Archive for the ‘Linux’ Category
[basic-BGP] junOS – Quagga – Cisco
Kali ini kita lagi coba2 build bgp dgn 3 router dalam 1 network yaitu 172.16.0.192/28 (tanpa filtering) 
just fur newbies.
JunOS : 172.16.0.202/28 ASN 2020
Quagga : 172.16.0.200/28 ASN 1010
AdvNetwork : 192.192.0.0/16
Cisco : 172.16.0.204/28 ASN 3030
AdvNetwork : 192.100.0.0/16
Kita Asumsikan bahwa quagga & Cisco sudah ready dgn config BGP nya, jadi kita tinggal coba step-step config di junOS tanpa filtering ;
config untuk peer asn 3030 (cisco)
ebenz@junOS> show bgp summary
BGP is not running
ebenz@junOS> edit
Entering configuration mode
[edit]
ebenz@junOS# edit protocols bgp
ebenz@junOS# set group ASN-3030 type external (peer as cisco)
[edit protocols bgp]
ebenz@junOS# set group ASN-3030 peer-as 3030
[edit protocols bgp]
ebenz@junOS# set group ASN-3030 neighbor 172.16.0.200
[edit protocols bgp]
ebenz@junOS# show
group ASN-3030 {
type external;
peer-as 3030;
neighbor 172.16.0.200;
}
config untuk peer asn 1010 (quagga)
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 type external
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 peer-as 1010
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 neighbor 172.16.0.204
[edit protocols bgp]
ebenz@junOS# commit
commit complete
tinggal kita lihat status BGP ;
=====================
ebenz@junOS# run show bgp summary
Groups: 2 Peers: 2 Down peers: 2
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped…
172.16.0.200 3030 0 1 0 0 40 Active
172.16.0.204 1010 0 2 0 0 40 Active
hemm Active .., ups ternyata IP kebalik untuk peer 3030 harusnya IP 172.16.0.204 
. Nope kita rename
=============================================================================
ebenz@junOS# edit group ASN-3030
[edit protocols bgp group ASN-3030]
ebenz@junOS# rename neighbor 172.16.0.200 to neighbor 172.16.0.204
[edit protocols bgp group ASN-3030]
ebenz@junOS# up
[edit protocols bgp]
ebenz@junOS# edit group ASN-1010
[edit protocols bgp group ASN-1010]
ebenz@junOS# rename neighbor 172.16.0.204 to neighbor 172.16.0.200
[edit protocols bgp group ASN-1010]
ebenz@junOS# commit
commit complete
[edit protocols bgp group ASN-1010]
[edit protocols bgp]
ebenz@junOS# show
group ASN-3030 {
type external;
peer-as 3030;
neighbor 172.16.0.204;
}
group ASN-1010 {
type external;
peer-as 1010;
neighbor 172.16.0.200;
}
[edit protocols bgp]
ebenz@junOS#
kita lihat status BGP nya kembali
==========================
ebenz@junOS# run show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 9 8 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped…
172.16.0.200 1010 4 3 0 0 12 8/9/0 0/0/0
172.16.0.204 3030 1 5 0 0 0 0/0/0 0/0/0
sebelum filtering kita coba lihat route yg di dapat dari cisco dan quagga;
======================================================
ebenz@junOS> show route advertising-protocol bgp 172.16.0.200
inet.0: 14 destinations, 19 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.16.0.0/16 172.16.0.204 3030 I
* 192.192.191.0/24 172.16.0.204 3030 I
* 192.192.192.0/24 172.16.0.204 3030 I
* 192.192.193.0/24 172.16.0.204 3030 I
* 192.192.194.0/24 172.16.0.204 3030 I
* 192.192.195.0/24 172.16.0.204 3030 I
ebenz@junOS> show route advertising-protocol bgp 172.16.0.204
inet.0: 14 destinations, 19 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 192.100.1.0/24 172.16.0.200 1010 ?
* 192.100.2.0/24 172.16.0.200 1010 ?
* 192.100.3.0/24 172.16.0.200 1010 ?
* 192.100.4.0/24 172.16.0.200 1010 ?
* 192.100.5.0/24 172.16.0.200 1010 ?
[junOS] Filter prefix length ospf
Biasanya tidak semua prefix mau di terima kita, misalnya ada ip2 private yg tidak mau kita terima routenya.
Pada case ini misal kita mau filter prefix 20.21.22.0/24 , kita lihat dulu route sebelumnya.
ebenz@enterprise# run show route | match 20.21.22.
20.21.22.0/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.4/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.8/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.12/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.16/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.20/30 *[OSPF/150] 00:00:53, metric 21, tag 0
[edit]
ebenz@enterprise#
simple config untuk mem-filter ip di ospf ;
ebenz@enterprise# edit policy-options policy-statement ospf-filter
[edit policy-options policy-statement ospf-filter]
ebenz@enterprise# set term filter-private from neighbor 172.16.0.204
ebenz@enterprise# set term filter-private from route-filter 20.21.22.0/24 orlonger
ebenz@enterprise# set term filter-private then reject
ebenz@enterprise# set term else then accept
ebenz@enterprise# show
term filter-private {
from {
neighbor 172.16.0.204;
route-filter 20.21.22.0/24 orlonger;
}
then reject;
}
term else {
then accept;
}
[edit policy-options policy-statement ospf-filter]
kemudian import statment pada protocol ospf
ebenz@enterprise# edit protocols ospf
[edit protocols ospf]
ebenz@enterprise# set import ospf-filter
[edit protocols ospf]
ebenz@enterprise# show
import ospf-filter;
area 0.0.0.1 {
interface fe-0/0/0.0 {
hello-interval 10;
neighbor 172.16.0.204;
neighbor 172.16.0.200;
}
}
[edit protocols ospf]
ebenz@enterprise# commit
commit complete
[edit protocols ospf]
ebenz@enterprise# run clear ospf neighbor
[edit protocols ospf]
ebenz@enterprise# run show route | match 20.21.22.
[edit protocols ospf]
sudah hilang coba kita show route
ebenz@enterprise# top
[edit]
ebenz@enterprise# exit
Exiting configuration mode
ebenz@enterprise> show route
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:56, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
30.31.32.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
[OSPF basic] junOS – quagga – mikrotik
Melanjutkan OSPF quagga <> mikrotik mumpung lagi ada perangkat (thx bang maman), kita tambahkan lagi neigbhor baru dengan perangkat juniper j2300 series dalam satu network.
quagga
/ \
/ \
junOS Mikrotik
- config IP dan protocols ospf di junOS
login: ebenz
Password:
— JUNOS 8.3R1.5 built 2007-04-13 22:22:33 UTC
ebenz@enterprise>
ebenz@enterprise# set interfaces fe-0/0/0 unit 0 family inet address 172.16.0.201/28
ebenz@enterprise# edit interfaces
[edit interfaces]
ebenz@enterprise# show
fe-0/0/0 {
description WAN;
unit 0 {
family inet {
address 172.16.0.201/28;
}
}
}
[edit interfaces]
ebenz@enterprise# set protocols ospf area 0.0.0.1 interface fe-0/0/0.0 hello-interval 10
note, untuk neigbhor bisa juga tidak diset
ebenz@enterprise# edit protocols
[edit protocols]
ebenz@enterprise# show
ospf {
area 0.0.0.1 {
interface fe-0/0/0.0 {
hello-interval 10;
neighbor 172.16.0.204;
neighbor 172.16.0.200;
}
}
}
[edit protocols]
ebenz@enterprise# commit
commit complete
[edit protocols]
ebenz@enterprise#
- check status ospf
ebenz@enterprise# up
[edit]
ebenz@enterprise# exit
Exiting configuration mode
ebenz@enterprise> show ospf neighbor
Address Interface State ID Pri Dead
172.16.0.204 fe-0/0/0.0 Full 172.16.0.204 1 39
172.16.0.200 fe-0/0/0.0 Full 172.16.0.200 0 38
check route check route
ebenz@enterprise> show route
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:24:48, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
20.21.22.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
20.21.22.20/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.0/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.4/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.8/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.12/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.16/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.20/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.24/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.28/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.32/30 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
169.254.0.0/16 *[OSPF/150] 00:24:48, metric 20, tag 0
> to 172.16.0.200 via fe-0/0/0.0
172.16.0.192/28 *[Direct/0] 23:41:13
> via fe-0/0/0.0
172.16.0.201/32 *[Local/0] 23:41:13
Local via fe-0/0/0.0
192.168.99.0/24 *[OSPF/150] 00:24:48, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
202.53.253.0/27 *[OSPF/150] 00:24:48, metric 20, tag 0
> to 172.16.0.200 via fe-0/0/0.0
224.0.0.5/32 *[OSPF/10] 01:41:03, metric 1
MultiRecv
ebenz@enterprise# run show route 0.0.0.0
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:30:37, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
[edit protocols ospf area 0.0.0.1]
check route di quagga
Router# sh ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – ISIS, B – BGP, > – selected route, * – FIB route
O>* 20.21.22.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 20.21.22.20/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 30.31.32.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.0/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.4/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.8/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.12/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.16/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.20/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.24/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.28/30 [110/30] via 172.16.0.204, eth0, 01:06:21
O>* 40.41.42.32/30 [110/30] via 172.16.0.204, eth0, 01:06:21
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
O 172.16.0.192/28 [110/10] is directly connected, eth0, 03:51:53
C>* 172.16.0.192/28 is directly connected, eth0
O>* 192.168.99.0/24 [110/30] via 172.16.0.204, eth0, 01:06:21
Basic configurasi OSPF Quagga vs Mikrotik
Basic configure untuk ospf di quagga (asumsi zebra, ospfd sudah terinstall)
quangga1 (172.16.0.200/28) —— (172.16.0.204/28)Mikrotik
- config IP address di zebra
[ebenz@ebenz ~]$ telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Hello, this is Quagga (version 0.98.3).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
Router> en
Password:
Router#
Router# conf t
Router(config)# int eth0
Router(config-if)# ip ad
Router(config-if)# ip address 172.16.0.200/28
Router#
- config router ospf (ospfd)
ospfd# conf t
ospfd(config)# router ospf
ospfd(config-router)# ospf router-id 172.16.0.200
ospfd(config-router)# redistribute kernel
ospfd(config-router)# redistribute connected
ospfd(config-router)# redistribute static
ospfd(config-router)# network 172.16.0.192/28 area 0.0.0.1
ospfd(config-router)# default-information originate always
ospfd(config-router)# end
- Setting IP address Mikrotik
[admin@MikroTik] > ip address add address=172.16.0.204/28 interface=Backbone
- config routing ospf Mikrotik
[admin@MikroTik] > routing ospf set router-id=172.16.0.204
[admin@MikroTik] > routing ospf set distribute-default=never (note, neigbhor sudah aktif)
[admin@MikroTik] > routing ospf set redistribute-connected=as-type-2
[admin@MikroTik] > routing ospf set redistribute-static=as-type-2
- config area & network
[admin@MikroTik] > routing ospf area add area-id=0.0.0.1 name=area1
[admin@MikroTik] > routing ospf network add network=172.16.0.192/28 area=area1
secara basic dan default setting ospf di quangga dan mikrotik sudah selesai, tingal kita lihat statusnya
di Mikrotik dan quangga
Mikrotik ;
[admin@MikroTik] > routing ospf neighbor print
router-id=172.16.0.200 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
ups, sepertinya belum full. Check debug ospf pada log ;
[admin@MikroTik] routing> /log print
13:08:01 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:01 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:04 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:04 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:05 ospf,debug Hello sent to 224.0.0.5 via[eth1:172.16.0.204]
13:08:07 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:07 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:10 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:10 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
13:08:13 ospf,debug Hello received from 172.16.0.200 via [eth1:172.16.0.204]
13:08:13 ospf,debug Hello from 172.16.0.200: invalid HelloInterval 3, expected 10
dari hasil log ada ketidak cocokan hellointerval antara quangga dan Mikrotik.
Check default hellointerval di quangga dan sesuaikan sesuai informasi log yaitu 10
ospfd# conf t
ospfd(config)# int eth0
ospfd(config-if)# ip ospf hello-interval 10
ospfd(config-if)# end
before quangga;
ospfd# sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
before mikrotik;
router-id=172.16.0.204 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
After quangga;
ospfd# sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
172.16.0.204 1 Full/DR 00:00:39 172.16.0.204 eth0:172.16.0.200 0 0 0
After Mikrotik;
[admin@MikroTik] > routing ospf neighbor print
router-id=172.16.0.200 address=172.16.0.200 priority=0 state=”Full” state-changes=5 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
router-id=172.16.0.204 address=172.16.0.204 priority=1 state=”2-Way” state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=172.16.0.204 backup-dr-id=0.0.0.0
check route di quangga
Router# sh ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – ISIS, B – BGP, > – selected route, * – FIB route
O>* 20.21.22.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 20.21.22.20/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 30.31.32.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.0/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.4/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.8/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.12/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.16/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.20/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.24/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.28/30 [110/20] via 172.16.0.204, eth0, 00:05:12
O>* 40.41.42.32/30 [110/20] via 172.16.0.204, eth0, 00:05:12
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
O 172.16.0.192/28 [110/10] is directly connected, eth0, 01:57:17
C>* 172.16.0.192/28 is directly connected, eth0
O>* 192.168.99.0/24 [110/20] via 172.16.0.204, eth0, 00:05:12
Transparent Porxy Squid Version 2.6.STABLE6
Di versi squid 2.5.STABLE14 untuk enable transparent proxy biasa kita tambahkan 4 baris ;
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
reload config coba redirect/dnat port jalan dech.
Dan lama nunggu yg stable akhirnya keluar 2.6.Stable6 
, ketika di jajal copy paste squid.conf yg lama
keluar error
2009/02/13 15:24:01| parseConfigFile: squid.conf:3096 unrecognized: ‘httpd_accel_host’
2009/02/13 15:24:01| parseConfigFile: squid.conf:3097 unrecognized: ‘httpd_accel_port’
2009/02/13 15:24:01| parseConfigFile: squid.conf:3098 unrecognized: ‘httpd_accel_with_proxy’
2009/02/13 15:24:01| parseConfigFile: squid.conf:3099 unrecognized: ‘httpd_accel_uses_host_header’
browsing2 dikit ke google ternyata lain, padahal di squid.conf keterangannya dah jelas tuch
# TAG: http_port
# Usage: port [options]
# hostname:port [options]
# 1.2.3.4:port [options]
# Options:
#
# transparent Support for transparent interception of
# outgoing requests without browser settings.
Yah gitu dech kalo males baca , jadi config yg baru cukup simple ;
http_port 3128 transparent
dgn begitu sudah bisa jalan, ada option lain katanya squid ;
# Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
# The socket address where Squid will listen for HTTPS client
# requests.
http_port 192.168.10.1:3128 transparent
just fur newbies
Enable syslogd Server on Linux (fur newbie)
Services syslogd secara default hanya logging pada localhost. Untuk bisa menampung log dari luar dan dijadikan sebagai server ada ada 2 cara;
1. Jalankan syslogd dgn menambahkan option -r
“syslogd -r”
2. Rubah file menjadi ” SYSLOGD_OPTIONS=”-r” di /etc/sysconfig/syslog sesuai kebutuhan
# Options to syslogd
# -m 0 disables ‘MARK’ messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
Restart dech servicesnya
[root@noc /]# netstat -anu | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 514 dah listen berarti dah bisa terima logging dari luar , atur lagi file /etc/syslogd.conf untuk filtering nya.
Trunking switch Adtran & Mikrotik
VLAN-SWITCH#sh ver
ADTRAN, Inc. OS version 13.10.00
Checksum: 2054C82B, built on Tue Dec 04 13:40:18 2007
Upgrade key: 68a2fe5412a6c447084e1a4d4873d7ff
Boot ROM version 12.02.00
Checksum: C440, built on: Fri May 12 15:14:02 2006
Copyright (c) 1999-2006, ADTRAN, Inc.
Platform: NetVanta 1224ST, part number 1200504L1
Serial number G15C5195
Flash: 8388608 bytes DRAM: 16777215 bytes
VLAN-SWITCH uptime is 1 days, 2 hours, 13 minutes, 24 seconds
System returned to ROM by Hard Reset
Current system image file is “NV1224A-13-10-00.biz”
Primary boot system image file is “NV1224A-13-10-00.biz”
Backup boot system image file is “9200500-2A1202.biz”
Primary system configuration file is “startup-config”
VLAN-SWITCH#sh run int eth 0/24
Building configuration…
!
!
interface eth 0/24
description TRUNK-MIKROTIK
speed 100
no shutdown
switchport mode trunk
!
end
VLAN-SWITCH#sh run in eth 0/20
Building configuration…
!
!
interface eth 0/20
no shutdown
switchport access vlan 2
!
end
==============================================
Mikrotik Config
==============================================
[admin@MikroTik] > interface print
Flags: X – disabled, R – running, D – dynamic, S – slave
# NAME TYPE MTU
0 R ISP-PTP ether 1500
2 R DMZ ether 1500
3 R ADTRAN-TRUNK ether 1500
5 R vlan2 vlan 1500
[admin@MikroTik] > interface vlan print
Flags: X – disabled, R – running, S – slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan2 1500 enabled 2 ADTRAN-TRUNK
[admin@MikroTik] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.2.1.1/24 10.2.1.0 10.2.1.255 vlan2
[admin@MikroTik] > ip dhcp-server print
Flags: X – disabled, I – invalid
# NAME INT… RELAY ADDRESS-POOL LEASE-TIME ADD
0 dhcp1 vlan2 dhcp_pool2 1d
salam,
Ervin Taufik
Encrypt date access.log di squid
Access.log di squid biasanya diperlukan untuk monitoring sys-admin akan access internet dari client2. Dan sebagian squid versi lama masih belum menginformasikan date pada access.log . Sehingga kita tidak tau kapan user mengaccess site yang ada di access.log .
Jika kita malas compile ulang kita bisa menggunakan script perl untuk encrypt access.log menjadi date dengan catatan perl sudah terinstall di system kita.
Data access.log sebelum di encrypt
[root@squid logs]# tail access.log
1199960883.185 16 202.159.18.194 TCP_MISS/304 294 GET http://us.js2.yimg.com/us.js.yimg.com/lib/msg/js/clientad_071214.js – DIRECT/202.159.22.8 application/x-javascript
1199960883.276 15 202.159.18.194 TCP_CLIENT_REFRESH_MISS/304 294 GET http://l.yimg.com/us.js.yimg.com/lib/bc/bc_2.0.4.js – DIRECT/202.159.22.8 application/x-javascript
1199960883.562 286 202.159.18.194 TCP_MISS/200 423 GET http://us.bc.yahoo.com/b? – DIRECT/203.84.204.69 image/gif
1199960883.866 680 202.159.18.194 TCP_MISS/200 1631 GET http://media.adrevolver.com/adrevolver/banner? – DIRECT/216.205.149.2 text/html
1199960884.992 1126 202.159.18.194 TCP_MISS/200 5903 GET http://view.atdmt.com/VON/iview/rdmnnvos0270000142von/direct/01/1199960889897? – DIRECT/65.203.229.43 text/html
1199960886.266 89 202.159.18.194 TCP_CLIENT_REFRESH_MISS/200 286 GET http://rmd.atdmt.com/tl//DocumentDotWrite.js – DIRECT/202.159.22.8 application/x-javascript
1199960886.587 320 202.159.18.194 TCP_MISS/200 27051 GET http://spe.atdmt.com/ds/VOVONVNGEVOS/07COREfree_etab_234×60_.swf? – DIRECT/202.159.22.7 application/x-shockwave-flash
1199960900.715 56184 202.159.18.194 TCP_MISS/200 1434 CONNECT 84.100.145.36:443 – DIRECT/84.100.145.36 -
1199960903.568 1 202.159.18.194 TCP_MISS/000 0 CONNECT 220.130.140.91:443 – NONE/- -
1199960924.812 20046 202.159.18.194 TCP_MISS/200 154 CONNECT 220.142.10.9:443 – DIRECT/220.142.10.9 -
Setelah diencrypt dengan menggunakan perl -pe ’s/\d+/localtime($&)/e’
[root@squid logs]# perl -pe ’s/\d+/localtime($&)/e’ access.log | tail
Thu Jan 10 17:28:03 2008.185 16 202.159.18.194 TCP_MISS/304 294 GET http://us.js2.yimg.com/us.js.yimg.com/lib/msg/js/clientad_071214.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:03 2008.276 15 202.159.18.194 TCP_CLIENT_REFRESH_MISS/304 294 GET http://l.yimg.com/us.js.yimg.com/lib/bc/bc_2.0.4.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:03 2008.562 286 202.159.18.194 TCP_MISS/200 423 GET http://us.bc.yahoo.com/b? – DIRECT/203.84.204.69 image/gif
Thu Jan 10 17:28:03 2008.866 680 202.159.18.194 TCP_MISS/200 1631 GET http://media.adrevolver.com/adrevolver/banner? – DIRECT/216.205.149.2 text/html
Thu Jan 10 17:28:04 2008.992 1126 202.159.18.194 TCP_MISS/200 5903 GET http://view.atdmt.com/VON/iview/rdmnnvos0270000142von/direct/01/1199960889897? – DIRECT/65.203.229.43 text/html
Thu Jan 10 17:28:06 2008.266 89 202.159.18.194 TCP_CLIENT_REFRESH_MISS/200 286 GET http://rmd.atdmt.com/tl//DocumentDotWrite.js – DIRECT/202.159.22.8 application/x-javascript
Thu Jan 10 17:28:06 2008.587 320 202.159.18.194 TCP_MISS/200 27051 GET http://spe.atdmt.com/ds/VOVONVNGEVOS/07COREfree_etab_234×60_.swf? – DIRECT/202.159.22.7 application/x-shockwave-flash
Thu Jan 10 17:28:20 2008.715 56184 202.159.18.194 TCP_MISS/200 1434 CONNECT 84.100.145.36:443 – DIRECT/84.100.145.36 -
Thu Jan 10 17:28:23 2008.568 1 202.159.18.194 TCP_MISS/000 0 CONNECT 220.130.140.91:443 – NONE/- -
Thu Jan 10 17:28:44 2008.812 20046 202.159.18.194 TCP_MISS/200 154 CONNECT 220.142.10.9:443 – DIRECT/220.142.10.9 -
Semoga membantu
rgs,
Ervin Taufik
ervin andriana taufik
