan maupun kode juga berpengaruh...
9. Okey kita lanjut, jika tadi proses restart bind9 telah berhasil maka kamu nslookup domain nya.
caranya : rafflesia@rafflesia-desktop:~$ nslookup domain-lu.com
Server: 192.168.0.120
Address: 192.168.0.120#53
Name: domain-lu.com
Address: 192.168.0.120
saya menggunakan ip komputer 192.168.0.120 .Jadi server dan address akan menunjukkan ip komputer kamu yang di jadikan DNS server
10. Lalu kamu ping deh di terminal domain-lu.com apakah sudah terkoneksi apa belum.
caranya : rafflesia@rafflesia-desktop:~$ ping domain-lu.com
PING domain-lu.com (192.168.0.120) 56(84) bytes of data.
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=3 ttl=64 time=0.056 ms
64 bytes from rafflesia-desktop.local (192.168.0.120): icmp_seq=4 ttl=64 time=0.054 ms
"(192.168.0.120)" maksudnya adalah server local kamu sekarang berpindah di komputer kamu yang uda kamu buat domain nya untuk dijadikan DNS server.
11. Lalu kamu buka firefox kemudian url nya kamu isi dengan nama domain yang uda kamu buat tadi. misalnya : www.domain-lu.com
Setting file resolv.conf
#nano /etc/resolv.conf
– tulis bagian dibawah –
search domainlo.com
nameserver 192.168.168.1
domain domainlo.com
domain www.domainlo.com
– berakhir diatas tulisan ini –
simpen dengan ctrl+x tekan y kemudian enter.
7. Buat file options di folder /etc/network
# nano /etc/network/options
– isikan seperti dibawah ini –
ip_forward = yes
spoofprotect = yes
syncookies = no
– berakhir disini –
simpen make ctrl+x tekan y kemudian enter.
8. edit juga file hosts di folder /etc
#nano /etc/hosts
– tambahkan dibawahnya –
192.168.168.1 domainlo.com
– berakhir diatas tulisan ini –
simpen seperti biasa
9. restart program bind dan network nya
#/etc/init.d/bind9 restart
#/etc/init.d/networking restart
10. Test dengan perintah
#dig domainlo.com
Kamis, 24 Februari 2011
Scrip Anti DDOS untuk Mikrotik
ip firewall filter add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=DDOS address-list-timeout=15s comment=”"disabled=no
ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action= add-src-to-address-list address-list=DDOS address-list-timeout=15m comment=”" disabled=no
ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop Paket Invalid” disabled=no
ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”Mendetek serangan Port Scaner” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=”Bikin kejutan ke ip penyerang”disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=”Masukin ke karung Ip penyerang” disabled=no
ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump chain ICMP” disabled=no
ip firewall filter add chain=input action=jump jump-target=services comment=”jump chain service” disabled=no
ip firewall filter add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
ip firewall filter add chain=input action=log log-prefix=”Filter:” comment=”Catat kegiatan penyerang” disabled=no
ip firewall filter add chain=input src-address=Subnet WAN action=accept comment=”List Ip yang boleh akses ke router”
ip firewall filter add chain=input src-address=Subnet Lan action=accept
ip firewall filter add chain=input src-address=Subnet DMZ action=accept
ip firewall filter add chain=input action=drop comment=”Blok Semua yang aneh2"disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 dan limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp action=drop comment=”Bloksemua yang aneh2" disabled=no
ip firewall filter add chain=forward protocol=icmp comment=”Perbolehkan ping”
ip firewall filter add chain=forward protocol=udp comment=”Perbolehkan ke udp”
ip firewall filter add chain=forward src-address=Subnet WAN action=accept comment=”Akses hanya dari ip terdaftar”
ip firewall filter add chain=forward src-address=Subnet LAN action=accept
ip firewall filter add chain=forward src-address=Subnet DMZ action=accept
ip firewall filter add chain=forward action=drop comment=”blok semua yanganeh2"
ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action= add-src-to-address-list address-list=DDOS address-list-timeout=15m comment=”" disabled=no
ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop Paket Invalid” disabled=no
ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”Mendetek serangan Port Scaner” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=”Bikin kejutan ke ip penyerang”disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=”Masukin ke karung Ip penyerang” disabled=no
ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump chain ICMP” disabled=no
ip firewall filter add chain=input action=jump jump-target=services comment=”jump chain service” disabled=no
ip firewall filter add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no
ip firewall filter add chain=input action=log log-prefix=”Filter:” comment=”Catat kegiatan penyerang” disabled=no
ip firewall filter add chain=input src-address=Subnet WAN action=accept comment=”List Ip yang boleh akses ke router”
ip firewall filter add chain=input src-address=Subnet Lan action=accept
ip firewall filter add chain=input src-address=Subnet DMZ action=accept
ip firewall filter add chain=input action=drop comment=”Blok Semua yang aneh2"disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 dan limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp action=drop comment=”Bloksemua yang aneh2" disabled=no
ip firewall filter add chain=forward protocol=icmp comment=”Perbolehkan ping”
ip firewall filter add chain=forward protocol=udp comment=”Perbolehkan ke udp”
ip firewall filter add chain=forward src-address=Subnet WAN action=accept comment=”Akses hanya dari ip terdaftar”
ip firewall filter add chain=forward src-address=Subnet LAN action=accept
ip firewall filter add chain=forward src-address=Subnet DMZ action=accept
ip firewall filter add chain=forward action=drop comment=”blok semua yanganeh2"
Langganan:
Postingan (Atom)