Evan && Or && Id

Iseng iseng buat menuhin blog…

Kalo ada temen pengen ngintip password yg ter encrypt di cisco silakan gunakan tools di link ini

Hari ini ada temen minta di test kemampuan download dari koneksinya, dia sudah coba test download tapi tidak pernah sampai 40Mbps.. bahkan 20Mbps juga ga bisa…

Nah dari pengetesan tersebut akhirnya saya minta di sediakan mesin buat ujicoba, eh di kasih ubuntu ya udah deh akhirnya ngoprek di ubuntu, Langsung aja deh…

root@mail:~/torrent# apt-get install bittorrent
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
python-bittorrent
Suggested packages:
bittorrent-gui
The following NEW packages will be installed:
bittorrent python-bittorrent
0 upgraded, 2 newly installed, 0 to remove and 113 not upgraded.
Need to get 107kB of archives.
After this operation, 651kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://id.archive.ubuntu.com/ubuntu/ lucid/main python-bittorrent 3.4.2-11.1ubuntu4 [53.2kB]
Get:2 http://id.archive.ubuntu.com/ubuntu/ lucid/main bittorrent 3.4.2-11.1ubuntu4 [54.0kB]
Fetched 107kB in 1s (57.1kB/s)
Selecting previously deselected package python-bittorrent.
(Reading database … 42181 files and directories currently installed.)
Unpacking python-bittorrent (from …/python-bittorrent_3.4.2-11.1ubuntu4_all.deb) …
Selecting previously deselected package bittorrent.
Unpacking bittorrent (from …/bittorrent_3.4.2-11.1ubuntu4_all.deb) …
Processing triggers for man-db …
Setting up python-bittorrent (3.4.2-11.1ubuntu4) …

Processing triggers for python-central …
Setting up bittorrent (3.4.2-11.1ubuntu4) …
update-alternatives: using /usr/bin/btcompletedir.bittorrent to provide /usr/bin/btcompletedir (btcompletedir) in auto mode.
update-alternatives: using /usr/bin/btdownloadcurses.bittorrent to provide /usr/bin/btdownloadcurses (btdownloadcurses) in auto mode.
update-alternatives: using /usr/bin/btdownloadheadless.bittorrent to provide /usr/bin/btdownloadheadless (btdownloadheadless) in auto mode.
update-alternatives: using /usr/bin/btlaunchmany.bittorrent to provide /usr/bin/btlaunchmany (btlaunchmany) in auto mode.
update-alternatives: using /usr/bin/btlaunchmanycurses.bittorrent to provide /usr/bin/btlaunchmanycurses (btlaunchmanycurses) in auto mode.
update-alternatives: using /usr/bin/btmakemetafile.bittorrent to provide /usr/bin/btmakemetafile (btmakemetafile) in auto mode.
update-alternatives: using /usr/bin/btreannounce.bittorrent to provide /usr/bin/btreannounce (btreannounce) in auto mode.
update-alternatives: using /usr/bin/btrename.bittorrent to provide /usr/bin/btrename (btrename) in auto mode.
update-alternatives: using /usr/bin/btshowmetainfo.bittorrent to provide /usr/bin/btshowmetainfo (btshowmetainfo) in auto mode.
update-alternatives: using /usr/bin/bttrack.bittorrent to provide /usr/bin/bttrack (bttrack) in auto mode.

Install bittorrent kelar..

Upload file .torrent ke mesin-nya langsung dah jalanin :

root@mail:~/torrent# screen btdownloadcurses Sin\ City.2005.720p.HDTV.DTS.x264-THOR.torrent

Nah untuk monitoring-nya pake apps bmon aja :

root@mail:~# apt-get install bmon
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
bmon
0 upgraded, 1 newly installed, 0 to remove and 113 not upgraded.
Need to get 43.6kB of archives.
After this operation, 184kB of additional disk space will be used.
Get:1 http://id.archive.ubuntu.com/ubuntu/ lucid/universe bmon 2.0.1-3 [43.6kB]
Fetched 43.6kB in 1s (24.5kB/s)
Selecting previously deselected package bmon.
(Reading database … 42274 files and directories currently installed.)
Unpacking bmon (from …/archives/bmon_2.0.1-3_i386.deb) …
Processing triggers for man-db …
Setting up bmon (2.0.1-3) …

root@mail:~# bmon

Nah ini kalo mau ngitung MiB ke Mb, di ambil dari answers.yahoo

OK, there are 1024 KiB in a MiB.
In turn, there are 1024 bytes in a KiB.

So in a MiB there are

1024*1024 = 1,048,576 bytes.

There are 1000 KB in a MB.
In turn, there are 1000 bytes in a KB

So in a MB there are

1000*1000 = 1,000,000 bytes.

To convert from MiB to MB, multiply by 1.048576.
To convert from MB to MiB, divide by 1.048576.

Or just use 1.05, as that’s close enough, really.

If you want to convert between GiB and GB, use 1.073741824, or just 1.07.

For example, if you buy a new 500 GB hard drive, you only get about 465 GiB.

Kali ini saya coba berbagi pengetahuan dan semoga ini bisa bermanfaat bagi kita semua, dalam kesempatan ini saya coba menjelaskan cara-cara pembuatan port-channel lacp load balancing dan redudance
Apa sih itu LACP ?
LACP adalah kepanjangan dari Link Aggregation Control Protocol yang inti dari artinya adalah penggabungan beberapa port menjadi satu

Lalu apa itu Port-channel ?
Port-channel adalah Ethernet Channel of interfaces

kalau load balancing ?
load balancing adalah membuat seimbang, dimana dalam kasus ini kinerja dari port-nya balance

Lebih detail tentang teori baca aja deh di sini http://en.wikipedia.org/wiki/Link_aggregation

Lalu keuntungannya apa ?
Apa aja boleh… ^,^

Dari pada teori mulu mendingan kita praktek langsung aja ya..
Sekarang kita mulai configurasinya, tahap awal kita configurasi interface-nya, mari kita aktifin interface Port-channel-nya :
SW-Backbone-2#configure terminal
SW-Backbone-2(config)#interface port-channel 1
SW-Backbone-2(config-if)#description ke-SW-Backbone-1
SW-Backbone-2(config-if)#switchport trunk encapsulation dot1q
SW-Backbone-2(config-if)#switchport mode trunk
SW-Backbone-2(config-if)#switchport trunk allowed vlan 90,104,225
SW-Backbone-2(config-if)#CTRL+Z

lanjut aktifin load balance redudance-nya
SW-Backbone-2(config)#port-channel load-balance src-dst-ip

Ok..ini hasil dari configurasi di atas
SW-Backbone-2#show running-config interface po1
Building configuration…

Current configuration : 134 bytes
!
interface Port-channel1
description ke-SW-Backbone-1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 90,104,225
switchport mode trunk
end

SW-Backbone-2#sh ru
Building configuration…

Current configuration : 6063 bytes
!
! Last configuration change at 20:14:18 JKT Fri Dec 23 2011 by evan
! NVRAM config last updated at 19:32:28 JKT Fri Dec 23 2011 by evan
!
version 12.2
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service unsupported-transceiver
!
hostname SW-Backbone-2
!
port-channel load-balance src-dst-ip
!

lanjutttt… Sekarang kita alokasikan 4 port untuk kita gabungkan :
SW-Backbone-2#configure terminal
SW-Backbone-2(config)#in gi0/25
SW-Backbone-2(config)#description EthCnl-Po1
SW-Backbone-2(config-if)#switchport trunk encapsulation dot1q
SW-Backbone-2(config-if)#switchport mode trunk
SW-Backbone-2(config-if)#channel-group 1 mode active
SW-Backbone-2(config-if)#CTRL+Z
SW-Backbone-2#configure terminal
SW-Backbone-2(config)#in gi0/26
SW-Backbone-2(config)#description EthCnl-Po1
SW-Backbone-2(config-if)#switchport trunk encapsulation dot1q
SW-Backbone-2(config-if)#switchport mode trunk
SW-Backbone-2(config-if)#channel-group 1 mode active
SW-Backbone-2(config-if)#CTRL+Z
SW-Backbone-2#configure terminal
SW-Backbone-2(config)#in gi0/27
SW-Backbone-2(config)#description EthCnl-Po1
SW-Backbone-2(config-if)#switchport trunk encapsulation dot1q
SW-Backbone-2(config-if)#switchport mode trunk
SW-Backbone-2(config-if)#channel-group 1 mode active
SW-Backbone-2(config-if)#CTRL+Z
SW-Backbone-2#configure terminal
SW-Backbone-2(config)#in gi0/27
SW-Backbone-2(config)#description EthCnl-Po1
SW-Backbone-2(config-if)#switchport trunk encapsulation dot1q
SW-Backbone-2(config-if)#switchport mode trunk
SW-Backbone-2(config-if)#channel-group 1 mode active
SW-Backbone-2(config-if)#CTRL+Z

Di sini saya tidak memasukkan Allow Vlan ( filter vlan ) pada port yg kita gabung, melainkan cukup pada interface Port-channel-nya saja
Setelah di connectin semua maka hasilnya seperti ini :
SW-Backbone-2#show int status

Port      Name               Status       Vlan       Duplex  Speed Type
———- CUT —————-
Gi0/25    EthCnl-Po1         connected    trunk      a-full a-1000 1000BaseSX SFP
Gi0/26    EthCnl-Po1         connected    trunk      a-full a-1000 1000BaseSX SFP
Gi0/27    EthCnl-Po1         connected    trunk      a-full a-1000 1000BaseSX SFP
Gi0/28    EthCnl-Po1         connected    trunk      a-full a-1000 1000BaseSX SFP
Po1       ke-SW-Backbone-1   connected    trunk      a-full a-1000

SW-Backbone-2#sh ru in gi0/25
Building configuration…

Current configuration : 151 bytes
!
interface GigabitEthernet0/25
description EthCnl-Po1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 90,104,225
switchport mode trunk
channel-group 1 mode active
end

SW-Backbone-2#sh ru in gi0/26
Building configuration…

Current configuration : 151 bytes
!
interface GigabitEthernet0/26
description EthCnl-Po1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 90,104,225
switchport mode trunk
channel-group 1 mode active
end

SW-Backbone-2#sh ru in gi0/27
Building configuration…

Current configuration : 151 bytes
!
interface GigabitEthernet0/27
description EthCnl-Po1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 90,104,225
switchport mode trunk
channel-group 1 mode active
end

SW-Backbone-2#sh ru in gi0/28
Building configuration…

Current configuration : 151 bytes
!
interface GigabitEthernet0/28
description EthCnl-Po1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 90,104,225
switchport mode trunk
channel-group 1 mode active
end

Sekarang kita liat Speed-nya pada Interface Port-channel-nya sudah sebesar 4Gb ( MTU 1500 bytes, BW 4000000 Kbit, DLY 10 usec, ), dan di sini juga terlihat port berapa aja yg kita gabung ( Members in this channel: Gi0/25 Gi0/26 Gi0/27 Gi0/28 )

SSW-Backbone-2#show interfaces Po1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0012.0161.1719 (bia 0012.0161.1719)
Description: ke-SW-Backbone-1
MTU 1500 bytes, BW 4000000 Kbit, DLY 10 usec,
reliability 255/255, txload 101/255, rxload 26/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi0/25 Gi0/26 Gi0/27 Gi0/28
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters 1w3d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 422306000 bits/sec, 182790 packets/sec
5 minute output rate 1598643000 bits/sec, 246533 packets/sec
124709349643 packets input, 39994852902325 bytes, 0 no buffer
Received 15963398 broadcasts (8718778 multicasts)
0 runts, 0 giants, 0 throttles
778973 input errors, 5589 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 8718778 multicast, 0 pause input
0 input packets with dribble condition detected
165597102019 packets output, 132050835252807 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

SW-Backbone-2#show interfaces gi0/25
GigabitEthernet0/25 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0012.0161.1719 (bia 0012.0161.1719)
Description: EthCnl-Po1
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 103/255, rxload 29/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:22, output hang never
Last clearing of “show interface” counters 1w3d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 116336000 bits/sec, 48788 packets/sec
5 minute output rate 406893000 bits/sec, 63369 packets/sec
33031920919 packets input, 11535121696360 bytes, 0 no buffer
Received 8751836 broadcasts (8484111 multicasts)
0 runts, 0 giants, 0 throttles
779637 input errors, 5602 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 8484111 multicast, 0 pause input
0 input packets with dribble condition detected
42145656820 packets output, 33357023523376 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

Kelar deh… gimana ? ada pertanyaan ?

Thanks to kawan-kawan seperjuangan, Lasta Yani, Daddy Yustiadi dan Ahmad Hidayat yang sudah sudi ngoprek bareng.

Kadang kita suka males kalo mau backup switch, kalau hanya satu atau dua switch cisco sih ga begitu masalah.. kalau ada lebih dari 20 switch ? pasti merepotkan juga kan….

Nah karena dasar itu saya coba iseng-iseng bikin program asal-asalan, sebenernya ni program cuman buat ngebantu kita meng exekusi beberapa printah di cisco, seperti memasukkan user name, password, enable password, password enable, printah-printah backup seperti :

copy runing-config tftp:

copy vlan.dat tftp:

copy config.text tftp:

Nah untuk membuat tools ini memerlukan beberapa program yaitu :

1. Telnet client ( by default sudah ada pada windows anda, kecuali windows 7 harus di aktifkan program telnet cliant-nya )

2. AutoIT ( bisa di download di sini )

3. TFTP-Server ( bisa di download di sini )

Setelah Telnet Client , AutoIT dan TFTP-Server  di install sekarang ke proses selanjutnya yaitu pembuatan tools-nya contoh scrip-nya :

——————————START————————-

;;++++++++++++++++++++++++++++++++++
;+++++++++++++++++++++++++++++++++++
;++                                                                                  ++
;++        Program Sederhana Back-UP Cisco         ++
;++            Create-By AutoIt                                      ++
;++        For More Question email me AT              ++
;++              evan@bhomert.com                              ++
;;++++++++++++++++++++++++++++++++++
;;++++++++++++++++++++++++++++++++++

; Ganti ip.cisco.xxx.xxx dengan IP cisco yg akan di backup
Run(“telnet.exe ip.cisco.xxx.xxx”)
Sleep(1000)
; Ganti username dengan username kamu
Send(“username”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti password dengan password kamu
Send(“password”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
Send(“en”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti enablepassword dengan enable password  switch kamu
send(“enablepassword”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
Send(“copy running-config tftp:”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti ip.TFTP-Server.xxx.xxx dengan IP TFTP-Server kamu
Send(“ip.TFTP-Server.xxx.xxx”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti namahost dengan hostname Switch
Send(“namahost-config”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
Send(“copy vlan.dat tftp:”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti ip.TFTP-Server.xxx.xxx dengan IP TFTP-Server kamu
Send(“ip.TFTP-Server.xxx.xxx”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti namahost dengan hostname Switch
Send(“namahost-vlan.dat”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
Send(“copy config.text tftp:”)
Send(“{ENTER}”)
Sleep(200)
; Ganti ip.TFTP-Server.xxx.xxx dengan IP TFTP-Server kamu
Send(“ip.TFTP-Server.xxx.xxx”)
Sleep(200)
Send(“{ENTER}”)
Sleep(200)
; Ganti namahost dengan hostname Switch
Send(“namahost-config.text”)
Sleep(200)
Send(“{ENTER}”)
Sleep(1000)
Send(“q”)
Send(“{ENTER}”)
Sleep(1000)
Send(“{ENTER}”)

——————————AND————————-

Ikuti petunjuk di scrip itu dan compile scrip tersebut dengan menekan CTRL+F7, setelah selesai siapkan TFTP-Server dan arahkan directory penyimpanannya. setelah semua selesai jalankan .exe yang tadi di compile.

Selamat Mencoba, semoga catatan kecil ini bisa bermanfaat buat kawan-kawan semua.

Silakan Download Contoh Script dan contoh telnet ke route-server

note: – untuk mendownload klik kanan lalu save-as

Update per Tgl 19 Oktober 2011

bagi temen-temen yang butuh address-list guna pembagian Bandwidth IIX, OIXP dan MCSIX, silakan download

Address-list MCSIX , OIXP dan APJII

and langsung aja upload ke dua file tersebut ( mcsix.rsc dan nice.rsc ) ke mikrotik => new terminal =>

/import mcsix.rsc

/import nice.rsc

Oh iya.. di dalam address-list tersebut untuk penamaan MCSIX adalah mcsix dan untuk OIXP+APJII adalah nice.

kalo mau generate sendiri silakan pake script ini :

:local bhomert [/ip route pr count-only];
:local bho 0;
:local mer 0;
:local mert;
:for bho from=0 to=$bhomert step=1 do={
:set mert [/ip route get $bho dst-address]
:if ($mer = 0) do={
/ip firewall address-list add list=nice address=$mert;}
}

nah kalo mau ngejalanin tinggal lewat telnet.. jangan lewat winbox suka ga dapet full, oh iya.. sebelum-nya naikin dulu bgp / ospf buat dapetin prefix dari router mcsix dan router iix ( oixp+apjii )

[evan@mix-prefix] /routing bgp peer> print  detail status
Flags: X – disabled, E – established
0 E name=”ke-MIX” === CUT ====
uptime=11h5m14s prefix-count=19813 updates-sent=9699

1 E name=”ke-IIX” === CUT ====
uptime=14h19m43s prefix-count=8584 updates-sent=41719
[evan@mix-prefix] /routing bgp peer>

Untuk Contohnya bisa di liat seperti ini :

Mangle :

[evan@sample-router] /ip firewall mangle> pr detail
Flags: X – disabled, I – invalid, D – dynamic
0   ;;; Mark-Internasional
chain=prerouting action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!nice in-interface=ether10

1   chain=prerouting action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!mcsix in-interface=ether10

2   chain=forward action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!nice in-interface=ether10

3   chain=forward action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!mcsix in-interface=ether10

4   chain=prerouting action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!nice in-interface=ether5

5   chain=prerouting action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!mcsix in-interface=ether5

6   chain=forward action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!nice in-interface=ether5

7   chain=forward action=mark-connection new-connection-mark=Conn-INTL passthrough=yes dst-address-list=!mcsix in-interface=ether5

8   ;;; Mark-IIX
chain=prerouting action=mark-connection new-connection-mark=Conn-IIX passthrough=yes dst-address-list=nice in-interface=ether10

9   chain=forward action=mark-connection new-connection-mark=Conn-IIX passthrough=yes dst-address-list=nice in-interface=ether10

10   chain=prerouting action=mark-connection new-connection-mark=Conn-IIX passthrough=yes dst-address-list=nice in-interface=ether5

11   chain=forward action=mark-connection new-connection-mark=Conn-IIX passthrough=yes dst-address-list=nice in-interface=ether5

12   ;;; Mark-MCSIX
chain=prerouting action=mark-connection new-connection-mark=Conn-MCSIX passthrough=yes dst-address-list=mcsix in-interface=ether10

13   chain=forward action=mark-connection new-connection-mark=Conn-MCSIX passthrough=yes dst-address-list=mcsix in-interface=ether10

14   chain=prerouting action=mark-connection new-connection-mark=Conn-MCSIX passthrough=yes dst-address-list=mcsix in-interface=ether5

15   chain=forward action=mark-connection new-connection-mark=Conn-MCSIX passthrough=yes dst-address-list=mcsix in-interface=ether5

16   ;;; Paket-INTL
chain=prerouting action=mark-packet new-packet-mark=INTL passthrough=yes connection-mark=Conn-INTL

17   chain=output action=mark-packet new-packet-mark=INTL passthrough=yes connection-mark=Conn-INTL

18   ;;; Paket-MCSIX
chain=prerouting action=mark-packet new-packet-mark=MCSIX passthrough=yes connection-mark=Conn-MCSIX

19   chain=output action=mark-packet new-packet-mark=MCSIX passthrough=yes connection-mark=Conn-MCSIX

20   ;;; Paket-IIX
chain=prerouting action=mark-packet new-packet-mark=IIX passthrough=yes connection-mark=Conn-IIX

21   chain=output action=mark-packet new-packet-mark=IIX passthrough=yes connection-mark=Conn-IIX

[evan@sample-router] /ip firewall mangle>

Simple Queue :

1    ;;;         Radar TV MCSIX
name=”client-66-MCSIX” target-addresses=xxx.xxx.xxx/32 interface=all
packet-marks=MCSIX direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=22M/22M
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small

2    ;;;         Radar TV IIX
name=”client-66-IIX” target-addresses=xxx.xxx.xxx/32 interface=all
packet-marks=IIX direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=40M/40M
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small

2    ;;;         Radar TV INTL
name=”client-66-INTL” target-addresses=xxx.xxx.xxx/32 interface=all
packet-marks=INTL direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=3M/3M
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small

Semoga bisa membantu..

=======
CVSUP :
=======

# cd /usr/ports/net/cvsup-without-gui
# make all install clean
# mkdir -p /usr/local/etc/cvsup/sup
# vi /usr/local/etc/cvsup/sup/supfile :

*default host=cvsup.FreeBSD.org
*default base=/usr/local/etc/cvsup
*default prefix=/usr
*default release=cvs tag=RELENG_7_1
*default delete use-rel-suffix
*default compress
src-all
ports-all tag=.
doc-all tag=.

# vi /usr/local/etc/cvsup/sup/refuse :

doc/de
doc/de_*
doc/es
doc/es_*
doc/fr
doc/fr_*
doc/it
doc/it_*
doc/ja
doc/ja_*
doc/nl
doc/nl_*
doc/ru
doc/ru_*
doc/sr
doc/sr_*
doc/zh
doc/zh_*
ports/chinese
ports/french
ports/german
ports/hebrew
ports/japanese
ports/korean
ports/russian
ports/ukrainian
ports/vietnamese

# cd /usr/ports/ports-mgmt/portupgrade
# make all install clean
# vi /usr/local/bin/cvsrun :

—isi file cvsrun—

#! /bin/sh
# cvsrun – Weekly CVSup Run

echo “Subject: `hostname` weekly cvsup run”
/usr/local/bin/cvsup -g -L 2 /usr/local/etc/cvsup/sup/supfile
echo “”
if [ $# -eq 1 ] ; then
if [ $1 = "-i" ] ; then
/usr/local/sbin/portsdb -Uu 2>&1
echo
fi
fi
echo “”
echo “Monggo di lanjut kang…”

—isi file cvsrun—

# chmod 0700 /usr/local/bin/cvsrun
# /usr/local/bin/cvsrun -i

————
isi kernel :
————
tambahin/edit ini nih di kernel, trus compile…

options SCHED_ULE
device vlan
options DEVICE_POLLING
options HZ=2000
options P1003_1B_SEMAPHORES
options SEMMNI=100
options SEMMNS=4096
options SEMMNU=512
options SEMMSL=4096
options SEMOPM=512
options MSGMNB=32768
options MSGMNI=82
options MSGSEG=4098
options MSGSSZ=128
options MSGTQL=2048
options SHMSEG=128
options SHMMNI=4096
options SHMMAX=2147483648
options SHMALL=2097152
options SHMMAXPGS=65536
options IPSTEALTH
options FDESCFS
options MAXDSIZ=”(1024UL*1024*1024)”
options MAXSSIZ=”(128UL*1024*1024)”
options DFLDSIZ=”(1024UL*1024*1024)”
options BLKDEV_IOSIZE=8192
options INCLUDE_CONFIG_FILE

options TCP_SIGNATURE
options IPSEC
maxusers 384
device crypto
device cryptodev
options SMP
device cpufreq

——————————————-

compile pake yg ini, jgn yg standar…

cd /usr/src
make buildkernel KERNCONF=
make installkernel KERNCONF=
reboot

——————————————-

——————
isi sysctl.conf :
——————

net.link.ether.inet.log_arp_wrong_iface=0
net.link.ether.inet.log_arp_movements=0
net.inet.ip.fastforwarding=1
#
kern.coredump=0 # no coredumps
vm.swap_enabled=0 # no swap space
net.inet.ip.redirect=0 # don’t send redirects
net.inet.icmp.drop_redirect=1 # don’t accept redirects
net.inet.tcp.delayed_ack=0 # no delayed ACKs
###
# TAMBAHAN 29Juni2007
###
kern.ipc.maxsockbuf=16777216
kern.ipc.somaxconn=8192
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.sendspace=262144
net.inet.tcp.recvspace=262144
net.inet.tcp.inflight.enable=0
#
# TAMBAHAN 06Jan2008
#
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.ip.random_id=1
net.inet.udp.maxdgram=57344
kern.polling.burst_max=1000
kern.polling.each_burst=120
kern.polling.idle_poll=0 # nilai 1 respon lbh baek tp makan cpu-system
kern.polling.user_frac=5
kern.polling.reg_frac=50
net.inet.tcp.tso=0
#
# 28 Mei 2008, R
#
net.inet.tcp.syncookies=0

————————————-

tambahan buat rc.conf :
———————–

inetd_enable=”NO”
background_fsck=”YES”
syslogd_enable=”YES”
syslogd_program=”/usr/sbin/syslogd”
syslogd_flags=”-ss”
tcp_drop_synfin=”YES”
icmp_drop_redirect=”YES”
icmp_log_redirect=”NO”
clear_tmp_enable=”YES”
tcp_extensions=”YES”
tcp_keepalive=”YES”
icmp_bmcastecho=”NO”
icmp_bandlim=”YES”

Lanjut lagi… mumpung lom tepar ke pulau kapuk…., sekarang kita coba install Chillispot, yang nantinya akan berguna untuk server HotSpot

push# cd /usr/ports/ && make search name=ChilliSpot

Port: chillispot-1.0_5
Path: /usr/ports/net-mgmt/chillispot
Info: Wireless LAN Access Point Controller
Maint: venture37@geeklan.co.uk
B-deps:
R-deps:
WWW: http://www.chillispot.info

push# cd /usr/ports/net-mgmt/chillispot
push# make all install clean
Pilih semua Option-Nya ya… :
[X] RAW Latest Release Of Apache & mySQL
[X] MATURE Stable Releases of Apache with mod_ssl & MySQL
[X] FREE freeRADIUS
[X] OPENR openradius

Setelah terinstall lakukan langkah² berikut:
Copy atau rename /usr/local/openssl/openssl.cnf.sample ke /usr/local/openssl/openssl.cnf
push# cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf

Ok… lanjut lagi ngoprek-nya.. sekarang kita coba install PhpMyAdmin lewat port…

push# cd /usr/ports/ && make search name=phpmyadmin
Port: phpMyAdmin-3.3.8.1
Path: /usr/ports/databases/phpmyadmin
Info: A set of PHP-scripts to manage MySQL over the web
Maint: m.seaman@infracaninophile.co.uk
B-deps: mysql-client-5.1.53
R-deps: freetype2-2.4.3 jpeg-8_3 kbproto-1.0.4 libICE-1.0.6,1 libSM-1.1.1_3,1 libX11-1.3.3_1,1 libXau-1.0.5 libXaw-1.0.7,1 libXdmcp-1.0.3 libXext-1.1.1,1 libXmu-1.0.5,1 libXp-1.0.0,1 libXpm-3.5.7 libXt-1.0.7 libiconv-1.13.1_1 libltdl-2.2.10 libmcrypt-2.5.8 libpthread-stubs-0.3_3 libxcb-1.7 libxml2-2.7.8_1 mysql-client-5.1.53 oniguruma-4.7.1 pcre-8.10 pdflib-7.0.4 pecl-pdflib-2.1.8 php5-5.3.3_2 php5-bz2-5.3.3_2 php5-ctype-5.3.3_2 php5-filter-5.3.3_2 php5-gd-5.3.3_2 php5-mbstring-5.3.3_2 php5-mcrypt-5.3.3_2 php5-mysql-5.3.3_2 php5-openssl-5.3.3_2 php5-session-5.3.3_2 php5-zip-5.3.3_2 php5-zlib-5.3.3_2 pkg-config-0.25_1 png-1.4.3 printproto-1.0.4 t1lib-5.1.2_1,1 xextproto-7.1.1 xproto-7.0.16
WWW: http://www.phpmyadmin.net/

push# cd /usr/ports/databases/phpmyadmin
push# make all install clean

phpMyAdmin-suphp-3.3.8.1 has been installed into:

/usr/local/www/phpMyAdmin

Please edit config.inc.php to suit your needs.

To make phpMyAdmin available through your web site, I suggest
that you add something like the following to httpd.conf:

Alias /phpmyadmin/ “/usr/local/www/phpMyAdmin/”

<Directory “/usr/local/www/phpMyAdmin/”>
Options none
AllowOverride Limit

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 .example.com
</Directory>

Edit httpd.conf sesuai petunjuk di atas ( sesuaikan perijinan di buka dari mana aja, kalo mau di akses dari umum set ke Allow from all ) :
push# vi /usr/local/etc/apache22/httpd.conf
Restart apache-nya :
push# apachectl restart

Then…. buka browser dan ketikkan http://xxx.xxx.xxx.xxx/phpmyadmin/

Done…!!!

Langsung lagi…. buat menuhin catetan ye….

push#cd /usr/ports/lang/php52
push# make config
pilih option :
[X] CLI Build CLI version
[X] CGI Build CGI version
[X] APACHE Build Apache module
[X] SUHOSIN Enable Suhosin protection system (not for jails)
[X] MAILHEAD Enable mail header patch
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)

setelah itu langsung lakukan perintah ini :
push# make all install clean
Setelah kelar edit file httpd.conf dan masukkan 2 baris di bawah :
push# vi /usr/local/etc/apache22/httpd.conf
#### TAMBAHAN UNTUK PHP ####
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
#### END ####
dan tambahkan pula index.php pada httpd.conf

DirectoryIndex index.html index.php

lalu save, kelar dah untuk masalah di apache-nya, sekarang lanjut lagi…
Sekarang edit file php.ini di sini kita bisa mengatur setingan php-nya nah by default lakukan dengan cara ganti nama file-nya aja dan ini udah ada dari file bawaan pas instalasinya :

push# mv php.ini-dist php.ini
setelah itu kita restart apache-nya :
push# /usr/local/sbin/apachectl restart

Setelah itu semua sekarang kita coba test php-nya dengan cara :
push# echo ‘<?php phpinfo();?>’ >> /usr/local/www/apache22/data/test.php

setelah itu coba kita test langusng lewat browser :

http://ip-server-nya/test.php

kalo berhasil akan tampil seperti ini :
System FreeBSD push.idconnect.co.id 7.3-RELEASE-p4 FreeBSD 7.3-RELEASE-p4 #0: Thu Dec 2 00:47:25 UTC 2010 root@push.idconnect.co.id:/usr/obj/usr/src/sys/BhoMerT i386
Build Date Dec 4 2010 03:52:00
Configure Command ‘./configure’ ‘–with-layout=GNU’ ‘–with-config-file-scan-dir=/usr/local/etc/php’ ‘–disable-all’ ‘–enable-libxml’ ‘–with-libxml-dir=/usr/local’ ‘–enable-reflection’ ‘–program-prefix=’ ‘–enable-fastcgi’ ‘–with-apxs2=/usr/local/sbin/apxs’ ‘–with-regex=php’ ‘–with-zend-vm=CALL’ ‘–disable-ipv6′ ‘–prefix=/usr/local’ ‘–mandir=/usr/local/man’ ‘–infodir=/usr/local/info/’ ‘–build=i386-portbld-freebsd7.3′

Done…!!! kelar masalah apache, php dan mysql…

Langsung aja… kita install lewat port aja ya…

push# cd /usr/ports/ && make search name=mysql-server

Port:   mysql-server-5.1.53
Path:   /usr/ports/databases/mysql51-server
Info:   Multithreaded SQL database (server)
Maint:  ale@FreeBSD.org
B-deps: mysql-client-5.1.53
R-deps: mysql-client-5.1.53
WWW:    http://www.mysql.com/

push# cd /usr/ports/databases/mysql51-server
push# make all install clean

setelah terinstall create database :

push# /usr/local/bin/mysql_install_db
Installing MySQL system tables…
OK
Filling help tables…
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/local/bin/mysqladmin -u root password ‘new-password’
/usr/local/bin/mysqladmin -u root -h push.idconnect.co.id password ‘new-password’

Alternatively you can run:
/usr/local/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr/local ; /usr/local/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/local/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/local/bin/mysqlbug script!

Nah.. setelah itu ganti kepemilikan dan group-nya ke mysql :
push# chown -R mysql /var/db/mysql/
push# chgrp -R mysql /var/db/mysql/

Jalankan daemon mysql-nya:
push# cd /usr/local ; /usr/local/bin/mysqld_safe &
[1] 4443
push# 101204 03:30:43 mysqld_safe Logging to ‘/var/db/mysql/push.idconnect.co.id.err’.
101204 03:30:43 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql

cek status-nya menggunakan perintah #ps -aux
mysql 4486 0.0 1.1 45804 22028 p0 I 3:30AM 0:00.13 /usr/local/libexec/mysqld –basedir=/usr/local –datadir=/var/db/mysql –user=mysql –log-error=/var/db/mysql/push.idconnect.co

Setelah itu set password-nya :
push# /usr/local/bin/mysqladmin -u root password inipassword
push# /usr/local/bin/mysqladmin -u root -h push.idconnect.co.id password inipassword

Agar mysql otomatis jalan pas server reboot gunakan perintah ini :
push# echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf

Done…!!!