DNS SERVER

DHCP3 - SERVER

Pertama sebelum instalasi DHCP server kita harus instalasi terlebih dahulu dhcp3-server..ada banyak cara untuk kita lakukan instalasi dhcp3-server…yang pertama kita menggunakan cara :

- aptitude à pada console kita ketikkan perintah aptitude àlalu kita pilih not installed packageàlalu tekan / untuk melakukan pencarianàlalu ketikkan dhcp3-server pada modus pencarian

- yang kedua dengan menggunakan perintah apt –get installàpada console kita ketikkan apt-get install dhcp3-server…lalu masukkan cd yang diminta untuk instalasi dhcp3-server..

setalah kita menyelesaikan instalasi dhcp3-server..masuk pada mcàetcàdhcp3/dhcpd.conf…pada directory ini kita akan melakukan beberapa konfigurasi pada file didalamnya…

#

# Sample configuration file for ISC dhcpd for Debian

#

# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $

#

# The ddns-updates-style parameter controls whether or not the server will

# attempt to do a DNS update when a lease is confirmed. We default to the

# behavior of the version 2 packages ('none', since DHCP v2 didn't

# have support for DDNS.)

ddns-update-style none;

# option definitions common to all supported networks...

#option domain-name "example.org";

#option domain-name-servers ns1.example.org, ns2.example.org;

#default-lease-time 600;

#max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

#authoritative;

# Use this to send dhcp log messages to a different log file (you also

# have to hack syslog.conf to complete the redirection).

log-facility local7;

# No service will be given on this subnet, but declaring it helps the

# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {

#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {

# range 10.254.239.10 10.254.239.20;

# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;

#}

# This declaration allows BOOTP clients to get dynamic addresses,

# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {

# range dynamic-bootp 10.254.239.40 10.254.239.60;

# option broadcast-address 10.254.239.31;

# option routers rtr-239-32-1.example.org;

#}

# A slightly different configuration for an internal subnet.

subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.2 192.168.1.10;

option domain-name-servers www.debian.com;

# option domain-name "internal.example.org";

option routers 192.168.1.1;

option broadcast-address 192.168.1.255;

default-lease-time 600;

max-lease-time 7200;

}

# Hosts which require special configuration options can be listed in

# host statements. If no address is specified, the address will be

# allocated dynamically (if possible), but the host-specific information

# will still come from the host declaration.

#host passacaglia {

# hardware ethernet 0:0:c0:5d:bd:95;

# filename "vmunix.passacaglia";

# server-name "toccata.fugue.com";

#}

# Fixed IP addresses can also be specified for hosts. These addresses

# should not also be listed as being available for dynamic assignment.

# Hosts for which fixed IP addresses have been specified can boot using

# BOOTP or DHCP. Hosts for which no fixed address is specified can only

# be booted with DHCP, unless there is an address range on the subnet

# to which a BOOTP client is connected which has the dynamic-bootp flag

# set.

#host fantasia {

# hardware ethernet 08:00:07:26:c0:a5;

# fixed-address fantasia.fugue.com;

#}

# You can declare a class of clients and then do address allocation

# based on that. The example below shows a case where all clients

# in a certain class get addresses on the 10.17.224/24 subnet, and all

# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {

# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";

#}

#shared-network 224-29 {

# subnet 10.17.224.0 netmask 255.255.255.0 {

# option routers rtr-224.example.org;

# }

# subnet 10.0.29.0 netmask 255.255.255.0 {

# option routers rtr-29.example.org;

# }

# pool {

# allow members of "foo";

# range 10.17.224.10 10.17.224.250;

# }

# pool {

# deny members of "foo";

# range 10.0.29.10 10.0.29.230;

# }

#}

setelah kita selesai mengedit file tersebut kta save dengan menggunakan f2

Setelah selesai edit file dhcpd.conf kita restart dhcp dengan menggunakan perintah yang kita ketikkan pada console perintah../etc/init.d/dhcp3-server restart...untuk melakukan pengecekan pada client windows pwertama kita harus mengubah Pengalamatan IP secara Automaticcally...setelah itu kita lakukan ping pada alamat server kita yakni 192.168.1.1,serta kita lakukan ping pada DNS kita yakni www.debian.com... Jika terdapat jawaban dan tidak muncul pesan failed maka dhcp server kta telah berhasil dibuat...

FTP

Pertama sebelum instalasi FTP server kita harus instalasi terlebih dahulu VSFTPD..ada banyak cara untuk kita lakukan instalasi VSFTPDyang pertama kita menggunakan cara :

- aptitude à pada console kita ketikkan perintah aptitude àlalu kita pilih not installed packageàlalu tekan / untuk melakukan pencarianàlalu ketikkan VSFTPD pada modus pencarian

- yang kedua dengan menggunakan perintah apt –get installàpada console kita ketikkan apt-get install VSFTPD…lalu masukkan cd yang diminta untuk instalasi VSFTPD

setalah kita menyelesaikan instalasi VSFTPD..masuk pada mcàetcà??…pada directory ini kita akan melakukan beberapa perubahan knfigurasi pada file didalamnya dengan menghilangkan tanda “#”pada beberapa perintah yang adda dalam file VSFTPD.conf…

maka hasilnya akan sebagai berikut

# Example config file /etc/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

#

#

# Run standalone? vsftpd can run either from an inetd or as a standalone

# daemon started from an initscript.

listen=YES

#

# Run standalone with IPv6?

# Like the listen parameter, except vsftpd will listen on an IPv6 socket

# instead of an IPv4 one. This parameter and the listen parameter are mutually

# exclusive.

#listen_ipv6=YES

#

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

#local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

#

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# You may override where the log file goes if you like. The default is shown

# below.

#xferlog_file=/var/log/vsftpd.log

#

# If you want, you can have your log file in standard ftpd xferlog format

#xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES

#ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd.banned_emails

#

# You may restrict local users to their home directories. See the FAQ for

# the possible risks in this before using chroot_local_user or

# chroot_list_enable below.

#chroot_local_user=YES

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd.chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

#

#

# Debian customization

#

# Some of vsftpd's settings don't fit the Debian filesystem layout by

# default. These settings are more Debian-friendly.

#

# This option should be the name of a directory which is empty. Also, the

# directory should not be writable by the ftp user. This directory is used

# as a secure chroot() jail at times vsftpd does not require filesystem

# access.

secure_chroot_dir=/var/run/vsftpd

#

# This string is the name of the PAM service vsftpd will use.

pam_service_name=vsftpd

#

# This option specifies the location of the RSA certificate to use for SSL

# encrypted connections.

rsa_cert_file=/etc/ssl/certs/vsftpd.pem

NB ; tanda bercetak tebal merupakan tanda yang telah dihilangka tandan pagarnya

SQUIT

SQUID

Pertama sebelum instalasi squid server kita harus instalasi terlebih dahulu SQUID..ada banyak cara untuk kita lakukan instalasi SQUID…yang pertama kita menggunakan cara :

- aptitude à pada console kita ketikkan perintah aptitude àlalu kita pilih not installed packageàlalu tekan / untuk melakukan pencarianàlalu ketikkan SQUID pada modus pencarian

- yang kedua dengan menggunakan perintah apt –get installàpada console kita ketikkan apt-get install SQUID…lalu masukkan cd yang diminta untuk instalasi SQUID

setalah kita menyelesaikan instalasi SQUID..masuk pada mcàetcàSQUID…pada directory ini kita akan melakukan beberapa konfigurasi pada file didalamnya dengan menambahkan beberapa perintah…

acl all src 0.0.0.0/0.0.0.0

acl lab1 src 192.168.1.0/255.255.255.0

acl tidak dstdomain www.friendster.com

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

serta

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src 192.168.1.0/24 192.168.2.0/24

#http_access allow our_networks

http_access allow localhost

http_access deny tidak

http_access allow lab1

# And finally deny all other access to this proxy

http_access deny all

# TAG: http_access2

# Allowing or Denying access based on defined access lists

#

# Identical to http_access, but runs after redirectors. If not set

# then only http_access is used.

#

#Default:

# none

# TAG: http_reply_access

# Allow replies to client requests. This is complementary to http_access.

#

# http_reply_access allow|deny [!] aclname ...

#

# NOTE: if there are no access lines present, the default is to allow

# all replies

#

# If none of the access lines cause a match the opposite of the

# last line will apply. Thus it is good practice to end the rules

# with an "allow all" or "deny all" entry.

#

#Default:

# http_reply_access allow all

#

#Recommended minimum configuration:

#

# Insert your own rules here.

#

#

# and finally allow by default

http_reply_access allow all

Setelah selesai edit file squid kita restart dhcp dengan menggunakan perintah yang kita ketikkan pada console perintah../etc/init.d/squid restart

Untuk melakukan pengecekan pada client windows kita,pertama kita masuk pada IE(internet explore)àtoolsàinternet optionsàconnectionsàLAN settingàkita pilih use automatic configuratinon scriptàlalu kita isikan pad address alamt server kita, yakni www.debian.com.....setelah selesai pilih / centang proxy serveràpada address kita isikan alamt server kita yakni www.debian.com àpada port kita isikan???