Limit Download Extention Mikrotik

Label: 0 komentar
Firewall Filter
/ip firewall filter
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment="Filter Download iso" content=.iso disabled=no protocol=tcp \
    src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=mpg content=.mpg disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=mp3 content=.mp3 disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=avi content=.avi disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=exe content=.exe disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=rar content=.rar disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=mwv content=.mwv disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=zip content=.zip disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=3gp content=.3gp disabled=no protocol=tcp src-address=\
    192.168.0.0/24
add action=add-dst-to-address-list address-list=cekek address-list-timeout=1h chain=forward comment=mp4 content=.mp4 disabled=no protocol=tcp src-address=\
    192.168.0.0/24

Firewall Mangle
/ip firewall mangle add chain=forward \
protocol=tcp src-address-list=cekek \
action=mark-packet new-packet-mark=cekek-bw

Queue
/queue simple add name=download-files \
max-limit=32000/32000 packet-marks=cekek-bw

Limit Streaming Mikrotik

Label: 0 komentar
Layer Protocol
/ip firewall layer7-protocol
add name=http-video-streaming regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
    ][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"

 Firewall Mangle
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Limit Streaming Video" \
    disabled=no layer7-protocol=http-video-streaming new-connection-mark=\
    http-video-streaming-1 passthrough=yes
add action=mark-packet chain=prerouting disabled=no layer7-protocol=\

Queue
/queue type
add kind=pcq name=Pcq-Download pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=Pcq-Upload pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=\
    32 pcq-src-address6-mask=128 pcq-total-limit=2000

/queue tree
add burst-limit=128k burst-threshold=24k burst-time=4s disabled=no limit-at=\
    32k max-limit=32k name=Streaming packet-mark=http-video-streaming \
    parent=global-total priority=8 queue=Pcq-Download






Standar Firewall Mikrotik

Label: 0 komentar
Address List
/ip firewall address-list
add address=192.168.0.8 disabled=no list=local-addr ( ip address yg di izinkan untuk acces winbox )

 Firewall Filter
/ip firewall filter
add action=add-src-to-address-list address-list=-FTP address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access FTP" disabled=no dst-port=21 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-FTP
add action=accept chain=input disabled=no dst-port=21 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-SSH address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access SSH" disabled=no dst-port=22 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-SSH
add action=accept chain=input disabled=no dst-port=22 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-TELNET address-list-timeout=\
    4w2d chain=input comment="Filter - Wan Access TELNET" disabled=no dst-port=\
    23 protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-TELNET
add action=accept chain=input disabled=no dst-port=23 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-WEB address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access WEB" disabled=no dst-port=80 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-WEB
add action=accept chain=input disabled=no dst-port=80 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-WINBOX address-list-timeout=\
    4w2d chain=input comment="Filter - Wan Access WINBOX" disabled=no dst-port=\
    8291 protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-WINBOX
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-VPN address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access VPN" disabled=no dst-port=1723 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-VPN
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list="Filter - Port Scanners" \
    address-list-timeout=2w chain=input comment="Filter - Port Scanners" \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"
add action=accept chain=forward comment=Connections connection-state=\
    established disabled=no
add action=accept chain=forward connection-state=related disabled=no
add action=drop chain=forward comment="Blok Ping Out" disabled=no \
    out-interface=modem1 protocol=icmp src-address=!192.168.0.8







Time Acces Internet with Kantor

Label: 1 komentar
/ip proxy
set always-from-cache=no cache-administrator="webmaster" cache-hit-dscp=4 \
    cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=3128 serialize-connections=no src-address=\
    0.0.0.0

===========================================================================

/ip proxy access
add action=deny comment=proxy disabled=no src-address=192.168.20.0/24

===========================================================================

/ip firewall nat
add action=redirect chain=dstnat comment=Redirect disabled=no in-interface=\
local port=3128 protocol=\
tcp src-address-list=!allow to-ports=3128

===========================================================================

/system script
add name=allow policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=\
    "/ip proxy access set [find comment=\"proxy\"] action=allow"
add name=deny policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=\
    "/ip proxy access set [find comment=\"proxy\"] action=deny"

===========================================================================

/system scheduler
add comment="" disabled=no interval=1w name=allow on-event=allow policy=\
    reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/02/2012 start-time=12:00:00
add comment="" disabled=no interval=1w name=deny on-event=deny policy=\
    reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    may/02/2012 start-time=13:00:00







Loadbalancing 2 Speedy

Label: 0 komentar
/interface
Set 0 name=modem1
Set 1 name=modem2
Set 2 name=local

============================================================================

/ip address
add address=192.168.1.2/24 netmask=255.255.255.0 interface=modem1
add address=192.168.2.2/24 netmask=255.255.255.0 interface=modem2
add address=192.168.20.1/24 netmask=255.255.255.0 interface=local

============================================================================
/ip firewall mangle
 add chain=prerouting action=mark-connection new-connection-mark=modem1
     passthrough=yes connection-state=new in-interface=local nth=2,1

 add chain=prerouting action=mark-routing new-routing-mark=modem1
     passthrough=no in-interface=local connection-mark=modem1

 add chain=prerouting action=mark-connection new-connection-mark=modem2
     passthrough=yes connection-state=new in-interface=local nth=2,2

 add chain=prerouting action=mark-routing new-routing-mark=modem2
     passthrough=no in-interface=local connection-mark=modem2 

============================================================================


/ip firewall nat
add chain=srcnat action=masquerade out-interface=modem1
add chain=srcnat action=masquerade out-interface=modem2

============================================================================


/ip route 
add gateway=192.168.1.1 
add gateway=192.168.2.1 routing-mark=modem2

Eoip Tunelling Mikrotik

Label: 0 komentar
 
MikroTik Jakarta
ip public = 111.111.111.111
ether1 =  192.168.1.1/24
ether2 = 192.168.0.1/24

MikroTik Medan
ip public = 222.222.222.222
ether1 = 192.168.1.2/24
ether2 = 192.168.0.2/24


Seting di kedua Mikrotik
  1. admin@jakarta > Ip address add address=192.168.1.1/24 interface=ether1 disabled=no  
  2. admin@jakarta > Ip address add address=192.168.0.1/24 interface=ether2 disabled=no  
  3. admin@medan > Ip address add address=192.168.1.2/24 interface=ether1 disabled=no  
  4. admin@medan > Ip address add address=192.168.0.2/24 interface=ether2 disabled=no

 Seting di Mikrotik Jakarta
  1. interface pptp-server server set enabled=yes   
  2. interface pptp-server add name=medan user=medan disabled=no  
  3. ppp secret add name=medan password=medan local-address=10.0.1.1 remote-address=10.0.1.2 service=pptp disabled=no  

  Seting di Mikrotik Medan
  1. interface pptp-client add name=jkt-mdn user=medan password=medan connect-to=111.111.111.111 disabled=no 

  Seting di kedua Mikrotik
  1. admin@jakarta > interface eoip add name=eoip remote-address=10.0.1.2 tunnel-id=1 disabled=no  
  2. admin@medan > interface eoip add name=eoip remote-address=10.0.1.1 tunnel-id=1 disabled=no  

Seting di kedua Mikrotik
  1. interface bridge add name=bridge disabled=no  
  2. interface bridge port add bridge=bridge interface=eoip, ether2



Squid Proxy Ubuntu Server 11.04

0 komentar
Berikut Squid untuk kantor yang ingin memLimit akses internet pada jam tertentu dan memBLok / meAllow website tertentu.

Dibawah ini adalah Squid setingan saya sendiri dengan cara kerja nya adalah
- Akses Internet User pada jam Istirahat, yaitu jam 12:00 sampai jam 12:45
   artinya : User tersebut cuma dikasih akses internet cuma 45 menit sesuai jam yang di atur pada squid

- Blok website yang ada pada blok.txt
  artinya : akan memBlok website tertentu sesuai yang ada di file blok.txt ( jadi isi saja alamat web yang ada 
  di blok.txt)

- Allow website yang ada pada allow.txt
  artinya : akan memAllow website tertentu sesuai yang ada di file allow.txt ( jadi isi saja alamat web yang ada
  di allow.txt)

#################################
# INFO-WAROENKOMPUTER SQUID 2.7
# date : 01 JANUARI 2012
#################################

# ACCESS CONTROLS
# ---------------
acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 192.168.0.0/24

# SET PROXY USER
# ---------------

acl nonlimit src 192.168.0.1
acl limit src 192.168.0.2


acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32

# SET TIME ACCESS
# ---------------
acl pagi time SMTWHFA 06:00-12:00
acl sore time SMTWHFA 12:45-21:00

# BLOK WEBSITE
# ---------------
acl bloksite url_regex -i "/etc/squid/blok.txt"
acl allowsite url_regex -i "/etc/squid/allow.txt"

acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim



# BLOK WEBSITE
# ---------------
http_access deny bloksite

# ALLOW WEBSITE
# ---------------
http_access allow allowsite

# SET PROXY USER
# ---------------
http_access allow nonlimit


# SET TIME ACCESS
# ---------------
http_access deny pagi
http_access deny sore
http_access allow limit

http_access deny ym
http_access deny ymregex
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
http_access deny all

# NETWORK OPTIONS
# ---------------
http_port 3128
icp_access deny all

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------
cache_mem 256 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 4000 10 256
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# ---------------------------------------
#access_log /cache/access.log
access_log none
access_log /var/log/squid/access.log
#cache_log /cache/cache.log
#cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
client_db off
#pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
# ----------------------------
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
store_avg_object_size 13 KB

# HTTP OPTIONS
# ------------
server_http11 on
collapsed_forwarding on
vary_ignore_expire on

# ANONIMITY OPTIONS
# -----------------
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
# --------
forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 second
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
# -------------------------
cache_mgr waroenkomputer
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname waroenkomputer

# ADVANCED NETWORKING OPTIONS
# ---------------------------
max_filedescriptors 2048

# DNS OPTIONS
# -----------
check_hostnames off
#DNS NAWALA
dns_nameservers 180.131.144.144
dns_nameservers 180.131.144.145
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95

# MISCELLANEOUS
# -------------
memory_pools off
forwarded_for off
reload_into_ims on
coredump_dir /cache
pipeline_prefetch on
offline_mode off
###### END CONFIGURATION ###########

Selamat mencoba dan berExperimen ...

Instal dan Seting FTP Server

Label: 0 komentar
Downlod dulu Ftp Server klik disini

Lalu install dan setelah selesai install tinggal setting

Klik tab di bawah ftp server

Klik New Member lalu isi username dan password ( bisa generate lohh ) dan arahkan folder mana yang anda inginkan untuk file ftpserver ( klik browse )

Klik Apply

Untuk buat username lain sama seperti yang anda buat tadi

dan klik Start Server

dan untuk client cara aksesnya gampang sekali, buka browser ( firefox ) dan ketik seperti diwabah ini :

ftp:ipftpserver:21
 ubah ipftpserver dengan ip ftp server anda

dan apabila sukses akan ada form isi username dan password

masukan username dan password yang anda buat tadi

dan hasilnya seperti ini

Instal dan Seting VNCServer Fedora Core 8

Label: 0 komentar
Buka console anda dan ketik seperti dibawah ini :

[root@info warkom] # yum install vnc           [Enter]

Edit file VNCServer yang ada di '/etc/sysconfig/vncservers' lebih mudah pakai software winscp

VNCSERVERS="1:root" 

VNCSERVERARGS[1]="-geometry 1024x768
-depth 16" 

Edit file '/root/.vnc/xstartup'


#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &
startx &
Setelah selesai instal dan edit, sekarang kita aktifkan service VNCServer

Buat password VNCServer

# vncpasswd

Start services VNCServer

# service vncserver restart

Agar services jalan pas start linux

# chkconfig vncserver on
Sekarang tinggal di tes, apakah sudah running atau belum untuk remote ke linux pakai VNCServer
Ketik di VNCViewer
iplinux:1
Lalu masukan password yang anda buat tadi, dan hasil seperti dibawah ini











Langganan: Postingan (Atom)
Copyright © Tutorial Komputer