My Server Blog: 2012

Jumat, 28 Desember 2012

Backup Konfigurasi System dan User Manager Mikrotik ke E-mail

Backup konfigurasi mikrotik manual harian...capek deh :p
Mikrotik mempunyai fitur pengiriman sebuah file melalui email. Saya akan mencoba membuat backup system dan data base userman dan mengirimkannya ke Gmail saya setiap hari.
Pertama pastikan kita telah memiliki akun Gmail :D kemudian buat sript dengan nama backup_to_email yang isinya sebagai berikut :

:local ds [/system clock get date]
:set ds ([:pick $ds 7 11].[:pick $ds 0 3].[:pick $ds 4 6])
:local sysName [/system identity get name];
:local destEmail [/tool e-mail get from];
:local boardName [/system resource get board-name];
#-----BackupSystem-----
:local Sys ($sysName.$boardName."-Sys-".$ds.".backup")
/system backup save name=$Sys;
#-----BackupUserman-----
:local Userman ($sysName.$boardName."-Userman-".$ds.".umb")
/tool user-manager database save name= $Userman;
:log info "Proses backup $Sys , $Userman berhasil..";
#-----mengirim email email----
:delay 20s
:log info "Proses pengiriman E-mail sedang berjalan..silahkan tunggu"
#-----email4BackupSystem-----
/tool e-mail send subject=$Sys body=$Sys to=$destEmail tls=yes file=$Sys
#-----email4BackupUserman-----
:delay 20s
/tool e-mail send subject=$Userman body=$Userman to=$destEmail tls=yes file=$Userman
#-----menghapus file yang sebelumnya di buat----
:delay 40s
:if ([:len [/file find name=$Sys]] > 0) do={/file remove $Sys}
:if ([:len [/file find name=$Userman]] > 0) do={/file remove $Userman}
:log info "Penghapusan file $Sys , $Userman berhasil.."

Seting konfigurasi pengiriman email di mikrotik seperti ini :

[gaharu@jakkom] > tool e-mail pr
address: 74.125.141.109
   port: 587
starttls: no
      from: account@gmail.com
    user: account@gmail.com
password: your-password

Selanjutnya tinggal jalankan script tadi melalui Scheduller. Atur jarak waktu pengiriman sesuai kebutuhan anda. pada bagian OnEvent isi dengan nama script yang telah kita buat tadi. Selamat mencoba!

Sabtu, 22 Desember 2012

Konfigurasi squid.conf Lusca in my FreeBSD 9.0

# WELCOME TO SQUID LUSCA_HEAD-r14809 #
# ---------------------------------- #
#    Last edited Desember 2012       #
#     AMD Sempron 3000 1,5GB         #
#     Java  AnggreK  Komputer        #
###############start of config########

http_port 192.168.40.250:3128 transparent
http_port 127.0.0.1:3128
icp_port 3130
server_http11 on

cache_effective_user proxy
cache_effective_group proxy

error_directory /usr/share/squid/errors/English
#icon_directory /usr/share/squid/icons
visible_hostname JAKKOM
cache_mgr JAVA_ANGGREK
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_http_violations off
logfile_rotate 1
shutdown_lifetime 10 seconds
forwarded_for off

#ini adalah ip LOCAL LAN yang mengakses squid
acl localnet src 192.168.1.0/24
acl localnet src 192.168.10.0/24
acl localnet src 192.168.40.0/24
acl localnet src 192.168.50.0/24
acl localnet src 192.168.100.0/24
acl localnet src 1.1.1.0/24

acl localdstnet dst 192.168.1.0/24
acl localdstnet dst 192.168.10.0/24
acl localdstnet dst 192.168.40.0/24
acl localdstnet dst 192.168.50.0/24
acl localdstnet dst 192.168.100.0/24
acl localdstnet dst 1.1.1.0/24

# Setup some default acls
acl all src all
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 667 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

acl nocache-domain dstdomain .jakkom.com .javaanggrek.com .login.yahoo.com .blogger.com .blogspot.com .facebook.com
acl QUERY urlpath_regex -i \.(ini|lst|inf|htc|php|htm|html|asp)$
acl QUERY urlpath_regex -i (captcha|reset.css|update.txt|gamenotice|PatchTimeCheck.dat|PatchPath.dat|vdf.info.gz|version)

cache deny QUERY
cache deny localhost 
cache deny nocache-domain
cache deny localdstnet
always_direct allow QUERY localhost localdstnet nocache-domain

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny all

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

uri_whitespace strip

#idm
acl idm req_header Range -i bytes=.*
acl idm1 req_header User-Agent -i Mozilla/(17.0|16.0|15.0|5.0|4.0)
http_reply_access deny idm idm1

#jika memakai unbound
dns_nameservers 127.0.0.1 
#jika tanpa unbound
#dns_nameservers 202.134.1.10 202.134.0.155 8.8.8.8 8.8.4.4
cache_mem 8 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /ember1/cache 9000 21 256 
cache_dir aufs /ember2/cache 9000 21 256
cache_dir aufs /ember3/cache 9000 21 256
cache_dir aufs /ember4/cache 9000 21 256
cache_dir aufs /ember5/cache 9000 21 256
cache_dir aufs /ember6/cache 9000 21 256

#sesuikan dengan batas object yang akan di cache

minimum_object_size 1 bytes
maximum_object_size 40 MB
offline_mode off
cache_swap_low 80
cache_swap_high 90

# redirector configure jika memakai storeurl.pl dan squidGuard
storeurl_rewrite_program /usr/share/squid/storeurl.pl
storeurl_rewrite_children 19
storeurl_rewrite_concurrency 15
storeurl_bypass on 
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_children 19

## LUSCA
acl speedtest dstdom_regex -i speedtest.*\.
acl store_rewrite_list urlpath_regex .*\/speedtest\/.*\.(jpg|txt)
acl store_rewrite_list urlpath_regex .*\.ak\.fbcdn\.net\/
acl store_rewrite_list urlpath_regex http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)
acl store_rewrite_list urlpath_regex s[0-9]*\.filesonic\.com\/download\/.*
acl store_rewrite_list urlpath_regex [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/
acl store_rewrite_list urlpath_regex \/(watch\?|get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|rar|cab|amf|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|rar|cab|amf|swf)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)

acl dontrewrite url_regex redbot\.org \.php \.html \.css
acl getmethod method GET

storeurl_access allow speedtest
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

##############################################
###       REFRESH PATTERN OPTION           ###
##############################################

# in minutes
#Youtube
refresh_pattern (watch\?|get_video\?|videoplayback\?|videodownload\?|\.flv?) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale negative-ttl=0

#All File with ?
refresh_pattern -i \.(3gp|avi|ac4|mp(e?g|a|e|1|2|3|4)|m4(a|v)|3g(p?2|p)|mk(a|v)|og(x|v|a|g|m)|wm(a|v)|wmx|wpl|rm|snd|vob|wav|asx|avi|qt|divx|flv|f4v|x-flv|dvr-ms|m(1|2)(v|p)|mov|mid)\? 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(7z|ace|rar|jar|gz|tgz|bz2|iso|mod|arj|lha|lzh|zip|tar|cab|dat)\? 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|amf|swf|css|js|ad)\? 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(exe|ms(i|u|p)|deb|bin|ax|r(a|p)m|app|pkg|apk)\? 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(t?x|t)|epub|pdf|rtf|wax|cb(r|z|t)|xl(s?x|s)|do(c?x|c)|inc)\? 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale

#All File without ?
refresh_pattern -i \.(3gp|avi|ac4|mp(e?g|a|e|1|2|3|4)|m4(a|v)|3g(p?2|p)|mk(a|v)|og(x|v|a|g|m)|wm(a|v)|wmx|wpl|rm|snd|vob|wav|asx|avi|qt|divx|flv|f4v|x-flv|dvr-ms|m(1|2)(v|p)|mov|mid) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(7z|ace|rar|jar|gz|tgz|bz2|iso|mod|arj|lha|lzh|zip|tar|cab|dat) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|amf|swf|css|js|ad) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(exe|ms(i|u|p)|deb|bin|ax|r(a|p)m|app|pkg|apk) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(t?x|t)|epub|pdf|rtf|wax|cb(r|z|t)|xl(s?x|s)|do(c?x|c)|inc) 10080 90% 10080 ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 10% 10080 override-lastmod reload-into-ims store-stale
refresh_pattern . 180 10% 1440

acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

global_internal_static off
max_stale 1 week
retry_on_error on
buffered_logs off
read_ahead_gap 16 KB

header_access Accept-Encoding deny  all
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all
client_persistent_connections on
server_persistent_connections on 
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 60 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 1024
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 4096
memory_pools off
reply_header_max_size 32 KB
#memory_pools_limit 1024 MB
#forwarded_for on

#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on

##########End of Config################

Sumber: - lusca.info

        - Forum Belajar Bareng

Rabu, 19 Desember 2012

Internet Sehat dengan squidGuard pada FreeBSD 9.0

Bener kata mas Widya Walecha, instalasi squidGuard itu gak ribet kenapa di buat ribet..hehehehe...thank's ya bro :D

Di FreeBSD 9.0 sebenarnya semua bisa di konfigurasi dan di install melalui ports jika squid + squidGuard akan dipasang dalam kondisi fresh install, namun kondisi di tempat saya sedikit beda karena sudah ada Lusca yang running hasil instalasi dari paket tarbal, dan saya paling malas kalo mesti konfigurasi ulang, karena pada instalasi squidGuard melalu ports akan ada permintaan untuk memasang Squid, karena Lusca dari tarbal tidak terdeteksi pada penginstalan squidGuard.

Jadi saya anggap disini squid/lusca sudah di install dan berjalan normal. Langkah pertama adalah menginstal paket BerkeleyDB, disini yang saya gunakan adalah paket db42-4.2.52_5 :

jakkom# whereis db42
db42: /usr/ports/databases/db42
jakkom# cd /usr/ports/databases/db42
jakkom# make install clean

selanjutnya menginstall paket squidGuard, saya menggunakan stable version 1.4 :
jakkom# cd /tmp
jakkom# fetch http://www.squidguard.org/Downloads/squidGuard-1.4.tar.gz
jakkom# tar -xzvf squidGuard-1.4.tar.gz
jakkom# cd squidGuard-1.4

Sampai disini kita akan masuk proses configure. Ada sedikit permasalahan ketika melakukan configure, ternyata untuk di FreeBSD ada sedikit perbedaan dengan Linux pada umumnya. Variabel -ldb untuk ld (library linker) diganti jadi -ldb-4.2 pada FreeBSD. Jadi kita merubah sedikit file configure pada baris 4063 dengan menggantinya menjad seperti ini :

jakkom# ee configure
cari baris ke 4063 ganti sebagai berikut : LIBS="$LIBS -ldb-4.2"

Simpan dan keluar.

selanjutnya kita jalankan script configure :

jakkom# ./configure --prefix=/usr/local --libdir=/usr/local/lib --includedir=/usr/local/include --with-squiduser=proxy --with-db-lib=/usr/local/lib --with-db-inc=/usr/local/include/db42
jakkom# make && make install

sekarang tinggal mengkonfigurasi squidguard seperti kehendak kita pada squidGuard.conf. Contoh pada jaringan saya :

#ee /usr/local/squidGuard/squidGuard.conf

##################SOF###################
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
     weekly smtwhfa 01:00 - 23:00
}

# SOURCE ADDRESSES
source clients {
        ip 192.168.1.0/24
        ip 192.168.10.0/24
        ip 192.168.50.0/24
        ip 192.168.100.0/24
        ip 1.1.1.0/24
}

# LOCALNET DESTINATION CLASSES
#dest localnet {
#     domainlist whitelist/domains
#}

# EXTERNAL DESTINATION CLASSES
dest hacking {
        domainlist hacking/domains
        urllist hacking/urls
}
dest violence {
        domainlist violence/domains
        urllist violence/urls
expressionlist violence/expressions
}
dest proxy {
        domainlist proxy/domains
        urllist proxy/urls
}
dest porn {
        domainlist porn/domains
        urllist porn/urls
        expressionlist porn/expressions
}
dest mail {
        domainlist mail/domains
}
dest warez {
        domainlist warez/domains
        urllist warez/urls
}
dest gambling {
        domainlist gambling/domains
        urllist gambling/urls
}
dest drugs {
        domainlist drugs/domains
        urllist drugs/urls
}
dest aggressive {
        domainlist aggressive/domains
        urllist aggressive/urls
}
dest ads {
        domainlist ads/domains
        urllist ads/urls
}

acl {
    clients within workhours {
        pass     !hacking !violence !proxy !porn !ads !warez !gambling !drugs !aggressive !ads any
    } else {
        pass     any
    }

    default {
        pass     none
        redirect http://jakkom.com/test.txt
    }
}
#################EOF######################

Tambahkan baris berikut di squid.conf utk mengaktifkan squidGuard nantinya:

redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidguard.conf

Selanjutnya kita dowload file blacklist-nya, sekali lagi terimakasih kepada mas Walecha yang udah mencerminkan file blacklist terupdate pada mirror lokal:

jakkom# cd /tmp
jakkom# fetch http://ftp.paudni.kemdikbud.go.id/blacklists/blacklists.tar.gz

jakkom# tar xvzf blacklists.tar.gz
jakkom# cp -r blacklists/* /usr/local/squidGuard/db
jakkom# squidGuard -C all
jakkom# chown -R proxy:proxy /usr/local/squidGuard/db
jakkom# squid -k reconfigure

Selesai sudah semua yang kita butuhkan untuk instalasi squidGuard, selamat menikmati internet sehat di jaringan Anda. Selamat mencoba

Rabu, 12 Desember 2012

Autoindex pada Apache Web Server + PHP5 di FreeBSD 9.0

Punya usaha WISP (Wireless Internet Service Provider) dengan bandwidth minim membuat otak harus berpikir sekian kali untuk dapat memaksimalkan bandwidth yang ada untuk kebutuhan user. Terpikir untuk menyediakan web server dimana para user bisa mendownload file-file populer cukup dari server lokal. Tentunya ini akan sangat menghemat penggunaan bandwidth internet kita karena request client hanya ke server local. Lansung saja kita mulai, yang kita akan install disini adalah paket apache22 dan php5.

Contoh tampilan autoindex

1. Instalasi Apache22 melalui ports :

jakkom# whereis apache22
apache22: /usr/ports/www/apache22
jakkom# cd /usr/ports/www/apache22
jakkom# make install clean

edit httpd.conf :

jakkom# ee /usr/local/etc/apache22/httpd.conf

edit bagian ip dengan ip server Anda:

# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 80
Listen 192.168.40.250:80

tambahkan baris ini untuk load module_php5

LoadModule php5_module        libexec/apache22/libphp5.so

#AddModule mod_php5.c
    <IfModule mod_php5.c>
        DirectoryIndex index.php index.html
    </IfModule>
    <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        AddType application/x-httpd-php-source .phps
    </IfModule>

Sesuaikan baris ini dengan alamat email dan nama server Anda :

ServerAdmin java_anggrek@yahoo.co.id

ServerName jakkom.com:80

selesai dan simpan.

pada apache22 di FreeBSD DocumentRoot ada pada /usr/local/www/apache22/data

Edit /etc/rc.conf agar apache22 bisa langsung start saat booting :

apache22_enable="YES"
apache22_flags=""

Cek apakah konfigurasi apache22 sudah benar :

jakkom#service apache22 configtest

Jika tidak ada pesan error, apache22 siap di jalankan :

jakkom#service apache22 onestart

Panggil melalui browser dengan mengetikkan ip server kita, jika berhasil maka akan muncul tampilan : It's Work
Sampai disini kita sudah berhasil menginstal apache22 di FreeBSD 9.0.
Karena script autoindex kebanyakan berbentuk php maka selanjutnya kita akan menginstall php5 agar dapat menjalankan file berekstensi .php.

2. Menginstal php5 dari ports :

jakkom# whereis php5
php5: /usr/ports/lang/php5
jakkom# cd /usr/ports/lang/php5
jakkom# make config

pastikan option Apache di centang untuk mengaktifkan mod_php5

jakkom# make install clean

cek apakah php5 sudah terkonfigurasi dengan benar :

jakkom#apachectl graceful

jika tidak ada pesan error berarti php5 telah terkonfigurasi dengan baik.
Selanjutnya tinggal meletakkan script autoindex di DocumentRoot.
Script Autoindex bisa Anda dapatkan gratis di sini

Selamat Mencoba.

Selasa, 27 November 2012

Mikrotik NAT Redirect to Proxy (Screenshoot)

Setelah berhasil membangun sebuah proxy server di FreeBSD selanjutnya kita tinggal membuatkan NAT di mikrotik untuk membelokkan semua request client ke proxy server. Saya akan coba menjelaskannya melalui SS yang saya ambil berikut melalui winbox.

Pada contoh ini IP Proxy Server = 192.168.40.250 Port = 3128 IP Network Warnet = 192.168.50.0/24 Interface warnet = eth3_to_warnet

Untuk memulai membuat NAT redirect buka winbox klik IP > Firewall > NAT, klik tanda + untuk menambahkan rule NAT baru.

Cukup mudah bukan, sekarang semua request dari client akan di redirect ke proxy server yang baru kita buat. Selamat mencoba.

Senin, 26 November 2012

squid.sh

Untuk memudahkan kita dalam mengeksekusi perintah squid ada baik nya juga kita bikin script sederhana seperti di bawah ini:

jakkom# ee /usr/local/etc/rc.d/squid.sh

kemudian ketikan script di bawah ini :

#!/bin/sh

echo -n 'Proxy Server'

case "$1" in
start)
/usr/sbin/squid -D
;;
stop)
/usr/sbin/squid -k shutdown
;;
restart)
/usr/sbin/squid -k reconfigure
;;
*)
echo "Usage: 'basename $0' {start|stop|restart}"
;;
esac

Simpan dan selesai

Sekarang jika kita akan menjalankan squid tinggal mengetikan :

jakkom#service squid.sh start

Begitu pula untuk stop dan restart.

Semoga bermanfaat

Rabu, 21 November 2012

Install Unbound di FreeBSD 9.0

Langsung tanpa basa-basi :

#whereis unbound

unbound : /usr/ports/dns/unbound

# cd /usr/ports/dns/unbound

# make install clean

jika muncul opsi-opsi klik ok saja alias ambil defaultnya aja sudah cukup

#rehash

#cd /usr/local/etc/unbound

#fetch ftp://FTP.INTERNIC.NET/domain/named.cache

#rehash

#unbound-control-setup

#chown unbound:wheel unbound_*

#chmod 440 unbound_*

#mkdir /usr/local/etc/unbound/dev

#echo "devfs /usr/local/etc/unbound/dev devfs rw 0 0" >> /etc/fstab

#echo 'unbound_enable="YES"' >> /etc/rc.conf

#echo 'devfs_set_rulesets="/usr/local/etc/unbound/dev=unbound_ruleset"' >> /etc/rc.conf

edit /usr/local/etc/unbound/unbound.conf

seperti ini

server:

verbosity: 1

statistics-interval: 120

extended-statistics: yes

statistics-cumulative: yes

num-threads: 1

interface: 0.0.0.0

outgoing-range: 512

num-queries-per-thread: 1024

msg-cache-size: 16m

rrset-cache-size: 32m

msg-cache-slabs: 4

rrset-cache-slabs: 4

cache-max-ttl: 86400

infra-host-ttl: 60

infra-lame-ttl: 120

infra-cache-numhosts: 10000

infra-cache-lame-size: 10k

do-ip4: yes

do-ip6: no

do-udp: yes

do-tcp: yes

do-daemonize: yes

#ip yang boleh mengakses unbound

access-control: 0.0.0.0/0 refuse

access-control: 192.168.10.0/24 allow

access-control: 192.168.20.0/24 allow

access-control: 192.168.40.0/24 allow

access-control: 192.168.50.0/24 allow

chroot: "/usr/local/etc/unbound"

username: "unbound"

directory: "/usr/local/etc/unbound"

logfile: ""

use-syslog: no

root-hints: "/usr/local/etc/unbound/named.cache"

identity: "DNS"

version: "1.4"

hide-identity: yes

hide-version: yes

harden-glue: yes

do-not-query-address: 127.0.0.1/8

do-not-query-localhost: yes

module-config: "iterator"

#zone localhost

local-zone: "localhost." static

local-data: "localhost. 10800 IN NS localhost."

local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"

local-data: "localhost. 10800 IN A 127.0.0.1"

local-zone: "127.in-addr.arpa." static

local-data: "127.in-addr.arpa. 10800 IN NS localhost."

local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"

local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

#zone jakkom.proxy.net (edit bagian ini sesuai ip proxy dan hostname

local-zone: "jakkom.proxy.net." static

local-data: "jakkom.proxy.net. 86400 IN NS ns1.jakkom.proxy.net."

local-data: "jakkom.proxy.net. 86400 IN SOA jakkom.proxy.net. hostmaster.jakkom.proxy.net. 3 3600 1200 604800 86400"

local-data: "jakkom.proxy.net. 86400 IN A 192.168.40.250"

local-data: "www.jakkom.proxy.net. 86400 IN A 192.168.40.250"

local-data: "ns1.jakkom.proxy.net. 86400 IN A 192.168.40.250"

#pada bagian ini ip proxy di tulis dengan urutan terbalik, perhatikan dengan teliti penulisannya

local-zone: "40.168.192.in-addr.arpa." static

local-data: "40.168.192.in-addr.arpa. 10800 IN NS jakkom.proxy.net."

local-data: "40.168.192.in-addr.arpa. 10800 IN SOA jakkom.proxy.net. hostmaster.jakkom.proxy.net. 4 3600 1200 604800 864000"

local-data: "250.40.168.192.in-addr.arpa. 10800 IN PTR jakkom.proxy.net."

#seting untuk DNS Forward

forward-zone:

name: "."

forward-addr: 202.134.1.10

forward-addr: 202.134.0.155

forward-addr: 8.8.8.8

forward-addr: 8.8.4.4

forward-addr: 208.67.222.222

forward-addr: 208.67.220.220

forward-addr: 180.131.144.144

forward-addr: 180.131.145.145

remote-control:

control-enable: yes

control-interface: 127.0.0.1

control-port: 953

server-key-file: "/usr/local/etc/unbound/unbound_server.key"

server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"

control-key-file: "/usr/local/etc/unbound/unbound_control.key"

control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

edit di /usr/local/etc/squid/squid.conf bagian name server ganti dengan:

nameserver 127.0.0.1

edit di /etc/resolv.conf ganti dengan:

nameserver 127.0.0.1

bikin file dengan nama devfs.rules di /etc

#ee /etc/devfs.rules

####isinya seperti dibawah ini####

[unbound_ruleset=20]

add hide

add path null unhide

add path zero unhide

add path crypto unhide

add path random unhide

add path urandom unhide

simpan dan instalasi unbound selesai :)

#reboot

untuk di mikrotik silahkan bikin NAT untuk direct ke unbound nya..persis dengan direct proxy namun dengan protocol UDP port 53.

cek unbound :

#unbound-control stats

Step by Step Instalasi FreeBSD sebagai Proxy Server

FreeBSD, mendengar namanya saja sudah membayangkan betapa rumitnya OS Server ini di instalasikan. Beberapa teman warnet banyak yang bertanya, "Kok susah banget ya cari step by step instalasi FreeBSD, butuh buat bangun proxy server nih".

Dari sini saya berpikir untuk mendokumentasikan step by step instalasi FreeBSD 9.0 untuk sebuah proxy server. Proxy server yang akan saya gunakan adalah Lusca.

Pada pendokumentasian screenshoot saya menggunakan virtual box utk menginstalasikan server FreeBSD 9.0, tujuannya hanya untuk memudahkan saja. Pada kenyataannya sebaiknya anda melakukan penginstalan pada mesin server stand alone, saya tidak menyarankan anda untuk melakukan penginstalan server pada virtual box karena tentunya akan sangat mempengaruhi performanya.

Spesifikasi PC yang saya gunakan disini cukup minimalis AMD Sempron 3000, memory 1,5GB dan HDD 80GB. Untuk file iso FreeBSD 9.0 bisa anda download di http://www.freebsd.org/where.html, pilih sesuai spesifikasi mesin pc yang akan gunakan.

Untuk Screenshoot lengkapnya bisa anda unduh di link berikut :

Halaman