A.
KONFIGURASI ROUTER
1. kita setting interfacesnya
terlebih dahulu dengan perintah
# nano /etc/network/interfaces
Kemudian edit file tersebut menjadi
seperti dibawah ini :
(untuk IP Address eth0 sesuaikan dengan IP Address di
sekolah anda)
auto eth0
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
auto eth1
iface eth1 inet static
address 192.168.50.1
netmask 255.255.255.0
network 192.168.50.0
broadcast 192.168.50.255
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
auto eth1
iface eth1 inet static
address 192.168.50.1
netmask 255.255.255.0
network 192.168.50.0
broadcast 192.168.50.255
2. Aktifkanip forward
denganperintah:
#nano /etc/sysctl.conf
cari kata #net.ipv4.ip_forward=1
kemudian hilangkan tanda # hingga menjadi seperti dibawah ini :
net.ipv4.ip_forward=1
#nano /etc/sysctl.conf
cari kata #net.ipv4.ip_forward=1
kemudian hilangkan tanda # hingga menjadi seperti dibawah ini :
net.ipv4.ip_forward=1
3. Selanjutnya ketikan perintah
# nano
/etc/resolv.conf
Tuliskan
script di bawahini
Nameserver
192.168.2.2
Domain
tkj.com
Search
tkj.com
4. Kemudiankita edit file rc.localdenganperintah
#nano /etc/rc.local
sebelumbaris exit 0 ditambahkan
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
sehingga rc.local akan menjadi
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
exit 0
#nano /etc/rc.local
sebelumbaris exit 0 ditambahkan
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
sehingga rc.local akan menjadi
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
exit 0
5. Lalu restart denganperintah
# /etc/init.d/networking restart
B.
KONFIGURASI DHCP-SERVER
1. Instalasipaket
DHCP-Server
Periksa dhcp-server
sudah di install belum
#dpkg -l| grep dhcp3-server
Update sumberpaket DHCP
#apt-get update
Jika belum diinstall maka install paket dhcp-server dengan cara berikut #apt-get install dhcp3-server
2. Konfigurasi
DHCP-Server
Berikutperintahuntukkonfigurasi DHCP
#nano /etc/dhcp3/dhcpd.conf
Lalucaritulisansepertidibawahini:
# A slightly
different configuration for an internal subnet
# subnet 10.5.5.0 netmask 255.255.255.244 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# subnet 10.5.5.0 netmask 255.255.255.244 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
Hilangkan semua tanda
pagar dan ganti sesuaikan dengan settingan interface yang nantinya akan menjadi
seperti ini:
# A slightly
different configuration for an internal subnet.
subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.2 192.168.50.12;
option domain-name-servers 192.168.2.2;
option domain-name "tkj.com";
option routers 192.168.50.1;
option broadcast-address 192.168.50.255;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.2 192.168.50.12;
option domain-name-servers 192.168.2.2;
option domain-name "tkj.com";
option routers 192.168.50.1;
option broadcast-address 192.168.50.255;
default-lease-time 600;
max-lease-time 7200;
}
3. Restart
denganperintah :
#/etc/init.d/dhcp3-server
restart
Setelah
semua langkah dilakukan dengan benar, kita bias mengecek pada pc client. Dengan
syarat setting dulu mode penentuan ip addressnya.Yaitu dengan memilih pilihan
"Obtain ip automatically"
C. KONFIIGURASI DNS-SERVER
1. Install paket bind9 untukversi yang terbaru, denganperintah
#apt-get install
bind9
2. Memastikan paket bind9 apakah sudah terinstall dengan benar,
dengan perintah
# dpky –l bind9
3. Mengedit script resolf.conf, dengan perintah :
# nano /etc/resolv.conf
# nano /etc/resolv.conf
4. Mengedit script named.conf, dengan perintah:
# nano /etc/bind9/named.conf
Edit seperti dibawah ini:
# nano /etc/bind9/named.conf
Edit seperti dibawah ini:
};
Zone “tkj.com”
Type master;
File “/etc/cache/bind/db.tkj.com”;
}; Zone “192.in-addr.arpa”{
Type master;
File “/etc/cache/bind/db.2”;
};
Zone “tkj.com”
Type master;
File “/etc/cache/bind/db.tkj.com”;
}; Zone “192.in-addr.arpa”{
Type master;
File “/etc/cache/bind/db.2”;
};
5.
Copy file db.127 dandb.local pada directory yang sama
dengan perintah:
# cp /etc/bind/db.local /etc/bind/tkj.com
# cp /etc/db.127 /etc/bind/db.2
# cp /etc/bind/db.local /etc/bind/tkj.com
# cp /etc/db.127 /etc/bind/db.2
6. Membuat file
zone forward yang berfungsi untuk menerjemahkan nama ke IP Address dari zona
lokalnyadengan perintah:
# nano /etc/bind/db.tkj $TTL 604800
@ IN SOA tkj.com. root.tkj.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS tkj.com.
@ IN A 192.168.2.2
www IN A 192.168.2.2
# nano /etc/bind/db.tkj $TTL 604800
@ IN SOA tkj.com. root.tkj.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS tkj.com.
@ IN A 192.168.2.2
www IN A 192.168.2.2
7. Membuat file
zone forward yang berfungsi menerjemahkan IP Address kenama dari zona lokalnya,
dengan perintah
# nano /etc/bind/db.2
# nano /etc/bind/db.2
$TTL 604800
@ IN SOA tkj.com. root.tkj.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS tkj.com.
2.2.168 IN PTR tkj.com.
www IN PTR tkj.com.
@ IN SOA tkj.com. root.tkj.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS tkj.com.
2.2.168 IN PTR tkj.com.
www IN PTR tkj.com.
8. Merestart
daemon DNS Server, dengan perintah :
# /etc/init.d/bind9 restart
Stopping domain name service . . . : bind .
Starting domain name service . . . : bind .
# /etc/init.d/bind9 restart
Stopping domain name service . . . : bind .
Starting domain name service . . . : bind .
9. Mencoba DNS
Server apakah sudah berjalan dengan baik dan benar dengan perintah ping
#nslookup www.tkj.com
Jika muncul reply berarti konfigurasi anda berhasil.
#nslookup www.tkj.com
Jika muncul reply berarti konfigurasi anda berhasil.
D.
KONFIGURASI
WEB SERVER
1. # apt-get
install apache2 php5
2. # pico
/etc/apache2/sites-available/default (Tambahkan pada baris terakhir)
<VirtualHost *:80>
ServerAdmin antoro@situstkj.co.cc
ServerName www.situstkj.co.cc
ServerAlias situstkj.co.cc
DocumentRoot /var/www/
</VirtualHost>
<VirtualHost *:80>
ServerAdmin antoro@situstkj.co.cc
ServerName www.situstkj.co.cc
ServerAlias situstkj.co.cc
DocumentRoot /var/www/
</VirtualHost>
3. # /etc/init.d/apache2
restart
Restarting web server: apache2 ... waiting .
Restarting web server: apache2 ... waiting .
4. pico
/var/www/index.html
|
<html><body><h1>www.situsTKJ.co.cc berhasil</h1></body></html>
5. Buka browser komputer client dan masukkan url
www.situstkj.co.cc anda akan melihat tampilan ini:
|
1. Install paket Proxy
server yaitus quid.
# apt-getinstall squid.
# apt-getinstall squid.
2. Kemudian konfigurasi
file squid.conf, menggunakan mcedit agar dalam pencarian kata
lebih mudah.
# mcedit /etc/ squid / squid.conf
# mcedit /etc/ squid / squid.conf
3. Kemudian cari dan tambahkan
kalimat berikut serta hilangkan tanda #.
# http_port 3128 transparent
# cache_mem 32 mb
# cache_dirufs /var/spool/squid 1000 16 256
# cache_mgr admin@tkj.com
# visible_hostname proxy@tkj.com ->tambahkannama visible hostname kamu
# http_port 3128 transparent
# cache_mem 32 mb
# cache_dirufs /var/spool/squid 1000 16 256
# cache_mgr admin@tkj.com
# visible_hostname proxy@tkj.com ->tambahkannama visible hostname kamu
4. Kemudian cari kalimat
acl CONNECT method CONNECT, lalu tambahkan konfigurasi sebagai berikut :
aclblokurl_regex –I “/etc/blok.txt”
http_access deny blok
acllansrc 192.168.50.0/24
http_access allow lan
http_access allow all
aclblokurl_regex –I “/etc/blok.txt”
http_access deny blok
acllansrc 192.168.50.0/24
http_access allow lan
http_access allow all
5. Kemudian simpan konfigurasi
tersebut.
6. Buat file blok.txt
pada direktori /etc/ untuk mengeblok situs.
# nano /etc/blok.txt
Facebook.com
Yahoo.com
Kemudian save.
# nano /etc/blok.txt
Facebook.com
Yahoo.com
Kemudian save.
7. Lalu buat swap
# squid –z
# squid –z
8. Kemudian aktifkan ip_forwading
dan tabel routing dengan perintah :
# echo 1 /proc/sys/net/ipv4/ip_forwad
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
# echo 1 /proc/sys/net/ipv4/ip_forwad
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
9. Lalukita REDIRECT
port 80 ke port 3128 dg perintah :
# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128
# iptables-save
# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128
# iptables-save
10.
Kemudian konfigurasi file rc.local
# nano /etc/rc.local
Tambahkankonfigurasi routing tadi :
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128
kemudiansimpan.
# nano /etc/rc.local
Tambahkankonfigurasi routing tadi :
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128
kemudiansimpan.
11.
Kemudian restart squid
# /etc/init.d/squid restart
Cobabuka browser pada client dan masuk ke alamat situs yang di blok tadi. Maka akan muncul pesan bahwa url di blok oleh admin.
# /etc/init.d/squid restart
Cobabuka browser pada client dan masuk ke alamat situs yang di blok tadi. Maka akan muncul pesan bahwa url di blok oleh admin.
F.
INSTALASI DAN KONFIGURASI FTP SERVER
1.
Install paket vsftpd untuk versi yang
terbaru
#apt-get install vsftpd
#apt-get install vsftpd
2.
Mengedit script vsftpd.conf
#pico /etc/vsftpd.conf
#pico /etc/vsftpd.conf
# Allow anonymous FTP? (Beware –
allowed by default if you comment this out )
anonymous_enable=YES
#
# Uncoment this to allow local users to log in.
local_enable=YES
#
# Uncoment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local user is 077. you may wish to change this to 002,
# if your user expect that (022 is used by most other ftpd’s)
# local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=Yes
#
# Activate directory messages-messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections orginate from port 20 ( ftp-data).
connect_from_port_20=YES
anonymous_enable=YES
#
# Uncoment this to allow local users to log in.
local_enable=YES
#
# Uncoment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local user is 077. you may wish to change this to 002,
# if your user expect that (022 is used by most other ftpd’s)
# local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=Yes
#
# Activate directory messages-messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections orginate from port 20 ( ftp-data).
connect_from_port_20=YES
3. Merestart daemon FTP
#/etc/init.d/vsftpd restart
Shutting down vsftpd :
Starting vsftpd for vsftpd :
#/etc/init.d/vsftpd restart
Shutting down vsftpd :
Starting vsftpd for vsftpd :
4. Cekmelalui server
dengan perintah ftp ftp.tkj.com kemudian ketikkan nama user tadi dan
passwordnya. Untuk memeriksa apakah ftp tersebut benar-benar dapat digunakan, buat sebuah direktori
atau file di dalam ftp tersebut. Caranya ketikkan mkdirtes_dir
5. Cek di client
menggunakan browser, kemudian ketikkan ftp.tkj.com kemudian Login.
