Figure 1 – Typical test network

If you are watching a salesman demo a product using a couple of PCs it’s almost impossible. One solution is costly WAN simulators. If you search the internet you will find many products on the market ranging from very expensive to almost affordable. If your search harder you will find Dummynet which has the advantage of being free.

Dummynet runs under the FreeBSD operating system. It can be booted directly from a CD so you don’t need a special PC. You don’t even need a PC with two Ethernet adapters since you can configure a single Ethernet adapter to have two IP addresses. A laptop and a 4-port switch can convert any development environment or demonstration into a cross continent or ocean WAN. The rest of this article explains how to get, configure and use Dummynet.

Finding Dummynet

Dummynet’s home is at http://info.iet.unipi.it/~luigi/ip_dummynet/. There you will find a copy of PicoBSD which is a bootable copy of BSD that will fit on a 1.44meg floppy disk. The page includes instructions on copying the image under either some flavor of UNIX or Windows.

If your laptop (or desktop) only has a CD drive you will need another version on BSD. FreeSBIE at http://www.freesbie.org/ has an ISO image from which you can create a bootable CD version of FreeBSD. Once the image is downloaded you just burn it to a CD. If you don’t have a tool that will burn a bootable image you can find one at http://www.terabyteunlimited.com/utilities.html called BurnCDCC. TeraByte Unlimited provides this software as Freeware.

Booting FreeBSD

Once you have a bootable CD the next thing you need to do is plop it into your laptop and boot it. It asks four questions while it is booting. The first is the type of boot. There are several variations but in the typical case you will want the default option. It next asks for your keyboard language. There are a lot of options, press the “end” key to get to the bottom of the list and then scroll up to the six “United States of America” options. I expect you will want to select the ISO-8859-1 option. Following that is a keyboard layout question. The first three listed are the “U.S.” selections. I expect that the first one is the option you want. The final question selects the type of user environment. There is a text only using the tcsh shell and two graphical environments fluxbox and xfce. If the only reason you are booting this is to use dummynet I think you are better off just using the tsch shell.

Configuring FreeBSD

Your IP interface will come up with a DHCP provided IP address (assuming there is a DHCP server available). To check the IP address and to change it use the “ifconfig” command. The device name used in the figures “bfe0” will vary depending on your hardware configuration. You can use the command “ifconfig” will no arguments to list all your IP interfaces.

  freesbie@freesbie:~# ifconfig bfe0
  bfe0: flags=8843 mtu 1500
          options=8
          inet6 fe80::212:3fff:fe82:5710%bfe0 prefixlen 64 scopeid 0x2
          inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255
          ether 00:12:3f:82:57:10
          media: Ethernet autoselect (100baseTX )
          status: active
  freesbie@freesbie:~#

Figure 3 – using ifconfig to check the IP address

To change the IP address use the ifconfig command again and just specify a new IP address and subnet mask.

  freesbie@freesbie:~# ifconfig bfe0 172.16.1.1 netmask 255.255.255.0
  freesbie@freesbie:~# ifconfig bfe0
  bfe0: flags=8843 mtu 1500
          options=8
          inet6 fe80::212:3fff:fe82:5710%bfe0 prefixlen 64 scopeid 0x2
          inet 172.16.1.1 netmask 0xffffff00 broadcast 172.16.1.255
          ether 00:12:3f:82:57:10
          media: Ethernet autoselect (100baseTX )
          status: active
  freesbie@freesbie:~#

Figure 4 – using ifconfig to change the IP address

To add another IP address use the add option with the ifconfig command and specify another IP address and subnet mask.

  freesbie@freesbie:~# ifconfig bfe0 add 192.168.1.1 netmask 255.255.255.0
  freesbie@freesbie:~# ifconfig bfe0
  bfe0: flags=8843 mtu 1500
          options=8
          inet6 fe80::212:3fff:fe82:5710%bfe0 prefixlen 64 scopeid 0x2
          inet 172.16.1.1 netmask 0xffffff00 broadcast 172.16.1.255
          inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
          ether 00:12:3f:82:57:10
          media: Ethernet autoselect (100baseTX )
          status: active
  freesbie@freesbie:~#

Figure 5 – adding another IP address to the interface

At this point the laptop should be able to communicate with both PCs each on their own network.

  freesbie@freesbie:~# ping -c 3 172.16.1.2
  PING 172.16.1.2 (172.16.1.2): 56 data bytes
  64 bytes from 172.16.1.2: icmp_seq=0 ttl=128 time=0.500 ms
  64 bytes from 172.16.1.2: icmp_seq=1 ttl=128 time=0.336 ms
  64 bytes from 172.16.1.2: icmp_seq=2 ttl=128 time=0.337 ms

  --- 172.16.1.2 ping statistics ---
  3 packets transmitted, 3 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 0.336/0.391/0.500/0.077 ms

  freesbie@freesbie:~# ping -c 3 192.168.1.2
  PING 192.168.1.2 (192.168.1.2): 56 data bytes
  64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.474 ms
  64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.340 ms
  64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.410 ms

  --- 192.168.1.2 ping statistics ---
  3 packets transmitted, 3 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 0.340/0.408/0.474/0.055 ms
  freesbie@freesbie:~#

Figure 6 – ping demonstrates the laptop can reach both PCs

By default FreeBSD does not forward packets from one network to another. In order to make it do that you need to set the net.inet.ip.forwarding variable to 1 with the sysctl command

  freesbie@freesbie:~# sysctl net.inet.ip.forwarding
  net.inet.ip.forwarding: 0
  freesbie@freesbie:~# sysctl net.inet.ip.forwarding=1
  net.inet.ip.forwarding: 0 -> 1
  freesbie@freesbie:~# sysctl net.inet.ip.forwarding
  net.inet.ip.forwarding: 1
  freesbie@freesbie:~#

Figure 7 – turning the laptop into a router with sysctl

Once each PC is configured to use the laptop as its gateway to the other PC’s network the two PCs should be able to communicate with other. However, the network that links the PCs is still effectively a LAN and indicated by the extremely fast round trip time.

  C:\> ping 172.16.1.2

  Pinging 172.16.1.2 with 32 bytes of data:

  Reply from 172.16.1.2: bytes=32 time<1ms TTL=127
  Reply from 172.16.1.2: bytes=32 time<1ms TTL=127
  Reply from 172.16.1.2: bytes=32 time<1ms TTL=127
  Reply from 172.16.1.2: bytes=32 time<1ms TTL=127

  Ping statistics for 172.16.1.2:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum = 0ms, Average = 0ms

  C:\>

Figure 8 – ping demonstrates that the laptop is now a router

Configuring Dummynet

Before you can configure Dummynet you need to load it with the kldload command

  freesbie@freesbie:~# kldload dummynet
  freesbie@freesbie:~#

Figure 9 – loading Dummynet

Dummynet slides itself on top of the ipfw firewall which is running by default. You use the ipfw command to control both the firewall which is used to select packets and send them to Dummynet and Dummynet itself. The following commands flush all firewall rules then create rule number 3000 which applies to any IP packet. Those packets are sent to pipe 1 where dummy net applies a 250ms delay.

  freesbie@freesbie:~# ipfw flush
  Are you sure? [yn] y

  Flushed all rules.
  freesbie@freesbie:~# ipfw add 3000 pipe 1 ip from any to any
  03000 pipe 1 ip from any to any
  freesbie@freesbie:~# ipfw pipe 1 config delay 250ms
  freesbie@freesbie:~#

Figure 10 – Configuring Dummynet to increase delay between PCs

Note that now when one PC pings the other the delay is 999ms. The reason for the 4x increase is that the rule is applied 4 times as the request packet is received and sent out and the reply is received and sent out.

  C:\>ping 172.16.1.2

  Pinging 172.16.1.2 with 32 bytes of data:

  Reply from 172.16.1.2: bytes=32 time=999ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=999ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=999ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=999ms TTL=127

  Ping statistics for 172.16.1.2:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 999ms, Maximum = 999ms, Average = 999ms
  C:\>

Figure 11 – Configured delay multiples by 4

To apply the rule only once include the packet’s source and destination addresses in the rule that selects the packets. Dummynet will still see each packet twice. Once as it comes into the laptop and once as it leaves the laptop. So you also need to include a direction. I typically chose “in“. The new rule now looks like this:

  freesbie@freesbie:~# ipfw add 3000 pipe 1 ip from 172.16.1.2 to 192.168.1.2 in
  freesbie@freesbie:~#

Figure 12 – Firewall rule to select packet only 1 packet

The delay is now the configured 250 ms, or at least pretty close to that.

  C:\>ping 172.16.1.2

  Pinging 172.16.1.2 with 32 bytes of data:

  Reply from 172.16.1.2: bytes=32 time=249ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=250ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=250ms TTL=127
  Reply from 172.16.1.2: bytes=32 time=249ms TTL=127

  Ping statistics for 172.16.1.2:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 249ms, Maximum = 250ms, Average = 249ms
  C:\>

Figure 13 – What delay looks like when firewall rule is correct

The firewall rules for selecting packets can be pretty complex but for a simple WAN emulation I thing that rule is adequate. For more details you can take a look http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html.

Besides delay the other major component of a WAN is the packet loss rate, i.e. what percentage of packets are dropped. This is specified with the plr option and can be appended to the rule that specified the delay. A 0 means 0 loss and a 1 means 100% loss. In this example I’ve used .5 for 50%. Note that this is a controlled by a probably function not a straight count. As a result in my 4 ping output I’ve actually lost 75% of the packets. In a longer run I would expect the results to be closer to 50%.

  freesbie@freesbie:~# ipfw pipe 1 config delay 250ms plr .5
  freesbie@freesbie:~#                                                    

    C:\>ping 172.16.1.2

  Pinging 172.16.1.2 with 32 bytes of data:

  Request timed out.
  Request timed out.
  Reply from 172.16.1.2: bytes=32 time=250ms TTL=127
  Request timed out.

  Ping statistics for 172.16.1.2:
      Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 250ms, Maximum = 250ms, Average = 250ms
  C:\>

Figure 14 – Configuring Dummynet to increase delay between PCs and have a random packet loss of 50%

If your application sends a lot of packets at a time, i.e. image or file transfer you should also specify the bandwidth.

  freesbie@freesbie:~# ipfw pipe 1 config delay 250ms bw 1544Kbits/s
  freesbie@freesbie:~#

Figure 15 – Configuring Dummynet to increase delay between PCs and change the bandwidth to 1.544Mbps (T1)

You can use either Kbits/s or Mbits/sec as a unit but I noticed that fractional numbers caused dummynet problems. For example 1544Kbits/s worked fine as a bandwidth but 1.544Mbits/sec resulted in no packets being forwarded. I’m not sure if this is a bug or a feature.

Here are some example FTP’s

E:\>ftp 192.168.1.2
Connected to 192.168.1.2.
. . .
ftp> put pict1350.jpg
200 Port command received
150 Opening data connection
226 Transfer complete
ftp: 1112032 bytes sent in 0.16Seconds 6907.03Kbytes/sec.
ftp>

Figure 16 – FTP of a file with no delays, packet loss or bandwidth limitations

ipfw pipe 1 config bw 1544Kbits/s

E:\>ftp 192.168.1.2
Connected to 192.168.1.2.
. . .
ftp> put pict1350.jpg
200 Port command received
150 Opening data connection
226 Transfer complete
ftp: 1112032 bytes sent in 7.16Seconds 155.31Kbytes/sec.
ftp>

Figure 17 – FTP of a file with no delays, packet loss and a bandwidth of 1.544Mbps

ipfw pipe 1 config bw 56Kbits/s

E:\>ftp 192.168.1.2
Connected to 192.168.1.2.
. . .
ftp> put pict1350.jpg
200 Port command received
150 Opening data connection
226 Transfer complete
ftp: 1112032 bytes sent in 172.73Seconds 6.44Kbytes/sec.
ftp>

Figure 18 – FTP of a file with no delays, packet loss and a bandwidth of 56Kbps

ipfw pipe 1 config delay 250ms plr .01 bw 1544Kbits/s

E:\>ftp 192.168.1.2
Connected to 192.168.1.2.
. . .
ftp> put pict1350.jpg
200 Port command received
150 Opening data connection
226 Transfer complete
ftp: 1112032 bytes sent in 19.83Seconds 56.08Kbytes/sec.
ftp>

Figure 19 – FTP of a file with 250 ms delay, 1% packet loss and a bandwidth of 1.544Mbps

Further Documentation

Besides the referenced web pages take a look at the man page for ipfw (man ipfw) on the laptop. It includes not only details on the firewall rule sets that you can construct but a great deal of detail on the dummynet parameters for controlling the WAN. The Dummynet man page by contrast is not very informative.

Summary of commands

Note the actual values of the IP addresses and subnet masks and the delay, packet loss and bandwidth values will vary depending on your test environment and the WAN you are trying to simulate.

There are many other things that you can do with Dummynet, for example simulate multiple paths through the network. However just using the delay, packet loss and bandwidth options will give you a pretty good idea of how your application will work over your WAN.

Traffic shaping adalah untuk menghad sesuatu bandwidth mengikut konfigurasi anda. Contohnya, anda mempunyai
10 buah PC di kantor anda dan anda mahu semua PC itu mendapat bandwidth sebanyak 256Kbps. Anda bisa
lakukannya dengan cara ini. Selain itu, anda bisa pastikan sesuatu IP atau port mendapat ‘priority’ dengan
menggunakan WFQ (Weight Fair Queueing)

Bolehkan benda ni handle banyak connection?

Mungkin bisa, mungkin tidak juga. Saya udah mencoba cara ini dengan 40 client, dan enggak menghadapi apa-apa masalah.
Pentium II 300 dan 64MB RAM udah cukup bagus untuk menjanakannya. Pastikan anda menggunakan network
card yang berkualitas.

Langkah 1: Kernel

Pastikan kernel anda dicompile konfigurasi ini:
options IPFIREWALL
options DUMMYNET
options HZ=1000
‘IPFIREWALL’ adalah untuk filtering, ‘DUMMYNET’ adalah untuk traffic shaping dan ‘HZ=1000′ yang bermaksud operasi
kernel akan dijalankan pada 1ms.

Langkah 2: IPFW

IPFW merupakan interface kepada IPFIREWALL dan DUMMYNET. Ianya sudah ada dalam mana-mana OS FreeBSD.
Anda mesti menambah konfigurasi ini dalam /etc/rc.conf supaya IPFW diexecute secara automatik ketika bootup.
firewall_enable=”YES”
firewall_script=”/etc/ipfw.conf”
‘firewall_enable=”YES”‘ bermaksud bahawa rc.conf akan execute ipfw pada bootup dengan rules yang diset oleh
‘firewall_script=”/etc/ipfw.conf”‘. Anda boleh menukar nama fail script anda.
Saya tidak akan menerang tentang ipfirewall dan NAT dalam artikel ini, anda perlu rujuk kepada artikel lain berkenaan
perkara tersebut.

Langkah 3: Konfigurasi IPFW

Menghad Bandwidth (Bandwidth Limit)

Anda boleh menghad bandwidth dengan contoh-contoh dibawah:

contoh 1:

$ipfw pipe 1 config bw 128Kbit/s
$ipfw pipe 2 config bw 128Kbit/s
$ipfw add pipe 1 all from any to 192.168.1.1 in
$ipfw add pipe 2 all from 192.168.1.1 to any out
Konfigurasi ini akan menghad bandwidth download dan upload dari IP 192.168.1.1 kepada 128Kbps

contoh 2:

$ipfw pipe 1 config mask dst-ip 0×000000ff bw 128Kbit/s
$ipfw pipe 2 config mask src-ip 0×000000ff bw 128Kbit/s
$ipfw add pipe 1 all from any to 192.168.1.0/24 in
$ipfw add pipe 2 all from 192.168.1.0/24 to any out
Konfigurasi ini akan menghad bandwidth download dan upload dari network 192.168.1.0/24 kepada 128Kbps

WFQ (Weight Fair Queueing)

Anda boleh mengkofigurasikan mana-mana IP atau port yang akan mendapat ‘priority’ mengikut contoh-contoh dibawah:

contoh 1:

$ipfw pipe 1 config bw 128Kbit/s
$ipfw pipe 2 config bw 128Kbit/s
$ipfw queue 100 config pipe 2 weight 90
$ipfw queue 101 config pipe 2 weight 60
$ipfw add pipe 1 all from any to 192.168.1.1 in
$ipfw add queue 100 tcp from 192.168.1.1 to any 22 out
$ipfw add queue 100 tcp from 192.168.1.1 to any 80 out
$ipfw add queue 100 udp from 192.168.1.1 to any 53 out
$ipfw add queue 101 all from 192.168.1.1 to any out
Konfigurasi ini akan menghad bandwidth download dan upload dari IP 192.168.1.1 kepada 128Kbps dan memberi
‘priority’ kepada port SSH(22), HTTP(80), dan DNS(53) yang menuju ke luar (pada client).

contoh 2:

$ipfw pipe 1 config bw 128Kbit/s
$ipfw pipe 2 config bw 128Kbit/s
$ipfw queue 100 config pipe 1 weight 90
$ipfw queue 101 config pipe 1 weight 60
$ipfw add queue 100 tcp from any to 192.168.1.1 22 in
$ipfw add queue 100 tcp from any to 192.168.1.1 80 in
$ipfw add queue 101 tcp from any to 192.168.1.1 in
$ipfw add pipe 2 all from 192.168.1.1 to any out
Konfigurasi ini akan menghad bandwidth download dan upload dari IP 192.168.1.1 kepada 128Kbps dan memberi
‘priority’ kepada port SSH(22), HTTP(80), dan DNS(53) yang menuju ke dalam (pada server).
SIAP! Semua konfigurasi DUMMYNET sudah lengkap, dan tibalah masa untuk menguji benda ini. Enjoy!

Sumber : azhax@indofreebsd.or.id

Implementasikan WF2Q+ dengan ipfw

Jika anda ingin menimplementasikan WF2Q+ dengan ipfw di mesin dengan tujuan:
- Sharing bandwidth antar client misalnya untuk ratio 1:4.
- Sharing bandwidth evenly/rata diantara client tersebut (Tapi bukan garansi/CIR).
- Adanya bandwidth peak/burst diantara client jika client yg lain idle.

Sebelumnya pastikan anda running FreeBSD di mesin anda, dengan kompilasi kernel:

options DUMMYNET
options HZ=1000
options IPFW2

Untuk sharing bandwidth dengan ratio 1:4 bisa anda kelompokan client anda dalam satu group misalnya:
- Host A, B, C, D diberi bandwidth rebutan/sharing sebesar 128 Kbit/s,
dengan IP Address:
* Host A : 192.168.0.1/32
* Host B : 192.168.0.2/32
* Host C : 192.168.0.3/32
* Host D : 192.168.0.4/32Asumsi subnet yg anda pilih /24 atau 255.255.255.0, jika anda ingin menggunakan
subnetting juga itu lebih bagus.

Bikin rule di /etc/rc.firewall dan letakan sebelom rule permit/deny:

ipcl_grup01=”192.168.0.0/24{1,2,3,4}”
bw_share01=”128Kbit/s”
bw_down_share01=”128Kbit/s”
bw_up_share01=”64Kbit/s”
ifint=”inside_interface”

# Sample format 1 – Limiting downstream saja.

${fwcmd} add 1 queue 1 ip from any to ${ipcl_group01} out via ${ifint} // Downstream
${fwcmd} queue 1 config weight 50 queue 4 pipe 1 mask dst-ip 0xffffffff
${fwcmd} pipe 1 config queue 4 bw ${bw_down_share01}# Sampel format 2 – Limiting upstream saja.
${fwcmd} add 1 queue 1 ip from ${ipcl_group01} to any in via ${ifint} // Upstream
${fwcmd} queue 1 config weight 50 queue 4 pipe 1 mask src-ip 0xffffffff
${fwcmd} pipe 1 config queue 4 bw ${bw_up_share01}# Sample format 3 – Limiting downstream/upstream menjadi satu flow.

${fwcmd} add 1 queue 1 ip from any to ${ipcl_group01} out via ${ifint} // Downstream
${fwcmd} add 2 queue 1 ip from ${ipcl_group01} to any in via ${ifint} // Upstream
${fwcmd} queue 1 config weight 50 queue 4 pipe 1 mask all
${fwcmd} pipe 1 config queue 4 bw ${bw_share01}# Sample format 4 – Limiting upstream/downstream dengan masing2 flow terpisah.
${fwcmd} add 1 queue 1 ip from any to ${ipcl_group01} out via ${ifint} // Downstream
${fwcmd} add 2 queue 2 ip from ${ipcl_group01} to any in via ${ifint} // Upstream
${fwcmd} queue 1 config weight 50 queue 4 pipe 1 mask dst-ip 0xffffffff
${fwcmd} queue 2 config weight 50 queue 4 pipe 2 mask src-ip 0xffffffff
${fwcmd} pipe 1 config queue 4 bw ${bw_down_share01}
${fwcmd} pipe 2 config queue 4 bw ${bw_up_share01}WF2Q+ merupakan varian dari sistem quering policy, dan jangan lupa setelah di assign
via “queue” mesti terhubung ke “pipe”.

Keterangan:

- queue [Dibagian rule : ${fwcmd} add 1 queue...] : Assign untuk rule WF2Q+.
- weight : Nilei pembanding flow quering (Bukan priority).
Default 1, allow [1 s/d 100].
- queue [Dibagian rule : ${fwcmd} queue 1 config weight 50 queue...] : Ukuran/jumlah dari “queue/slot” sbg pembanding
terhadap jumlah bandwidth. Default 50.
- queue [Dibagian rule : ${fwcmd} pipe 1 config queue...] : Ukuran/jumlah dari “queue/slot” sbg pembanding terhadap
jumlah bandwidth. Default 50
- pipe : Assign rule untuk ukuran bandwidth yg terkoneksi.
- mask dst-ip/src-ip : Digunakan untuk masking IP Address/subneting dan port. “dst-ip” digunakan untuk “downstream”,
“src-ip” digunakan untuk “upstream” dari sample rule diatas (Tergantung dari posisi IP client
/port). 0xffffffff adalah value subnet, sama dengan “0.0.0.0/0″ (Match all IP Address). Untuk
port default “0×0000″ artinya tidak menspesifikan/pembatasan port.Perhitungan:

bw_perclient = (w_client / w_jumlah_) * bw_totalSample diatas perclient mempunyai weight masing2 50, total bw 128 Kbit/s. Katakanlah untuk host A bisa dikalkulasikan sbb:

bw_host_A = (50 / (50*4)) * 128 Kbit/s
= (50 / 200) * 128 Kbit/s
= 32 Kbit/s

Jika semua host aktif maka dummynet akan berusaha membagi rata sejumlah 32 Kbit/s per hostnya. Nah contoh diatas mempunyai weight yg sama besarnya, gimana kalo contohnya begini:

w_host_A = 30
w_host_B = 50
w_host_C = 50
w_host_D = 50

Maka bisa kita kalkulasikan bw yg didapat oleh host A dan host B sbb:

bw_host_A = (30 / (30+50+50+50)) * 128 Kbit/s
= (30 / 180) * 128 Kbit/s
= 21.333 Kbit/s

bw_host_B = (50 / (30+50+50+50)) * 128 Kbit/s
= (50 / 180) * 128 Kbit/s
= 35.55 Kbit/s

Contoh lain:

w_host_A = 10
w_host_B = 20
w_host_C = 30
w_host_D = 40

bw_host_A = (10 / (10+20+30+40)) * 128 Kbit/s
= (10 / 100) * 128 Kbit/s
= 12.8 Kbit/s

bw_host_B = (20 / (10+20+30+40)) * 128 Kbit/s
= (20 / 100) * 128 Kbit/s
= 25.6 Kbit/s

Perhitungan “queue slot”. Dalam hal ini queue di rule diatas adalah 4, maka bisa dikalkulasikan:

bw_perclient = bw_total/slot_queue

Dari sample diatas bisa dihitung untuk host A sbb:

bw_host_A = 128 Kbit/s / 4
= 32 Kbit/s

Jika semua host aktif maka dummynet akan berusaha membagi rata bandwidth 32 Kbit/s per slot-nya (1 slot = 32 Kbit/s).

IMHO, “queue slot” mendingan disesuaikan dengan jumlah client yg share, contoh diatas 1:4 berarti “queue slot”-nya 4.
Jika kita rubah misalnya “queue slot” menjadi 8 slot maka ada kemungkinan host A akan menggunakan lebih dari 1 slot,
artinya bisa cenderung ngerebut slot jatah host lain.

Sample output:
root:~# uname -srnm
FreeBSD gw-core-introuter.kumprang.com 4.10-STABLE i386

root:~# ipfw queue show
00001: 24.000 Kbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0×00 0×00000000/0×0000 -> 0×00000000/0×0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 74.6.68.227/42040 202.146.228.9/80 5535 3192733 0 0 0
00002: 68.000 Kbit/s 0 ms 6 sl. 0 queues (1 buckets) droptail
mask: 0×00 0×00000000/0×0000 -> 0×00000000/0×0000
00003: 36.000 Kbit/s 0 ms 6 sl. 0 queues (1 buckets) droptail
mask: 0×00 0×00000000/0×0000 -> 0×00000000/0×0000
q00001: weight 50 pipe 2 6 sl. 6 queues (64 buckets) droptail
mask: 0×00 0×00000000/0×0000 -> 0xffffffff/0×0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
17 ip 0.0.0.0/0 192.168.1.1/0 81105 53885327 0 0 2960
26 ip 0.0.0.0/0 192.168.1.10/0 121939 96279102 0 0 3719
27 ip 0.0.0.0/0 192.168.1.11/0 134476 96276870 0 0 6141
28 ip 0.0.0.0/0 192.168.1.12/0 35325 17986730 0 0 1243
29 ip 0.0.0.0/0 192.168.1.13/0 43479 35034555 0 0 1247
34 ip 0.0.0.0/0 192.168.1.50/0 154963 152289033 0 0 8521
q00002: weight 50 pipe 3 6 sl. 6 queues (64 buckets) droptail
mask: 0×00 0xffffffff/0×0000 -> 0×00000000/0×0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
12 ip 192.168.1.50/0 0.0.0.0/0 128724 17526438 0 0 211
42 ip 192.168.1.1/0 0.0.0.0/0 71625 8097141 0 0 592
48 ip 192.168.1.12/0 0.0.0.0/0 28546 2747603 0 0 131
50 ip 192.168.1.13/0 0.0.0.0/0 32582 3594117 0 0 29
60 ip 192.168.1.10/0 0.0.0.0/0 102737 10325047 0 0 73
62 ip 192.168.1.11/0 0.0.0.0/0 89624 8851578 0 0 100

Keterangan:
Kolom paling kanan pertanda paket yg sudah di-”drop”, uji gampangnya lihat saja jika kita download gede2an
(pake getright/flashget) pasti banyak yg didrop sesuai dengan perhitungan diatas. Dan silahkan coba download dengan
cara dilimit di client (pake getright/flashget misalnya) sesuei dengan perhitungan diatas, nah gimana hasilnya tuh .

Sistem kerjanya, andaikata host A menggunakan bandwidth melebihi kapasitas sharing bandwidth bedasarkan perhitungan
diatas dan host B pada saat bersamaan mulai ngeload bandwidth (katakanlah mulai ngeclick browser) maka host A akan
didrop secara random untuk memberikan kesempatan kepada host B sampai kedudukannya seimbang (katakanlah jika bandiwidth
128 Kbit/s maka host A akan mendapatkan 64 Kbit/s dan host B akan mendapatkan 64 Kbit/s), dan ketika host B tidak
ngeload bandwidth (idle) maka host A akan mendapatkan bandwidth 128 Kbit/s kembali.

FreeBSD is a free Unix-like operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD). It has been characterized as “the unknown giant among free operating systems”. It is not a clone of UNIX, but works like UNIX, with UNIX-compliant internals and system APIs. FreeBSD is generally regarded as reliable and robust.

FreeBSD is a complete operating system. The kernel, device drivers and all of the userland utilities, such as the shell, are held in the same source code revision tracking tree, whereas with Linux distributions, the kernel, userland utilities and applications are developed separately, then packaged together in various ways by others.

Third-party application software may be installed using various software installation systems, the two most common being source installation and package installation, both of which use the FreeBSD Ports system.

History

FreeBSD’s development began in 1993 with a quickly growing, unofficial patchkit maintained by users of the 386BSD operating system. This patchkit forked from 386BSD and grew into an operating system taken from U.C. Berkeley’s 4.3BSD-Lite (Net/2) tape with many 386BSD components and code from the Free Software Foundation. After two public beta releases via FTP (1.0-GAMMA on September 2, 1993, and 1.0-EPSILON on October 3, 1993), the first official release was FreeBSD 1.0, available via FTP on November 1, 1993 and on CDROM on December 30, 1993. This official release was coordinated by Jordan Hubbard, Nate Williams and Rodney W. Grimes with a name thought up by David Greenman. Walnut Creek CDROM agreed to distribute FreeBSD on CD and gave the project a machine to work on along with a fast Internet connection, which Hubbard later said helped stir FreeBSD’s rapid growth. A “highly successful” FreeBSD 1.1 release followed in May 1994. However, there were legal concerns about the BSD Net/2 release source code used in 386BSD. After a lawsuit between UNIX copyright owner at the time Unix System Laboratories and the University of California, Berkeley, the FreeBSD project re-engineered most of the system using the 4.4BSD-Lite release from Berkeley, which, owing to this lawsuit, had none of the AT&T source code earlier BSD versions had depended upon, making it an unbootable operating system. Following much work, the outcome was released as FreeBSD 2.0 in January 1995.

FreeBSD 2.0 featured a revamp of the original Carnegie Mellon University Mach virtual memory system, which was optimized for performance under high loads. This release also introduced the FreeBSD Ports system, which made downloading, building and installing third party software very easy. By 1996 FreeBSD had become popular among commercial and ISP users, powering extremely successful sites like Walnut Creek CD-ROM (a huge repository of software that broke several throughput records on the Internet), Yahoo! and Hotmail. The last release along the 2-STABLE branch was 2.2.8 in November 1998. FreeBSD 3.0 brought many more changes, including the switch to the ELF binary format. Support for SMP systems and the 64-bit Alpha platform were also added. The 3-STABLE branch ended with 3.5.1 in June 2000.

Features

Networking

FreeBSD’s TCP/IP stack is based on the 4.2BSD implementation of TCP/IP which greatly contributed to the widespread adoption of these protocols.^[7] FreeBSD also supports IPv6, SCTP, IPSec, IPX, AppleTalk and wireless networking.

Storage

FreeBSD has several unique features related to storage. Soft updates maintain filesystem integrity in the event of a system crash. The GEOM framework provides features such as RAID (levels 0, 1, 3 currently), full disk encryption, and concatenation of drives. Filesystem snapshots allow an image of a filesystem at an instant in time to be efficiently created. Snapshots allow reliable backup of a live filesystem. FreeBSD also provides the ZFS filesystem as an alternative to the normal UFS2 file system.

Security

FreeBSD provides several security-related features including access control lists (ACLs), security event auditing, extended file system attributes, fine-grained capabilities and mandatory access controls (MAC). These security enhancements were developed by the TrustedBSD project. The project was founded by Robert Watson with the goal of implementing concepts from the Common Criteria for Information Technology Security Evaluation and the Orange Book. This project is ongoing and many of its extensions have been integrated into FreeBSD.

The project has also ported the NSA‘s FLASK/TE implementation from SELinux to FreeBSD. Other work includes the development of OpenBSM, an open source implementation of Sun’s Basic Security Module (BSM) API and audit log file format, which supports an extensive security audit system. This was shipped as part of FreeBSD 6.2. Other infrastructure work in FreeBSD performed as part of the TrustedBSD Project has included SYN cookies, GEOM and OpenPAM.

While most components of the TrustedBSD project are eventually folded into the main sources for FreeBSD, many features, once fully matured, find their way into other operating systems. For example, OpenPAM and UFS2 have been adopted by NetBSD. Moreover, the TrustedBSD MAC Framework has been adopted by Apple for Mac OS X.

Much of this work was sponsored by DARPA.

Portability

FreeBSD has been ported to a variety of processor architectures. The FreeBSD project organizes architectures into tiers that characterize the level of support provided. Tier 1 architectures are mature and fully supported. Tier 2 architectures are undergoing major development. Tier 3 architectures are experimental or are no longer under active development (as is the case of DEC Alpha) and tier 4 architectures have no support at all.

FreeBSD has been ported to the following architectures:

Third Party Software

For more details on this topic, see FreeBSD Ports

FreeBSD running GIMP, Firefox, and GNOME installed from the ports collection.FreeBSD has a repository of thousands of applications that are developed by third parties outside of the project itself. (Examples include windowing systems, Internet browsers, email programs, office suites, and so forth.) In general, the project itself does not develop this software, only the framework to allow these programs to be installed (termed the Ports Collection). Applications may be installed either from source, if its licensing terms allow such redistribution (these are called ports), or as compiled binaries if allowed (these are called packages). The Ports Collection supports the latest release on the -CURRENT and -STABLE branches. Older releases are not supported and may or may not work correctly with an up-to-date ports collection.

Ports Collection

Each package in the Ports Collection is installed from source. Each port’s Makefile automatically fetches the application source code, either from a local disk, CD-ROM or via ftp, unpacks it on the system, applies the patches, and compiles. This method can be very time consuming as compiling large packages can take hours, but the user is able to install a customized program.

Packages system

For most ports, precompiled binary packages also exist. This method is very quick as the whole compilation process is avoided, but the user is not able to install a program with customized compile time options.

Utilities for managing ports and packages

There are many utilities available for managing ports and packages available in GUIs and CLIs. These are some of them:

• barry – A KDE frontend to the ports system
• bpm – A GUI ports collection manager
• kports – A KDE frontend to the ports system
• pib – A GUI Ports Collection management tool
• portbrowser – A GUI frontend for the ports system

Linux compatibility

Most software that runs on Linux can run on FreeBSD without the need for any compatibility layer. FreeBSD nonetheless still provides a compatibility layer for several other Unix-like operating systems, including Linux. Hence, most Linux binaries can be run on FreeBSD, including some proprietary applications distributed only in binary form. Examples of applications that can use the Linux compatibility layer are StarOffice, the Linux version of Firefox, Adobe Acrobat, RealPlayer, Oracle, Mathematica, MATLAB, WordPerfect, Skype, Wolfenstein: Enemy Territory, Doom 3 and Quake 4 (though some of these applications also have a native version). No noticeable performance penalty over native FreeBSD programs has been noted when running Linux binaries, and, in some cases, these may even perform more smoothly than on Linux. However, the layer is not altogether seamless, and some Linux binaries are unusable or only partially usable on FreeBSD. This is often because the compatibility layer only supports system calls available in the historical Linux kernel 2.4.2. There is support of Linux 2.6.16 system calls, enabled by default since 8.0 and available since 7.0. However, there is currently no support for running 64-bit Linux binaries.

Development

FreeBSD currently has more than 400 active developers and thousands of contributors.

Governance structure

The FreeBSD Project is run by FreeBSD committers, or developers who have CVS/SVN commit access. There are several kinds of committers, including source committers (base operating system), doc committers (documentation and web site authors) and ports (third party application porting and infrastructure). Every two years the FreeBSD committers select a 9-member FreeBSD Core Team who are responsible for overall project direction, setting and enforcing project rules and approving new “commit bits”, or the granting of CVS/SVN commit access. A number of responsibilities are officially assigned to other development teams by the FreeBSD Core Team, including responsibility for security advisories (the Security Officer Team), release engineering (the Release Engineering Team) and managing the ports collection (the Port Manager team). Developers may give up their commit rights to retire or for “safe-keeping” after a period of a year or more of inactivity, although commit rights will generally be restored on request. Under rare circumstances commit rights may be removed by Core Team vote as a result of repeated violation of project rules and standards. The FreeBSD Project is unusual among open source projects in having developers who have worked with its source base for over 25 years, owing to the involvement of a number of past University of California developers who worked on BSD at the Computer Systems Research Group.

Branches

FreeBSD developers maintain at least two branches of simultaneous development. The -CURRENT branch always represents the “bleeding edge” of FreeBSD development. A -STABLE branch of FreeBSD is created for each major version number, from which releases are cut about once every 4–6 months. If a feature is sufficiently stable and mature it will likely be backported (MFC or Merge from CURRENT in FreeBSD developer slang) to the -STABLE branch. FreeBSD’s development model is further described in an article by Niklas Saers.

Foundation

FreeBSD development is supported in part by the FreeBSD Foundation. The foundation is a non-profit organization that accepts donations to fund FreeBSD development. Such funding has been used to sponsor developers for specific activities, purchase hardware and network infrastructure, provide travel grants to developer summits, and provide legal support to the FreeBSD project.

License

FreeBSD is released under a variety of open source licenses. The kernel code and most newly created code is released under the two-clause BSD license which allows everyone to use and redistribute FreeBSD as they wish. There are parts released under three- and four-clause BSD licenses, as well as Beerware license. Some device drivers include a binary blob, such as the Atheros HAL of FreeBSD versions before 7.2. Some of the code contributed by other projects is licensed under GPL, LGPL, ISC or CDDL. All the code licensed under GPL and CDDL is clearly separated from the code under liberal licenses, to make it easy for users such as embedded device manufacturers to use only permissive free software licences. ClangBSD aims to replace some GPL dependencies in the FreeBSD base system by replacing the GNU compiler collection with the BSD-licenced LLVM/Clang compiler. ClangBSD became self-hosting on April 16 2010, an important landmark for further independent development.

Logo

FreeBSD’s mascot is the generic BSD daemon, also known as Beastie.

For many years FreeBSD’s logo was the generic BSD daemon, also called Beastie, a slurred phonetic pronunciation of BSD. First appearing in 1976 on UNIX T-shirts purchased by Bell Labs, the more popular versions of the BSD daemon were drawn by animation director John Lasseter beginning in 1984. Several FreeBSD-specific versions were later drawn by Tatsumi Hosokawa. Through the years Beastie became both beloved and criticized as perhaps inappropriate for corporate and mass market exposure. Moreover it was not unique to FreeBSD. In lithographic terms, the Lasseter graphic is not line art and often requires a screened, four colour photo offset printing process for faithful reproduction on physical surfaces such as paper. Moreover, the BSD daemon was thought to be too graphically detailed for smooth size scaling and aesthetically over dependent upon multiple colour gradations, making it hard to reliably reproduce as a simple, standardized logo in only two or three colours, much less in monochrome. Because of these worries, a competition was held and a new logo designed by Anton K. Gural, still echoing the BSD daemon, was released on October 8, 2005. Meanwhile Lasseter’s much known take on the BSD daemon carries forth as official mascot of the FreeBSD Project.

Derivatives

PC-BSD

There are a number of software distributions based on FreeBSD including:

• PC-BSD (aimed at home users and workstations)
• DesktopBSD (aimed at home users and workstations, discontinued)
• FreeSBIE (live CD)
• Frenzy (live CD),
• GhostBSD (Gnome-based live CD),
• m0n0wall (firewall)
• pfSense (firewall)
• FreeNAS (for network attached storage)
• AskoziaPBX (an embedded PBX)

All these distributions have no or only minor changes when compared with the original FreeBSD base system. The main difference to the original FreeBSD is that they come with pre-installed and pre-configured software for specific use cases. This can be compared with Linux distributions, which are all binary compatible because they use the same kernel and also use the same basic tools, compilers and libraries, while coming with different applications, configurations and branding.

Besides these distributions there is DragonFly BSD, a fork from FreeBSD 4.8 aiming for a different multiprocessor synchronization strategy than the one chosen for FreeBSD 5 and development of some microkernel features. It doesn’t aim to stay compatible with FreeBSD and has huge differences in the kernel and basic userland.

A wide variety of products are directly or indirectly based on FreeBSD. Examples of embedded devices based on FreeBSD include:

• Citrix Netscalers
• Juniper Networks routers, switches and security devices
• Ironport network security appliances
• nCircle’s IP360
• Nokia‘s firewall operating system
• NetApp‘s Data ONTAP GX (only as a loader for proprietary kernel-space module of ONTAP GX)
• Panasas‘s and Isilon Systems‘s cluster storage operating systems
• NetASQ security appliances
• St. Bernard Software iPrism web filtering appliances
• F5 Networks‘s 3DNS version 3 global traffic manager and EDGE-FX version 1 web cache
• The PlayStation 3 video game console.
• KACE Networks‘s KBOX 1000 & 2000 Series Appliances and the Virtual KBOX Appliance
• Sophos‘s Email Appliance

Other operating systems contain code that originated in FreeBSD such as Linux and the RTOS VxWorks. Darwin, the core of Apple’s Mac OS X, borrows FreeBSD’s virtual file system, network stack and components of its userspace. The now-defunct OpenDarwin project, which was based on Apple’s Darwin operating system, also included substantial FreeBSD code. Debian, known primarily as a Linux distribution, also maintains GNU/kFreeBSD, combining the GNU userspace and C library with the FreeBSD kernel.

Installers

sysinstall

The sysinstall utility is the installation application provided by the FreeBSD Project. It is TUI-based, and is divided into a number of menus and screens that can be used to configure and control the installation process. It can also be used to install Ports and Packages as an alternative to the CLI.

finstall

The finstall utility aims to create a user-friendly graphical installer for FreeBSD & FreeBSD-derived systems, however development of finstall has stalled.

Version history

FreeBSD 1

Released in November 1993. 1.1.5.1 was released in July, 1994.

FreeBSD 2

2.0-RELEASE was announced on November 22, 1994. The last of FreeBSD 2, 2.2.8-RELEASE, was announced on November 29, 1998. First FreeBSD to be claimed legally free of AT&T UNIX code with approval of Novell.

FreeBSD 3

Announced on October 16, 1998. 3.5-RELEASE was announced on June 24, 2000.

FreeBSD 4

4.0-RELEASE appeared in March 2000 and the last 4-STABLE branch release was 4.11 in January 2005 supported until January 31, 2007. FreeBSD 4 was a favorite operating system for ISPs and web hosting providers during the first.com bubble, and is widely regarded as one of the most stable and high performance operating systems of the whole Unix lineage. Among the new features of FreeBSD 4, kqueue(2) was introduced (which is now part of other major BSD systems).

FreeBSD 5

After almost three years of development, the first 5.0-RELEASE in January 2003 was widely anticipated, featuring support for advanced multiprocessor and application threading, and for the UltraSPARC and IA-64 platforms. The first 5-STABLE release was 5.3 (5.0 through 5.2.1 were cut from -CURRENT). The last release from the 5-STABLE branch was 5.5 in May 2006.

The largest architectural development in FreeBSD 5 was a major change in the low-level kernel locking mechanisms to enable better symmetric multi-processor (SMP) support. This released much of the kernel from the MP lock, which is sometimes called the Giant lock. More than one process could now execute in kernel mode at the same time. Other major changes included an M:N native threading implementation called Kernel Scheduled Entities. In principle this is similar to Scheduler Activations. Starting with FreeBSD 5.3, KSE was the default threading implementation until it was replaced with a 1:1 implementation in FreeBSD 7.0.

FreeBSD 5 also significantly changed the block I/O layer by implementing the GEOM modular disk I/O request transformation framework contributed by Poul-Henning Kamp. GEOM enables the simple creation of many kinds of functionality, such as mirroring (gmirror) and encryption (GBDE and GELI). This work was supported through sponsorship by DARPA.

The 5.4 and 5.5 releases of FreeBSD confirmed the FreeBSD 5.x branch as a highly stable and high-performing release, although it had a long development period due to the large feature set. Earlier releases on the 5.x branch are not considered stable enough for production deployment.

FreeBSD 6

FreeBSD 6.0 was released on November 4, 2005. The most recent FreeBSD 6 release was 6.4, on November 11, 2008. These versions continue work on SMP and threading optimization along with more work on advanced 802.11 functionality, TrustedBSD security event auditing, significant network stack performance enhancements, a fully preemptive kernel and support for hardware performance counters (HWPMC). The main accomplishments of these releases include removal of the Giant lock from VFS, implementation of a better-performing optional libthr library with 1:1 threading and the addition of a Basic Security Module (BSM) audit implementation called OpenBSM, which was created by the TrustedBSD Project (based on the BSM implementation found in Apple’s open source Darwin) and released under a BSD-style license.

FreeBSD 7

FreeBSD 7.0 was released on 27 February 2008. The most recent FreeBSD 7 release was 7.3, on March 23, 2010. New features include SCTP, UFS journaling, an experimental port of Sun’s ZFS file system, GCC4, improved support for the ARM architecture, jemalloc (a memory allocator optimized for parallel computation, which was ported to Firefox 3), and major updates and optimizations relating to network, audio, and SMP performance. Benchmarks have shown significant speed improvements over previous FreeBSD releases as well as Linux. The new ULE scheduler has seen much improvement but a decision was made to ship the 7.0 release with the older 4BSD scheduler, leaving ULE as a kernel compile-time tunable. In FreeBSD 7.1 ULE was the default for the i386 and AMD64 architectures.

Starting from version 7.1 DTrace was also integrated and FreeBSD 7.2 brought support for multi-IPv4/IPv6 jails. Code supporting the DEC Alpha architecture (supported since FreeBSD 4.0) was removed in FreeBSD 7.0.

FreeBSD 8

FreeBSD 8.0 is the latest release of FreeBSD, having been branched from the trunk in August 2009. It features superpages, Xen DomU support, network stack virtualization, stack-smashing protection, TTY layer rewrite, much improved ZFS support, a new USB stack, multicast updates including IGMPv3, and rewritten NFS client/server introducing NFSv4. Inclusion of improved device mmap() extensions allows the technical implementation of a 64-bit Nvidia display driver for the x86-64 platform. FreeBSD 8.0 was formally released on November 25, 2009.

FreeBSD 9

As of 2009^[update], “bleeding edge” development occurs on -CURRENT, the trunk version of the operating system, which will result in a future version named FreeBSD 9. Until FreeBSD 8.0 was released, the trunk was updated with only conservative changes.

The timeline shows that the span of a single release generation of FreeBSD lasts around 5 years. Since the FreeBSD project makes effort for binary backward (and limited forward) compatibility within the same release generation, this allows users 5+ years of support, with trivial-to-easy upgrading within the release generation.

Unix pertama kali dibuat di Bell Labs, sebuah unit riset dan pengembangan di bawah AT&T (dan sekarang di bawah Lucent) untuk komputer mini PDP dan VAX. Versi terakhir yang ditulis Bell Labs sebuah unit riset dan pengembangan di bawah AT&T (dan sekarang di bawah Lucent), General Electric (GE), Institut Teknologi Massachusetts (MIT), dengan biaya dari Departemen Pertahanan Amerika (Departement of Defence Advenced Research Project, DARPA atau ARPA) untuk komputer mini PDP dan VAX. Versi terakhir yang ditulis Bell Labs sendiri adalah versi sendiri adalah versi ketujuh (V7), 1979. Sejak 1974 Universitas of California, Berkeley, menggunakan Unix, dan sejak 1977 juga mulai mengembangkan Unix-nya sendiri (BSD). Sepanjang sejarahnya, Unix telah dikembangkan oleh berbagai vendor dan telah hadir dalam berbagai rupa dan rasa. Tidak semuanya gratis, tidak semuanya saling kompatibel. Unix popular karena portabel—ditulis dalam bahasa tingkat tinggi C sejak 1973 dan bukan assembly, sehingga mudah dipindahkan antararsitektur komputer—serta memiliki konsep sederhana dan elegan.

Linux sendiri baru muncul tahun 1991 dari tangan seorang mahasiswa Finlandia bernama Linus Torvalds. Ini berarti setelah Apple dan Macintosh dan NT, dan sudah pasti setelah Bill Gates kaya raya. Saat itu Linus bermain-main dengan Minix, sebuah sistem Unix untuk PC berbasis Intel. Karena berbagai keterbatasan Minix, maka Linus memutuskan untuk menulis sistem operasi sendiri! Maka lahirlah Linux. Sejak awal Linux telah dikembangkan oleh para peminatnya di seluruh dunia, karena sejak versi 0.02 telah dirilis di newsgroup Internet. Saat ini kernel (inti sistem operasinya itu sendiri) Linux telah mencapai versi 2.4, dan puluhan distro (kemasan Linux beserta program-porgram aplikasi) serta bisnis seputar Linux telah berkembang pesat. Linux popular karena alasan-alasan yang telah kita bahas sebelumnya tadi: gratis, berlisensi GPL, dan memiliki fitur-fitur seperti halnya Unix lain.
Jadi bisa dibilang Unix adalah keluarga sistem operasi, sementara Linux adalah sebuah tiruan Unix. Linux bisa digolongkan sebagai sebuah sistem dari Unix.

Sun Solaris adalah sebuah operating system Unix berbasis sistem operasi yang diperkenalkan oleh Sun Microsystem pada tahun 1992 sebagai pengganti SunOS. Solaris dikenal dengan skalabilitasnya, terutama pada SPARC sistem, dan mempunyai banyak fitur-fitur inovatif seperti DTrace dan ZFS. Solaris berbasis SPARC dan x86 dan berbasis workstation dan server dari Sun dan vendor lainnya, dengan upaya yang dilakukan untuk port ke platform tambahan. Walaupun secara historis dikembangkan sebagai perangkat lunak berpemilik, didukung oleh sistem yang dibuat oleh semua vendor server utama, dan mayoritas dari basis kode sekarang perangkat lunak open source melalui open solaris proyek.

Sun Solaris sendiri masih tabuh didengar dikalangan umum karena jarang yang memakainya untuk sistem operasi pada PC. Karena itu Sun Solaris kurang populer namanya di kalangan masyarakat.

Macintosh atau lebih dikenal MacOs merupakan salah satu jenis komputer personal berbasis PowerPc yang diproduksi oleh Apple. Ternyata asal-usul operating system MacOs adalah sebuah computer personal yang dinamakan Macintosh oleh Jef Raskin karena macintosh adalah salahsatu jenis buah apel yang sangat disukai oleh beliau. Macintosh diperkenalkan pada bulan Januari tahun 1984 lewat iklan Super Bowl yang fenomenal. Secara tampilan grafis memang macintosh lebih unggul dari Linux, namun macintosh sangat jarang digunakan oleh umum karena hanya dipakai oleh orang-orang tertentu. Dan tidak sebebas Linux dalam proses pengembangannya.

FreeBSD merupakan sebuah operating system bebas serupa operating system Unix. FreeBSD sendiri diturunkan melalui AT&T Unix melalui Berkeley Software Distribution (BSD). FreeBSD terkenal dengan sebutan “raksasa tak dikenal” diantara software operating system bebas. FreeBSD bukan merupakan tiruan Unix, tetapi berjalan seperti operating system Unix. FreeBSD bekerja dengan Unix-compliant internals dan sistem API. FreeBSD umumnya sebagai operating system yang dapat diandalkan dan kuat. Proyek pembangunan operating system FreeBSD dimulai pada tahun 1993 yang tumbuh dengan cepat. Banyak keunggulan yang bisa didapat dari operating system FreeBSD tersebut. Dari keempat software operating system diatas. Hampir seluruhnya merupakan pengembangan dari operating system Unix. Namun dari setiap operating system diatas memiliki kelebihan dan kekurangan masing-masing. Contohnya operating system Linux dan FreeBSD merupakan operating system yang kebal terhadap virus dan stabil dalam menjalankan system operasi, namun kekurangan dari Linux dan FreeBSD sendiri adalah masih jarang yang menggunakannya. Dan kelebihan lainnya merupakan sebuah operating system yang open sourch yaitu operating system yang mempunyai kode (kernel) terbuka, yang dapat dikembangkan oleh siapapun secara bebas tanpa khawatir terkena pidana seperti menggunakan software operating system Microsoft.

1969 By April 1969, AT&T made a decision to withdraw Multics and go with GECOS. When Multics was withdrawn Ken Thompson and Dennis Ritchie needed to rewrite an operating system in order to play space travel on another smaller machine (a DEC PDP-7 [Programmed Data Processor 4K memory for user programs). The result was a system which a punning colleague called UNICS (UNiplexed Information and Computing Service)--an 'emasculated Multics'. 1969 Summer 1969 Unix was developed. 1969 Linus Torvalds is born. 1971 First edition of Unix released 11/03/1971. The first edition of the "Unix PROGRAMMER'S MANUAL [by] K. Thompson [and] D. M. Ritchie.” It includes over 60 commands like: b (compile B program); boot (reboot system); cat (concatenate files); chdir (change working directory); chmod (change access mode); chown (change owner); cp (copy file); ls (list directory contents); mv (move or rename file); roff (run off text); wc (get word count); who (who is one the system). The main thing missing was pipes. 1972 Second edition of Unix released 12/06/1972 1972 Ritchie rewrote B and called the new language C. 1973 Unix had been installed on 16 sites (all within AT&T/Western Electric); it was publically unveiled at a conference in October. 1973 Third edition of Unix released February 1973 1973 Forth edition of Unix released November 1973 1974 Fifth edition of Unix released June 1974 1974 Thompson went to UC Berkeley to teach for a year, Bill Joy arrived as a new graduate student. Frustrated with ed, Joy developed a more featured editor em. 1975 Sixth edition of Unix released May 1975 1975 Bourne shell is introduced begins being added onto. 1977 1BSD released late 1977 1978 2BSD released mid 1978 1979 Seventh edition of Unix released January 1979 1979 3BSD released late 1979 1979 SCO founded by Doug and Larry Michels as Unix porting and consulting company. 1980 4.0BSD released October 1980 1982 SGI introduces IRIX. 1983 SCO delivers its first packaged Unix system called SCO XENIX System V for Intel 8086 and 8088 processor-based PCs. 1984 Ultrix 1.0 was released. 1985 Eighth edition of Unix released February 1985 1985 The GNU manifesto is published in the March 1985 issue of Dr. Dobb’s Journal. The GNU project starts a year and a half later. 1986 HP-UX 1.0 released. 1986 Ninth edition of Unix released September 1986 1987 Sun and AT&T lay the groundwork for business computing in the next decade with an alliance to develop Unix System V Release 4. 1988 HP-UX 2.0 released. 1988 HP-UX 3.0 released. 1989 SCO ships SCO Unix System V/386, the first volume commercial product licensed by AT&T to use the Unix System trademark. 1989 HP-UX 7.0 released. 1989 Tenth edition of Unix released October 1989 1990 AIX short for Advanced Interactive eXecutive was first entered into the market by IBM February 1990. 1991 Sun unveils Solaris 2 operating environment, specially tuned for symetric multiprocessing. 1991 Linux is introduced by Linus Torvalds, a student in Finland. Who post to the comp.os.minix newsgroup with the words:Hello everybody out there using minix -

I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. 1991 HP-UX 8.0 released. 1991 BSD/386 ALPHA First code released to people outside BSDI 12/xx/1991 1992 HP-UX 9.0 released. 1993 NetBSD 0.8 released 04/20/1993 1993 FreeBSD 1.0 released December of 1993 1994 Red Hat Linux is introduced. 1994 Caldera, Inc was founded in 1994 by Ransom Love and Bryan Sparks. 1994 NetBSD 1.0 released 10/26/1994 1995 FreeBSD 2.0 released 01/xx/1995 1995 SCO acquires Unix Systems source technology business from Novell Corporation (which had acquired it from AT&T’s Unix System Laboratories). SCO also acquires UnixWare 2 operating system from Novell. 1995 HP-UX 10.0 released. 1995 4.4 BSD Lite Release 2 the true final distribution from the CSRG 06/xx/1995 1996 KDE is started to be developed by Matthias Ettrich 1997 HP-UX 11.0 released. 1997 Caldera ships OpenLinux Standard 1.1 May 5, 1997, the second offering in Caldera’s OpenLinux product line 1998 IRIX 6.5 the fifth generation of SGI Unix is released July 6, 1998. 1998 SCO delivers UnixWare 7 operating system. 1998 Sun Solaris 7 operating system released. 1998 FreeBSD 3.0 released 10/16/1998 2000 FreeBSD 4.0 released 03/13/2000 2000 Caldera Systems Inc. announces that Caldera Systems has entered into agreement to acquire the SCO Server Software Division and the Professional Services Division. 2001 Linus Torvalds releases version 2.4 of the Linux Kernel source code on January 4th. 2001 Microsoft files a trademark suit against Lindows.com in December. 2004 Lindows changes it’s name to Linspire April 14, 2004.
]]> http://septianprima.wordpress.com/2010/05/19/unix-linux-and-variant-history/feed/ 0 septianprima http://septianprima.wordpress.com/2010/05/18/konsep-dasar-tcpip/ http://septianprima.wordpress.com/2010/05/18/konsep-dasar-tcpip/#comments Tue, 18 May 2010 10:06:12 +0000 wongculun http://septianprima.wordpress.com/?p=37 ]]> (Transmission Control Protocol/Internet Protocol)

TCP/IP merupakan dasar dari segalanya, tanpa mempelajari TCP/PI
kemungkinan kita tidak dapat melakah maju di dunia pehackingan. Dengan
kata lain, TCP/IP merupakan awal dari segalanya. Banyak orang yg
menyepelekan pentingnya mempelajari TCP/IP, mereka mengaku dirinya
“hacker” tetapi tidak mengerti sama sekali apa itu TCP/IP. Merasa hacker
hanya apabila bisa mencrash ataupun menjebol server, tetapi

sebetulnya
bukan itulah maksud dari segala itu. Hacker itu adalah orang yg haus
akan pengetahuan, bukan haus akan penghancuran. Untuk menjadi hacker
dibutuhkan kerja keras, semangat, motivasi yg tinggi serta pemahaman
seluk-beluk internet itu sendiri, tanpa hal-hal tersebut mustahil anda
dapat menjadi seorang hacker yang tangguh.

Tulisan ini didedikasikan terutama untuk member Kecoak Elektronik dan
siapa saja yang ingin mempelajari TCP/IP, bukan untuk mereka yang hanya
ingin mencari jalan pintas menjadi hacker sejati. Bagi anda yg memang
udah profhacking mungkin tulisan ini tidak penting, karena memang
tulisan ini hanyalah pengantar belaka dan bukan merupakan referensi yg
sempurna (dan jauh dari sempurna) oleh karenanya hanya dikhususkan bagi
mereka yg pendatang baru (newbies).

1. Apa itu TCP/IP ?
——————-
TCP/IP adalah salah satu jenis protokol* yg memungkinkan kumpulan
komputer untuk berkomunikasi dan bertukar data didalam suatu  network
(jaringan).

************************************************************************
Merupakan himpunan aturan yg memungkinkan komputer untuk  berhubungan
antara satu dengan yg lain, biasanya berupa bentuk / waktu / barisan /
pemeriksaan error saat transmisi data.
***********************************************************************
2. Apa yg membuat TCP/IP menjadi penting ?
——————————————
Karena TCP/IP merupakan protokol yg telah diterapkan pada hampir semua
perangkat keras dan sistem operasi. Tidak ada rangkaian protokol lain yg
tersedia pada semua sistem berikut ini :

a. Novel Netware.
b. Mainframe IBM.
c. Sistem digital VMS.
d. Server Microsoft Windows NT
e. Workstation UNIX, LinuX, FreeBSD
f. Personal komputer DOS.

3. Bagaimana awalnya keberadaan TCP/IP ?
—————————————-
Konsep TCP/IP berawal dari kebutuhan DoD (Departement of Defense) AS
akan suatu komunikasi di antara berbagai variasi komputer yg telah ada.
Komputer-komputer DoD ini seringkali harus berhubungan antara satu
organisasi peneliti dg organisasi peneliti lainnya, dan harus tetap
berhubungan sehingga pertahanan negara tetap berjalan selama terjadi
bencana, seperti ledakan nuklir. Oleh karenanya pada tahun 1969
dimulailah penelitian terhadap serangkaian protokol TCP/IP. Di antara
tujuan-tujuan penelitian ini adalah sebagai berikut :

1. Terciptanya protokol-protokol umum, DoD memerlukan suatu protokol yg
dapat ditentukan untuk semua jaringan.
2. Meningkatkan efisiensi komunikasi data.
3. Dapat dipadukan dengan teknologi WAN (Wide Area Network) yg telah
ada.
4. Mudah dikonfigurasikan.

Tahun 1968 DoD ARPAnet (Advanced Reseach Project Agency) memulai
penelitian yg kemudian menjadi cikal bakal packet switching . Packet
switching  inilah yg memungkinkan komunikasi antara lapisan network
(dibahas nanti) dimana data  dijalankan dan disalurkan melalui jaringan
dalam bentuk unit-unit kecil yg disebut packet*. Tiap-tiap packet ini
membawa informasi alamatnya masing-masing yg ditangani dengan khusus
oleh jaringan tersebut dan tidak tergantung dengan paket-paket lain.
Jaringan yg dikembangkan ini, yg menggunakan ARPAnet sebagai tulang
punggungnya, menjadi terkenal sebagai internet.

Protokol-protokol TCP/IP dikembangkan lebih lanjut pada awal 1980 dan
menjadi protokol-protokol standar untuk ARPAnet pada tahun 1983.
Protokol-protokol ini mengalami peningkatan popularitas di komunitas
pemakai ketika TCP/IP digabungkan menjadi versi 4.2 dari BSD (Berkeley
Standard Distribution) UNIX. Versi ini digunakan secara luas pada
institusi penelitian dan pendidikan dan digunakan sebagai dasar dari
beberapa penerapan UNIX komersial, termasuk SunOS dari Sun dan Ultrix
dari Digital. Karena BSD UNIX mendirikan hubungan antara TCP/IP dan
sistem operasi UNIX, banyak implementasi UNIX sekarang menggabungkan
TCP/IP.

************************************************************************
unit informasi yg mana jaringan berkomunikasi. Tiap-tiap paket berisi
identitas (header) station pengirim dan penerima, informasi error-
control, permintaan suatu layanan dalam lapisan network, informasi
bagaimana menangani permintaan dan sembarang data penting yg harus
ditransfer.
************************************************************************

4. Layanan apa saja yg diberikan oleh TCP/IP ?
———————————————-
Berikut ini adalah layanan “tradisional” yg dilakukan TCP/IP :

a. Pengiriman file (file transfer). File Transfer Protokol (FTP)
memungkinkan  pengguna komputer  yg satu untuk dapat mengirim ataupun
menerima file ke komputer jaringan. Karena masalah keamanan data,
maka FTP seringkali memerlukan nama pengguna (user name) dan
password, meskipun banyak juga FTP yg dapat diakses melalui
anonymous, alias tidak  berpassword. (lihat RFC 959 untuk spesifikasi
FTP)
b. Remote login. Network terminal Protokol (telnet) memungkinkan
pengguna komputer dapat melakukan log in ke dalam suatu komputer
didalam suatu jaringan. Jadi hal ini berarti bahwa pengguna
menggunakan komputernya sebagai perpanjangan tangan dari komputer
jaringan tersebut.( lihat RFC 854 dan 855 untuk spesifikasi telnet
lebih lanjut)
c. Computer mail. Digunakan untuk menerapkan sistem elektronik mail.
(lihat RFC 821 dan 822)

d. Network File System (NFS). Pelayanan akses file-file jarak jauh yg
memungkinkan klien-klien untuk mengakses file-file pada komputer
jaringan jarak jauh walaupun file tersebut disimpan secara lokal.
(lihat RFC 1001 dan 1002 untuk keterangan lebih lanjut)
e. remote execution. Memungkinkan pengguna komputer untuk menjalankan
suatu program didalam komputer yg berbeda. Biasanya berguna jika
pengguna menggunakan komputer yg terbatas, sedangkan ia memerlukan
sumber yg banyak dalam suatu system komputer. Ada beberapa jenis
remote execution, ada yg berupa perintah-perintah dasar saja, yaitu
yg dapat dijalankan dalam system komputer yg sama dan ada pula yg
menggunakan “prosedure remote call system”, yg memungkinkan program
untuk memanggil subroutine yg akan dijalankan di system komputer yg
berbeda. (sebagai contoh dalam Berkeley UNIX ada perintah “rsh” dan
“rexec”)
f. name servers. Nama database alamat yg digunakan pada internet (lihat
RFC 822 dan 823 yg menjelaskan mengenai penggunaan protokol name
server yg bertujuan untuk menentukan nama host di internet.)

************************************************************************
RFC (Request For Comments) adalah merupakan standar yg digunakan dalam
internet, meskipun ada juga isinya yg merupakan bahan diskusi ataupun
omong kosong belaka. Diterbitkan oleh IAB (Internet Activities Board)
yg merupakan komite independen para peneliti dan profesional yg
mengerti teknis, kondisi dan evolusi sistem internet. Sebuah surat yg
mengikuti nomor RFC menunjukan status RFC :
S: standard, standar resmi bagi internet
DS: Draft standard, protokol tahap akhir sebelum disetujui sebagai
standar
PS: Proposed Standard, protokol pertimbangan untuk standar masa depan
I: Informational, berisikan bahan-bahan diskusi yg sifatnya informasi
E: Experimental, protokol dalam tahap percobaan tetapi bukan pada jalur
standar.
H: Historic, protokol-protokol yg telah digantikan atau tidak lagi
dipertimbankan utk standarisasi.
************************************************************************
5. Bagaimanakah bentuk arsitektur dari TCP/IP itu ?
—————————————————
Dikarenakan TCP/IP adalah serangkaian protokol di mana setiap protokol
melakukan sebagian dari keseluruhan tugas komunikasi jaringan, maka
tentulah implementasinya tak lepas dari arsitektur jaringan itu sendiri.
Arsitektur rangkaian protokol TCP/IP mendifinisikan berbagai cara agar
TCP/IP dapat saling menyesuaikan.

Karena TCP/IP merupakan salah satu lapisan protokol OSI * (Open System
Interconnections), berarti bahwa hierarki TCP/IP merujuk kepada 7
lapisan OSI tersebut. Berikut adalah model referensi OSI 7 lapisan, yg
mana setiap lapisan menyediakan tipe khusus pelayanan jaringan :

Peer process
|Application layer |<—————–>|Application layer |
|Presentation layer|<—————–>|Presentation layer|
|Session layer     |<—————–>|Session layer     |
|Transport layer   |<—————–>|Transport layer   |
|Network layer     |<—————–>|Network layer     |
|Data link layer   |<—————–>|Data link layer   |
|Physical layer    |<—————–>|Physical layer    |

Tiga lapisan teratas biasa dikenal sebagai “upper lever protocol”
sedangkan empat lapisan terbawah dikenal sebagai “lower level protocol”.
Tiap lapisan berdiri sendiri tetapi fungsi dari masing-masing lapisan
bergantung dari keberhasilan operasi layer sebelumnya. Sebuah lapisan
pengirim hanya perlu berhubungan dengan lapisan yang sama di penerima
(jadi misalnya lapisan data link penerima hanya berhubungan dengan data
link pengirim) selain dengan satu layer di atas atau dibawahnya
(misalnya lapisan network berhubungan dengan   lapisan transport
diatasnya atau dengan lapisan data link dibawahnya).

Model dengan menggunakan lapisan ini merupakan sebuah konsep yg penting
karena suatu fungsi yg rumit yg berkaitan dengan komunikasi dapat
dipecahkan menjadi sejumlah unit yg lebih kecil. Tiap lapisan bertugas
memberikan layanan tertentu pada lapisan diatasnya dan juga melindungi
lapisan diatasnya dari rincian cara pemberian layanan tersebut. Tiap
lapisan harus transparan sehingga modifikasi yg dilakukan atasnya tidak
akan menyebabkan perubahan pada lapisan yang lain. Lapisan menjalankan
perannya dalam pengalihan data dengan mengikuti peraturan yang berlaku
untuknya dan hanya berkomunikasi dengan lapisan yang setingkat.
Akibatnya sebuah layer pada satu sistem tertentu hanya akan berhubungan
dengan lapisan yang sama dari sistem yang lain. Proses ini dikenal
sebagai “Peer process”. Dalam keadaan sebenarnya tidak ada data yang
langsung dialihkan antar lapisan yang sama dari dua sistem yang berbeda
ini. Lapisan atas akan memberikan data dan kendali ke lapisan dibawahnya
sampai lapisan yang terendah dicapai. Antara dua lapisan yang berdekatan
terdapat “interface” (antarmuka). Interface ini mendifinisikan operasi
dan layanan yang diberikan olehnya ke lapisan lebih atas. Tiap lapisan
harus melaksanakan sekumpulan fungsi khusus yang dipahami dengan
sempurna. Himpunan lapisan dan protokol dikenal sebagai “arsitektur
jaringan”.

Pengendalian komunikasi dalam bentuk lapisan menambah overhead karena
tiap lapisan berkomunikasi dengan lawannya melalui “header”. Walaupun
rumit tetapi fungsi tiap lapisan dapat dibuat dalam bentuk modul
sehingga kerumitan dapat ditanggulangi dengan mudah.
Disini kita tidak akan membahas model OSI secara mendalam secara
keseluruhannya, karena protokol TCP/IP tidak mengikuti benar model
referensi OSI tersebut. Walaupun demikian, TCP/IP model akan terlihat
seperti ini :

=========================================
|Application layer  |                   |
|Presentation layer | Application layer |
|Session layer      |                   |
|===================|===================|
|Transport layer    |  Transport layer/ |
|                   |    Host to host   |
|=======================================|
|Network  layer     | Network layer/    |
|                   | internet layer    |
|===================|===================|
|Data Link layer    | Network access    |
|Physical layer     |                   |
|===================|===================|
Model OSI         model internet

Sekarang mari kita bahas keempat lapisan tersebut.

a. Network Access
Lapisan ini hanya menggambarkan bagaimana data dikodekan menjadi sinyal-
sinyal dan karakteristik antarmuka tambahan media.
b. Internet layer/ network layer
Untuk mengirimkan pesan pada suatu internetwork (suatu jaringan yang
mengandung beberapa segmen jaringan), tiap jaringan harus secara unik
diidentifikasi oleh alamat jaringan. Ketika jaringan menerima suatu
pesan dari lapisan yang lebih atas, lapisan network akan menambahkan
header pada pesan yang termasuk alamat asal dan tujuan jaringan.
Kombinasi dari data dan lapisan network disebut “paket”. Informasi
alamat jaringan digunakan untuk mengirimkan pesan ke jaringan yang
benar, setelah pesan tersebut sampai pada jaringan yg benar, lapisan
data link dapat menggunakan alamat node untuk mengirimkan pesan ke node
tertentu.
_____       _____
|=====|     |=====|   ################### end nodes
\—–/     \—–/                    # #
|===|       |===|                     #  #
|           |                       #   #
—|———- |—-   # routers       #    #
|      # #              #     #
|     #   #             #      #
|=—=| #     #            #       #
|=—=|        #           #        #
|            #        _____     _____
komputer     *******          #      |=====|   |=====|
Lainnya — * token * —–|=—=|   \—–/   \—–/
* ring  *      |=—=|    |===|     |===|
*******          |         |         |
|            -|——– |———|———
—–
|
Komputer
Lainnya

meneruskan paket ke jaringan yang benar disebut “routing” dan peralatan
yang meneruskan paket adalah “routers”. Suatu antar jaringan mempunyai
dua tipe node :

- “End nodes”, menyediakan pelayanan kepada pemakai. End nodes
menggunakan lapisan network utk menambah informasi alamat jaringan
kepada paket, tetapi tidak melakukan routing. End nodes kadang-kadang
disebut “end system” (istilah OSI) atau “host” (istilah TCP/IP)
- Router memasukan mekanisme khusus untuk melakukan routing. Karena
routing merupakan tugas yg kompleks, router biasanya merupakan peralatan
tersendiri yg tidak menyediakan pelayanan kepada pengguna akhir. Router
kadang-kadang disebut “intermediate system” (istilah OSI) atau “gateway”
(istilah TCP/IP).

Selain itu juga lapisan ini bertanggung jawab untuk pengiriman data
melalui antar jaringan. Protokol lapisan intenet yang utama adalah
internet protokol, IP (RFC 791, lihat juga RFC 919, 922,950).
IP menggunakan protokol-protokol lain untuk tugas-tugas khusus internet.
ICMP(dibahas nanti) digunakan untuk mengirimkan pesan-pesan ke lapisan
host ke host. Adapun fungsi IP :

1. Pengalamatan
2. Fragmentasi datagram pada antar jaringan
3. Pengiriman datagram pada antar jaringan
c. Transport layer /host to host

Salah satu tanggung jawab lapisan transport adalah membagi pesan-pesan
menjadi fragment-fragment yang cocok dengan pembatasan ukuran yg
dibentuk oleh jaringan. Pada sisi penerima, lapisan transport
menggabungkan kembali fragment untuk mengembalikan pesan aslinya,
sehingga dapat diketahui bahwa lapisan transport memerlukan proses
khusus pada satu komputer ke proses yg bersesuaian pada komputer tujuan.
Hal ini dikenal sebagai Service Access Point (SAP) ID kepada setiap
paket (berlaku pada model OSI, istilah TCP/IP untuk SAP ini disebut port
*).

Mengenali pesan-pesan dari beberapa proses sedemikian rupa sehingga
pesan tersebut dikirimkan melalui media jaringan yg sama disebut
“multiplexing”. Prosedur mengembalikan pesan dan mengarahkannya pada
proses yg benar disebut “demultiplexing”.
Tanggung javab lapisan transport yg paling berat dalam hal pengiriman
pesan adalah mendeteksi kesalahan dalam pengiriman data tersebut. Ada
dua kategori umum deteksi kesalahan dapat dilakukan oleh lapisan
transport :

a. Reliable delivery, berarti kesalahan tidak dapat terjadi, tetapi
kesalahan akan dideteksi jika terjadi. Pemulihan kesalahan dilakukan
dengan jalan memberitahukan lapisan atas bahwa kesalahan telah
terjadi dan meminta pengirimna kembali paket yg kesalahannya
terdeteksi.
b. Unreliable delivery, bukan berarti kesalahan mungkin terjadi, tetapi
menunjukkan bahwa lapisan transport tidak memeriksa kesalahan
tersebut. Karena pemeriksaan kesalahan memerlukan waktu dan
mengurangi penampilan jaringan. Biasanya kategori ini digunakan jika
setiap paket mengandung pesan yg lengkap, sedangkan reliable
delivery, jika mengandung banyak paket. Unreliable delivery, sering
disebut “datagram delivery” dan paket-paket bebas yg dikerimkan
dengan cara ini sering disebut “datagram”.

Karena proses lapisan atas (application layer) memiliki kebutuhan yg
bervariasi, terdapat dua protokol lapisan transport /host to host, TCP
dan UDP. TCP adalah protokol yg handal. Protokol ini berusaha secara
seksama untuk mengirimkan data ke tujuan, memeriksa kesalahan,
mengirimkan data ulang bila diperlukan dan mengirimkan error ke lapisan
ats hanya bila TCP tidak berhasil mengadakan komunikasi (dibahas nanti).
Tetapi perlu dicatat bahwa kehandalan TCP tercapai dengan mengorbankan
bandwidth jaringan yg besar.

UDP (User Datagram Protocol) disisi lain adalah protokol yg tidak
handal. Protokol ini hanya “semampunya” saja mengirimkan data. UDP tidak
akan berusaha untuk  mengembalikan datagram yg hilang dan proses pada
lapisan atas harus bertanggung jawab untuk mendeteksi data yg hilang
atau rusak dan mengirimkan ulang data tersebut bila dibutuhkan.
c. Application layer
Lapisan inilah biasa disebut lapisan akhir (front end) atau bisa disebut
user program. Lapisan inilah yg menjadi alasan keberadaan lapisan
sebelumnya. Lapisan sebelumnya hanya bertugas mengirimkan pesan yg
ditujukan utk lapisan ini. Di lapisan ini dapat ditemukan program yg
menyediakan pelayanan jaringan, seperti mail server (email program),
file transfer server (FTP program),  remote terminal.

************************************************************************
Token Ring merupakan teknologi LAN  data link yg didefinisikan oleh IEEE
802.4  dimana sistem dihubungkan satu sama lain dengan menggunakan
segmen kabel twisted-pair point-to-point untuk membentuk suatu struktur
ring. Sebuah sistem diijinkan untuk mengirim hanya bila sistem tersebut
memiliki token (data unit khsusus yg digunakan bersama-sama) yg akan
dilewarkan dari satu sistem ke sistem lain sekitar ring.
========================================================================
komputer port adalah tempat adalah tempat dimana informasi masuk dan
keluar. Di PC contohnya monitor sebagai keluaran informasi, keyboard dan
mouse sebagai masukan informasi. Tetapi dalam istilah internet, port
berbentuk virtual (software) bukan berbentuk fisik seperti RS232 serial
port (utk koneksi modem).
************************************************************************
6. Bagaimana TCP dan IP bekerja ?
———————————
Seperti yg telah dikemukakan diatas TCP/IP hanyalah merupakan suatu
lapisan protokol(penghubung) antara satu komputer dg yg lainnya dalam
network, meskipun ke dua komputer tersebut memiliki OS yg berbeda. Untuk
mengerti lebih jauh marilah kita tinjau pengiriman sebuah email.
Dalam pengiriman email ada beberapa prinsip dasar yg harus dilakukan.
Pertama, mencakup hal-hal umum berupa siapa yg mengirim email, siapa yg
menerima email tersebut serta isi dari email tersebut. Kedua, bagaimana
cara agar email tersebut sampai pada tujuannya.Dari konsep ini kita
dapat mengetahui bahwa pengirim email memerlukan “perantara” yg
memungkinkan emailnya sampai ke tujuan (seperti layaknya pak pos). Dan
ini adalah tugas dari TCP/IP. Antara TCP dan IP ada pembagian tugas
masing-masing.

TCP merupakan  connection-oriented, yg berarti bahwa kedua komputer yg
ikut serta dalam pertukaran data harus melakukan hubungan terlebih dulu
sebelum pertukaran data ( dalam hal ini email) berlangsung. Selain itu
TCP juga bertanggung jawab untuk menyakinkan bahwa email tersebut sampai
ke tujuan, memeriksa kesalahan dan mengirimkan error ke lapisan atas
hanya bila TCP tidak berhasil melakukan hubungan (hal inilah yg membuat
TCP sukar untuk dikelabuhi). Jika isi email  tersebut terlalu besar
untuk satu datagram * , TCP akan membaginya kedalam beberapa datagram.
IP bertanggung jawab setelah hubungan berlangsung, tugasnya adalah untuk
meroute data packet . didalam network. IP hanya bertugas sebagai kurir
dari TCP dalam penyampaian datagram dan “tidak bertanggung jawab” jika
data tersebut tidak sampai dengan utuh (hal ini disebabkan IP tidak
memiliki informasi mengenai isi data yg dikirimkan) maka IP akan
mengirimkan pesan kesalahan ICMP*. Jika hal ini terjadi maka IP hanya
akan memberikan pesan kesalahan (error message) kembali ke sumber data.
Karena IP “hanya” mengirimkan data “tanpa” mengetahui mana data yg akan
disusun berikutnya menyebabkan IP mudah untuk dimodifikasi daerah
“sumber dan tujuan” datagram. Hal inilah  penyebab banyak paket hilang
sebelum sampai kembali ke sumber awalnya. (jelas ! sumber dan tujuannya
sudah dimodifikasi)

Kalimat Datagram dan paket sering dipertukarkan penggunaanya. Secara
teknis, datagram adalah kalimat yg digunakan jika kita hendak
menggambarkan TCP/IP. Datagram adalah unit dari data, yg tercakup dalam
protokol.

************************************************************************
ICPM adalah kependekan dari Internet Control Message Protocol yg
bertugas memberikan pesan dalam IP. Berikut adalah beberapa pesan
potensial sering timbul (lengkapnya lihat RFC 792):

a. Destination unreachable, terjadi jika host,jaringan,port atau protokol
tertentu tidak dapat dijangkau.
b. Time exceded, dimana datagram tidak bisa dikirim karena time to live
habis.
c. Parameter problem, terjadi kesalahan parameter dan letak oktert dimana
kesalahan terdeteksi.
d. Source quench, terjadi karena router/host tujuan membuang datagram
karena batasan ruang buffer atau karena datagram tidak dapat diproses.
e. Redirect, pesan ini memberi saran kepada host asal datagram mengenai
router yang lebih tepat untuk menerima datagram tsb.
f. Echo request dan echo reply message, pesan ini saling mempertukarkan
data antara host.

Selain RFC 792 ada juga RFC 1256 yg isinya berupa ICMP router discovery
message dan merupakan perluasan dari ICMP, terutama membahas mengenai
kemampuan bagi host untuk menempatkan rute ke gateway.
************************************************************************

7. Bagaimanakah bentuk format header protokol UDP,TCP,IP ?
———————————————————-
1. UDP
——
UDP memberikan alternatif transport untuk proses yg tidak membutuhkan
pengiriman yg handal. Seperti yg telah dibahas sebelumnya, UDP merupakan
protokol yg tidak handal, karena tidak menjamin pengiriman data atau
perlindungan duplikasi. UDP tidak mengurus masalah penerimaan aliran
data dan pembuatan segmen yg sesuai untuk IP.Akibatnya, UDP adalah
protokol sederhana yg berjalan dengan kemampuan jauh dibawah TCP. Header
UDP tidak mengandung banyak informasi, berikut bentuk headernya :

++++++++++++++++++++++++++++++++++++++
+ Source Port  +   Destination Port  +
++++++++++++++++++++++++++++++++++++++
+    Length    +    Checksum         +
++++++++++++++++++++++++++++++++++++++

source port, adalah port asal dimana system mengirimkan datagram.
Destination port, adalah port tujuan pada host penerima.
Length, berisikan panjang datagram dan termasuk data.
Checksum, bersifat optional yg berfungsi utk meyakinkan bahwa data tidak
akan mengalami rusak (korup)

2. TCP
——
Seperti yg telah dibahas sebelumnya, TCP merupakan protokol yg handal
dan bertanggung jawab untuk mengirimkan aliran data ke tujuannya secara
handal dan berurutan. Untuk memastikan diterimanya data, TCP menggunakan
nomor urutan segmen dan acknowlegement (jawaban). Misalkan anda ingin
mengirim file berbentuk seperti berikut :
———————————————————-
TCP kemudian akan memecah pesan itu menjadi beberapa datagram (untuk
melakukan hal ini, TCP tidak mengetahui berapa besar datagram yg bisa
ditampung jaringan. Biasanya, TCP akan memberitahukan besarnya datagram
yg bisa dibuat, kemudian mengambil nilai yg terkecil darinya, untuk
memudahkan).
—- —- —- —- —- —- —- —- —- —- —- —-
TCP kemudian akan meletakan header di depan setiap datagram tersebut.
Header ini biasanya terdiri dari 20 oktet, tetapi yg terpenting adalah
oktet ini berisikan sumber dan tujuan  “nomor port (port number)” dan
“nomor urut (sequence number)”. Nomor port digunakan untuk menjaga data
dari banyaknya data yg lalu lalang. Misalkan ada 3 orang yg mengirim
file. TCP anda akan mengalokasikan nomor port 1000, 1001, dan 1002 untuk
transfer file. Ketika datagram dikirim, nomor port ini menjadi “sumber
port (source port)” number untuk masing-masing jenis transfer.
Yg perlu diperhatikan yaitu bahwa TCP perlu mengetahui juga port yg
dapat digunakan oleh tujuan (dilakukan diawal hubungan). Port ini
diletakan pada daerah “tujuan port (destination port)”. Tentu saja jika
ada datagram yg kembali, maka source dan destination portnya akan
terbalik, dan sejak itu port anda menjadi destination port dan port
tujuan menjadi source port.

Setiap datagram mempunyai nomor urut (sequence number) masing-masing yg
berguna agar datagram tersebut dapat tersusun pada urutan yg benar dan
agar tidak ada datagram yg hilang. TCP tidak memberi “nomor” datagram,
tetapi pada oktetnya. Jadi jika ada 500 oktet data dalam setiap
datagram, datagram yg pertama mungkin akan bernomor urut 0, kedua 500,
ketiga 1000, selanjutnya 1500 dan eterusnya. Kemudian semua susunan
oktet didalam datagram akan diperiksa keadaannya benar atau salah, dan
biasa disebut dg “checksum”. Hasilnya kemudian diletakan ke header TCP.
Yg perlu diperhatikan ialah bahwa checksum ini dilakukan di kedua
komputer yg melakukan hubungan. Jika nilai keberadaan susunan oktet
antara satu checksum dg checksum yg lain tidak sama, maka sesuatu yg
tidak diinginkan akan terjadi pada datagram tersebut, yaitu gagalnya
koneksi (lihat bahasan sebelumnya). Jadi inilah bentuk datagram
tersebut:

++++++++++++++++++++++++++++++++++++++++++++++++
+     Source Port     +      Destination port  +
++++++++++++++++++++++++++++++++++++++++++++++++
+                 Sequence number              +
++++++++++++++++++++++++++++++++++++++++++++++++
+               Acknowledgment number          +
++++++++++++++++++++++++++++++++++++++++++++++++
+  Data +          |U|A|P|R|S|F|                +
+ offset+ Reserved |R|C|S|S|Y|I|     Window     +
+       +           |G|K|H|T|N|N|                +
++++++++++++++++++++++++++++++++++++++++++++++++
+    Checksum                 | Urgent pointer +
++++++++++++++++++++++++++++++++++++++++++++++++
+  data anda —— sampai 500 oktet berikut   +

Jika kita misalkan TCP header sebagai “T”, maka seluruh file akan
berbentuk sebagai berikut :
T—- T—- T—- T—- T—- T—- T—- T—- T—- T—- T—-

Ada beberapa bagian dari header yg belum kita bahas. Biasanya bagian
header  ini terlibat sewaktu hubungan berlangsung.

- Seperti ‘acknowledgement number’ misalnya, yg bertugas untuk menunggu
jawaban apakah datagram yg dikirim sudah sampai atau belum. Jika tidak
ada jawaban (acknowledgement) dalam batas waktu tertentu, maka data akan
dikirim lagi.
- Window berfungsi untuk mengontrol berapa banyak data yg bisa singgah
dalam satu waktu. Jika Window sudah terisi, ia akan segera langsung
mengirim data tersebut dan tidak akan menunggu data yg terlambat, karena
akan menyebabkan hubungan menjadi lambat.
- Urgent pointer menunjukan nomor urutan oktet menyusul data  yg
mendesak. Urgent pointer adalah bilangan positif berisi posisi dari
nomor urutan pada segmen.
Reserved selalu berisi nol. Dicadangkan untuk penggunaan mendatang.
- Control bit (disamping kanan reserved, baca dari atas ke bawah). Ada
enam kontrol bit :
a. URG, Saat di set 1 ruang urgent pointer memiliki makna, set 0
diabaikan.
b. ACK saat di set ruang acknowledgement number memiliki arti.
c. PSH, memulai fungsi push.
d. RST, memaksa hubungan di reset.
e. SYN, melakukan sinkronisasi nomor urutan untuk hubungan. Bila diset maka
hubungan di buka.
f. FIN, hubungan tidak ada lagi.

3. IP
—–
TCP akan mengirim setiap datagram ke IP dan meminta IP untuk
mengirimkannya ke tujuan(tentu saja dg cara mengirimkan IP alamat
tujuan). Inilah tugas IP sebenarnya. IP tidak peduli apa isi dari
datagram, atau isi dari TCP header. Tugas IP sangat sederhana, yaitu
hanya mengantarkan datagram tersebut sampai tujuan (lihat bahasan
sebelumnya). Jika IP melewati suatu gateway, maka ia kemudian akan
menambahkan header miliknya. Hal yg penting dari header ini adalah
“source address” dan “Destination address”, “protocol number” dan
“checksum”.  “source address” adalah alamat asal datagram. “Destination
address” adalah alamat tujuan datagram (ini penting agar gateway
mengetahui ke mana datagram akan pergi). “Protocol number” meminta IP
tujuan untuk mengirim datagram ke TCP. Karena meskipun jalannya IP
menggunakan TCP, tetapi ada juga protokol tertentu yg dapat menggunakan
IP, jadi kita harus memastikan IP menggunakan protokol apa untuk
mengirim datagram tersebut. Akhirnya, “checksum” akan meminta IP tujuan
untuk meyakinkan bahwa header tidak mengalami kerusakan. Yang perlu
dicatat yaitu bahwa TCP dan IP menggunakan checksum yang berbeda.
Berikut inilah tampilan header IP :

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ version + IHL + Type of Service +        Total Length      +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+  identification                 + Flag +  Fragment Offset  +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Time to live  + Protocol        +     Header Checksum      +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                       Source Address                       +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                    Destination Address                     +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ TCP header, kemudian data  ——-                         +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Jika kita misalkan IP header sebagai “I”, maka file sekarang akan
berbentuk :

IT—-  IT—-  IT—-  IT—–  IT—–  IT—–  IT—– IT—-

Source : http://www.oke.or.id

INSTALL FreeRadius:
cd /usr/ports/net/freeradius
% make && make install
Pilih mySQL support dan SNMP (optional).

CONFIGURE freeRADIUS:
% cd /usr/local/etc/raddb
Pastikan file² berikut ada

% clients.conf (basic config cukup & memakai localhost)

% users
Untuk pengetesan pertama tambahkan baris
ainoer Auth-Type := Local, User-Password == “testpass”

% cp snmp.conf.sample snmp.conf
% cp sql.conf.sample sql.conf
% cp huntgroups.sample huntgroups
% cp dictionary.sample dictionary
% cp hints.sample hints
% cp acct_users.sample acct_users
% cp preproxy_users.sample preproxy_users

% cp radiusd.conf.sample radiusd.conf
Edit radiusd.conf,
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

% radiusd -X &
% radtest ainoer testpass localhost 1812 testing123

Jika berhasil ada indikasi sbb :
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=119, length=20

CREATE DATABASE & TABEL
Login ke mysql dan create database dengan nama radius.
Carilah file dengan nama db_mysql.sql kemudian import ke database.
/bin/mysql -u root radius < /usr/local/share/examples/freeradius/db_mysql.sql

Masukkan record² berikut :
INSERT INTO radcheck (UserName, Attribute, Value) VALUES (’rahma’, ‘Password’, ‘passku’);
INSERT INTO radgroupcheck (GroupName, Attribute, Value) VALUES (’dynamic’, ‘Auth-Type’, ‘Local’);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Compression’, ‘:=’, ‘Van-Jacobsen-TCP-IP’);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Protocol’, ‘:=’, ‘PPP’);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Service-Type’, ‘:=’, ‘Framed-User’);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-MTU’, ‘:=’, ‘1500′);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Assign-IP-Pool’, ‘:=’, ‘0′);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Maximum-Time’, ‘:=’, ‘7200′);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Route-IP’, ‘:=’, ‘Route-IP-Yes’);
INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Idle-Timeout’, ‘:=’, ‘1800′);
INSERT INTO usergroup (UserName, GroupName) VALUES (’rahma’, ‘dynamic’);

select * from radcheck;
+—-+———-+———–+—-+——–+
| id | UserName | Attribute | op | Value |
+—-+———-+———–+—-+——–+
| 1 | rahma | Password | == | passku |
+—-+———-+———–+—-+——–+

mysql> select * from radgroupcheck;
+—-+———–+———–+—-+——-+
| id | GroupName | Attribute | op | Value |
+—-+———–+———–+—-+——-+
| 1 | dynamic | Auth-Type | := | Local |
+—-+———–+———–+—-+——-+

select * from radgroupreply;
+—-+———–+————————-+—-+———————+——+
| id | GroupName | Attribute | op | Value | prio |
+—-+———–+————————-+—-+———————+——+
| 1 | dynamic | Framed-Compression | := | Van-Jacobsen-TCP-IP | 0 |
| 2 | dynamic | Framed-Protocol | := | PPP | 0 |
| 3 | dynamic | Service-Type | := | Framed-User | 0 |
| 4 | dynamic | Framed-MTU | := | 1500 | 0 |
| 5 | dynamic | X-Ascend-Assign-IP-Pool | := | 0 | 0 |
| 6 | dynamic | X-Ascend-Maximum-Time | := | 7200 | 0 |
| 7 | dynamic | X-Ascend-Route-IP | := | Route-IP-Yes | 0 |
| 8 | dynamic | Idle-Timeout | := | 1800 | 0 |
+—-+———–+————————-+—-+———————+——+

select * from usergroup;
+———-+———–+———-+
| UserName | GroupName | priority |
+———-+———–+———-+
| rahma | dynamic | 1 |
+———-+———–+———-+

% cd /usr/local/etc/raddb/
Edit sql.conf
Isikan password database( root dgn pass = “” jika masih belum diberi password)

Edit radiusd.conf.
Pada bagian authorize{}:
Hilangkan # pada ’sql’
Pada bagian accounting {}:
Hilangkan # pada ’sql’ accounting{}.

Pada post-auth ():
Hilangkan # pada ’sql’
Hilangkan # 3 baris terkahir dari post-auth dan ganti ke sql modul.

Post-Auth-Type REJECT {
sql
}
kill & restart in debug.
% radiusd -X

Selamat mencoba

Edited :

Ternyata ada yang kurang, settingan di atas kan database mysqlnya masih belum diberi password..
Setelah diberi password kmudain dijalankan la koq error…
rlm_sql_mysql: Mysql error ‘Client does not support authentication please upgrade mysql client dst..

Coba cek librarynya :
# ldd /usr/local/lib/rlm_sql_mysql.so/usr/local/lib/rlm_sql_mysql.so:
libmysqlclient.so.12 => /usr/local/lib/mysql/libmysqlclient.so.12 (0×28157000)
libz.so.2 => /lib/libz.so.2 (0×28177000)
libcrypt.so.2 => /lib/libcrypt.so.2 (0×28187000)
libm.so.3 => /lib/libm.so.3 (0×2819f000)
libc.so.5 => /lib/libc.so.5 (0×28079000)
Udah sip tuw.. but why.. masak harus upgrade mysql clientnya kan versine udah 5.0 ach ngga harus dech kayaknya.. jgn percaya begitu saja sama warning .. googling dulu ach..
Setelah berpusing² eh jadi ingat instalasi pureftpd dgn mysql.. so aku coba dey..
# cd /usr/local/mysql/lib/mysql/
# cp * /usr/local/lib

pembagian segmentasi jaringan dapat dibagi berdasarkan fungsi pekerjaan, departement, atau tim project. VLAN juga memberikan fasilitas kemudahan bagi administrator untuk memindahkan, menambah, dan merubah anggota dari sebuah group.

VLAN dapat meningkatkan scalability, security, dan manajemen jaringan. Dalam sebuah VLAN, router berfungsi untuk menyediakan broadcast filtering, security, traffic flow management, dan routing antar VLAN. Untuk dapat berkomunikasi antar VLAN, maka dibutuhkan sebuah router untuk merouting paket yang dikirim antar VLAN. Supaya

router dapat merouting trafik antara VLAN dibutuhkan trunking antara router dengan switch. Trunking membuat berbagai trafik dalam VLAN dapat dikirim hanya dengan menggunakan satu physical connection. Trunk sebenarnya satu physical interface yang terbagi menjadi beberapa logical interface. Dengan adanya trunk, antar VLAN dapat berkomunikasi melalui physical link yang sama. Setiap frame yang dikirim melalui trunk masing-masing akan diberi tanda dengan VLAN ID. Switch Catalyst akan

mengidentifikasi tiap VLAN dengan nomor yang unik.

Note:   Sebelum kita mulai konfigurasi, pastikan device vlan dan device miibus sudah di- compile kedalam kernel.

Dalam contoh ini konfigurasi ethernet yang dipakai adalah

Konfigurasi pada router FreeBSD 6.0

Jalankan beberapa perintah berikut untuk menambahkan VLAN ke router FreeBSD 6.0:

# ifconfig xl0 up

# ifconfig vlan5 create

# ifconfig vlan5 vlan 5 vlandev xl0 mtu 1500

# ifconfig vlan5 172.16.1.1/24

# ifconfig vlan10 create

# ifconfig vlan10 vlan 10 vlandev xl0 mtu 1500

# ifconfig vlan10 172.16.10.1/24

# ifconfig vlan20 create

# ifconfig vlan20 vlan 20 vlandev xl0 mtu 1500

# ifconfig vlan20 172.16.20.1/24

# ifconfig vlan30 create

# ifconfig vlan30 vlan 30 vlandev xl0 mtu 1500

# ifconfig vlan30 172.16.30.1/24

# ifconfig vlan40 create

# ifconfig vlan40 vlan 40 vlandev xl0 mtu 1500

# ifconfig vlan40 172.16.40.1/24

# ifconfig vlan50 create

# ifconfig vlan50 vlan 50 vlandev xl0 mtu 1500

# ifconfig vlan50 172.16.50.1/24

# ifconfig vlan60 create

# ifconfig vlan60 vlan 60 vlandev xl0 mtu 1500

# ifconfig vlan60 172.16.60.1/24

Hasil konfigurasi VLAN dapat dilihat menggunakan perintah:

# netstat -rn -f inet

Edit file /etc/rc.conf agar konfigurasi VLAN dijalankan saat booting dengan menambahkan baris berikut:

ifconfig_xl0=”up”

cloned_interfaces=”vlan5 vlan10 vlan20 vlan30 vlan40 vlan50 vlan60″ ifconfig_vlan5=”inet 172.16.1.1 netmask 255.255.255.0 vlan 5 vlandev xl0″ ifconfig_vlan10=”inet 172.16.10.1 netmask 255.255.255.0 vlan 10 vlandev xl0″ ifconfig_vlan20=”inet 172.16.20.1 netmask 255.255.255.0 vlan 20 vlandev xl0″ ifconfig_vlan30=”inet 172.16.30.1 netmask 255.255.255.0 vlan 30 vlandev xl0″ ifconfig_vlan40=”inet 172.16.40.1 netmask 255.255.255.0 vlan 40 vlandev xl0″ ifconfig_vlan50=”inet 172.16.50.1 netmask 255.255.255.0 vlan 50 vlandev xl0″ ifconfig_vlan60=”inet 172.16.60.1 netmask 255.255.255.0 vlan 60 vlandev xl0″

Agar vlan dapat di-load saat booting edit file loader.conf yang berada pada direktori

/boot, dan tambahkan baris berikut:

…

if_vlan_load=”YES”

…

Konfigurasi switch Cisco Catalyst 2950

Switch>enable

Switch#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#interface vlan 1

Switch(config-if)#ip address 172.16.0.2 255.255.255.0

Switch(config-if)#no shutdown switch(config-if)#exit

Switch(config)#ip default-gateway 172.16.0.1

Switch(config)#interface fa0/1

Switch(config-if)#description Trunk link ke Router Switch(config-if)#switchport mode trunk Switch(config-if)#end

Switch#vlan database Switch(vlan)#vlan 5 name server VLAN 5 added:

Name: server Switch(vlan)#vlan 10 name A VLAN 10 added:

Name: A

Switch(vlan)#vlan 20 name B

VLAN 20 added: Name: B

Switch(vlan)#vlan 30 name C

VLAN 30 added: Name: C

Switch(vlan)#vlan 40 name D

VLAN 40 added: Name: D

Switch(vlan)#vlan 50 name E

VLAN 50 added: Name: E

Switch(vlan)#vlan 60 name F

VLAN 60 added: Name: F

Switch(vlan)#exit APPLY completed. Exiting….

Lihat konfigurasi database VLAN yang baru dibuat menggunakan perintah:

Switch#show vlan

Untuk mengatur port fa0/2 sebagai anggota VLAN server, port fa0/3 sebagai anggota

VLAN A, port fa0/4 sebagai anggota VLAN B, port fa0/5 sebagai anggota VLAN C,

port fa0/6 sebagai anggota VLAN D, port fa0/7 sebagai anggota VLAN E dan port fa0/8 sebagai anggota VLAN F pada switch Cisco Catalyst 2950 dapat dilakukan dengan menggunakan perintah:

Switch#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#interface fa0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 5

Switch(config-if)#exit

Switch(config)#interface fa0/3

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 10

Switch(config-if)#exit

Switch(config)#interface fa0/4

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 20

Switch(config-if)#exit

Switch(config)#interface fa0/5

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 30

Switch(config-if)#exit

Switch(config)#interface fa0/6

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 40

Switch(config-if)#exit

Switch(config)#interface fa0/7

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 50

Switch(config-if)#exit

Switch(config)#interface fa0/8

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 60

Switch(config-if)#end

Setelah semua konfigurasi selesai, lihat semua konfigurasi pengaturan port pada masing- masingVLAN dengan menggunakan perintah:

Switch#show vlan

Setelah itu simpan semua konfigurasi switch Cisco Catalyst 2950 yang telah dlakukan pada startup-config agar switch dapat menjalankan konfigurasi tersebut pada saat dihidupkan (booting), dengan  mengetikkan perintah:

Switch#copy running-config startup-config

Destination filename [startup-config]? Building configuration…

[OK]

Setelah selesai melakukan semua konfigurasi, lakukan pengujian dengan melakukan ping dari workstation ke workstation lain yang berada pada vlan yang berbeda.

Semoga artikel ini dapat membantu saat melakukan konfigurasi VLAN pada sistem operasi FreeBSD 6.0 dan Cisco Catalyst 2950.

Pustaka: dari berbagai sumber

Cara mudah menginstall openbsd 3.7
Sebaiknya sebelum meng Install lebih baek membaca

http://www.openbsd.org/faq/faq4.html

bila sudah dibaca semua, terus sebaiknya baca lagi di 4.5 – Performing an install

langkah pertama, masukan cd openbsd 3.7 yg sudah dibuat tadi, terus booting komputer

erase ^?, werase ^W, kill ^U, intr ^C, status ^T
(I)nstall, (U)pgrade or (S)hell? i

Welcome to the OpenBSD/i386 3.7 install program.

This program will help you install OpenBSD in a simple and rational way. At
any prompt except password prompts you can run a shell command by typing
‘!foo’, or escape to a shell by typing ‘!’. Default answers are shown in []‘s
and are selected by pressing RETURN. At any time you can exit this program by
pressing Control-C and then RETURN, but quitting during an install can leave
your system in an inconsistent state.

Specify terminal type: [vt220] Enter
Do you wish to select a keyboard encoding table? [no] Enter

IS YOUR DATA BACKED UP? As with anything that modifies disk contents, this
program can cause SIGNIFICANT data loss.

It is often helpful to have the installation notes handy. For complex disk
configurations, relevant disk hardware manuals and a calculator are useful.

Proceed with install? [no] y

Cool! Let’s get to it…

You will now initialize the disk(s) that OpenBSD will use. To enable all
available security features you should configure the disk(s) to allow the
creation of separate filesystems for /, /tmp, /var, /usr, and /home.

Available disks are: wd0.
Which one is the root disk? (or done) [wd0] Enter

Do you want to use *all* of wd0 for OpenBSD? [no] Yes (sembarang boleh N0 or YES)

asumsi hardisk nya ada isi nya

Initial label editor (enter ‘?’ for help at any prompt)
> p m

device: /dev/rwd0c
type: ESDI
disk: ESDI/IDE disk
label: WDC WD273BA
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 53464320
free sectors: 0
rpm: 3600

4 partitions:
# size offset fstype [fsize bsize cpg]
a: 80.2M 0.0M 4.2BSD 2048 16384 162
b: 300.2M 80.2M swap
c: 26105.6M 0.0M unused 0 0
d: 80.2M 380.5M 4.2BSD 2048 16384 164

Contoh disini ada 4 partisi
maka partisi akan dihapus
d a
d b
d d

buat partisi baru
> a a
offset: [63]
size: 2000 M —-> contoh saja misalkan 2 Gb
FS type: [4.2BSD]
mount point: [none] /

> a b
offset: [1310400]
size: 512 M —> contoh 512 mb
FS type: [swap]

> a d
offset: [3991680] Enter
size: 18 G –> misalkan 18 Gb
Rounding to nearest cylinder: 245952
FS type: [4.2BSD] Enter
mount point: [none] /cache —> sembarang boleh /var , /usr , dll lah

> p m
device: /dev/rwd0c
type: ESDI
disk: ESDI/IDE disk
label: ST320011A
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 39102336
free sectors: 22115520

4 partitions:
# size offset fstype [fsize bsize cpg]
a: 2 G 1498.7M 4.2BSD 2048 16384 16 # /
b: 512 M 1648.8M swap
c: 19092.9M 0.0M unused 0 0
d: 17 G 1949.1M 4.2BSD 2048 16384 16 # /cache

> q
Write new label?: [y] Enter

The root filesystem will be mounted on wd0a.
wd0b will be used for swap space.
Mount point for wd0a (size=2 G), none or done? [/] done

OpenBSD filesystems:
wd0a /
wd0b /swap
wd0d /cache

The next step *DESTROYS* all existing data on these partitions!
Are you really sure that you’re ready to proceed? [no] y

/dev/rwd0a: 307440 sectors in 305 cylinders of 16 tracks, 63 sectors
2 Gin 1 cyl groups (306 c/g, 150.61MB/g, 19328 i/g)
/dev/rwd0b: 245952 sectors in 244 cylinders of 16 tracks, 63 sectors
512 MB in 1 cyl groups (244 c/g, 120.09MB/g, 15360 i/g)
/dev/rwd0d: 164304 sectors in 163 cylinders of 16 tracks, 63 sectors
17 G in 1 cyl groups (164 c/g, 80.72MB/g, 10368 i/g)

Setting the system hostname

Enter system hostname (short form, e.g. ‘foo’): luckyy_man

Configure the network? [yes] Enter
Available interfaces are: fxp0.
Which one do you wish to initialize? (or ‘done’) [fxp0] Enter
Symbolic (host) name for fxp0? [luckyy_man] Enter
The default media for fxp0 is
media: Ethernet autoselect (100baseTX full-duplex)
Do you want to change the default media? [no] Enter
IP address for fxp0? (or ‘dhcp’) 199.185.137.55
Netmask? [255.255.255.0] Enter
Done – no available interfaces found.
DNS domain name? (e.g. ‘bar.com’) [my.domain] example.com
DNS nameserver? (IP address or ‘none’) [none] 199.185.137.1
Use the nameserver now? [yes] Enter
Default route? (IP address, ‘dhcp’ or ‘none’) 199.185.137.128
add net default: gateway 199.185.137.128
Edit hosts with ed? [no] Enter
Do you want to do any manual network configuration? [no] Enter

Password for root account? (will not echo) pAssWOrd
Password for root account? (again) pAssWOrd

Choosing installation media

You will now specify the location and names of the install sets you want to
load. You will be able to repeat this step until all of your sets have been
successfully loaded. If you are not sure what sets to install, refer to the
installation notes for details on the contents of each.

Sets can be located on a (m)ounted filesystem; a (c)drom, (d)isk or (t)ape
device; or a (f)tp, (n)fs or (h)ttp server.
Where are the install sets? c
Available CD-ROMs are: cd0.

Available CD-ROMs are: cd0.
Which one contains the install media? (or ‘done’) [cd0] Enter
Pathname to the sets? (or ‘done’) [3.7/i386] Enter

The following sets are available. Enter a filename, ‘all’ to select
all the sets, or ‘done’. You may de-select a set by prepending a ‘-’
to its name.

[X] bsd
[X] bsd.rd
[X ] bsd.mp
[X] base37.tgz
[X] etc37.tgz
[X] misc37.tgz
[X] comp37.tgz
[X] man37.tgz
[] game37.tgz
[ ] xbase37.tgz
[ ] xetc37.tgz
[ ] xshare37.tgz
[ ] xfont37.tgz
[ ] xserv37.tgz

File Name? (or ‘done’) [game37.tgz] done

File Name? (or ‘done’) [done] Enter
File Name? (or ‘done’) [done] Enter
Ready to install sets? [yes] Enter
Getting bsd …
100% |**************************************************| 5030 KB 00:08
Getting bsd.rd …
100% |**************************************************| 4478 KB 00:02
Getting bsd.mp …
100% |**************************************************| 5072 KB 00:03
Getting base37.tgz …
100% |**************************************************| 34337 KB 00:24
Getting etc37.tgz …
100% |**************************************************| 1636 KB 00:01
Getting misc37.tgz …
100% |**************************************************| 2222 KB 00:01
Getting comp37.tgz …
100% |**************************************************| 21606 KB 00:17
Getting man37.tgz …
100% |**************************************************| 7199 KB 00:05

Finishing up

Start sshd(8) by default? [yes] enter

Start ntpd(8) by default? [no] enter

Do you expect to run the X Window System? [yes] No (bila mau pakai YES]

Change the default console to com0? [no] Enter

Saving configuration files……done.
Generating initial host.random file ……done.
What timezone are you in? (‘?’ for list) [Canada/Mountain] ? Asia/Jakarta
Setting local timezone to ‘Asia/Jakarta’ …done.
Making all device nodes…done.
Installing boot block…
boot: /mnt/boot
proto: /usr/mdec/biosboot
device: /dev/rwd0c
/usr/mdec/biosboot: entry point 0
proto bootblock size 512
/mnt/boot is 3 blocks x 16384 bytes
fs block shift 2; part offset 63; inode block 24, offset 1704
using MBR partition 3: type 166 (0xa6) offset 63 (0x3f)
done.

CONGRATULATIONS! Your OpenBSD install has been successfully completed!
To boot the new system, enter halt at the command prompt. Once the
system has halted, reset the machine and boot from the disk.
# halt

sudah
sampe disini sudah jadi
bila masih kebingungan bisa melihat manual lagi

http://www.openbsd.org/faq/faq4.html

http://www.wbglinks.net/pages/openbsd/installation.html

Cara mudah membuat router atau gateway di OPENBSD

Sambungan dari install openbsd 3.7

Langkah pertama kita install bash
supaya gak repot, krn obsd ini benar2 gak ada packet nya

[root@luckyy_man]# pkg_add -v ftp://ftp.kd85.com/pub/OpenBSD/3.7/packages/i386/bash-3.0.16p0.tgz

setelah selesai

[root@luckyy_man]# chsh

edit menjadi spt ini

Shell: /usr/local/bin/bash

setelah itu save

supaya keren

[root@luckyy_man]# vi .bash_profile
PS1=”[u@h W]$ “

alias rm=’rm -i’
alias cp=’cp -i’
alias mv=’mv -i’
alias ll=’ls -l’

setelah itu save

kemudian reboot

OpenBSD nya udah bisa di TAB

selanjutnya
[root@luckyy_man]# cd /etc/
[root@luckyy_man etc]# ls | grep hostname
hostname.rl0
hostname.rl1

itu menggambarkan landcard nya, disini saya menggunakan Realtek

nah sekarang masuk di konfigurasi
sebaiknya sebelumnya baca di http://www.openbsd.org/faq/pf/
atau download pdf ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.pdf

edit di /etc/pf.conf (mau pake vi, ee, or pico sembarang)

vi /etc/pf.conf

ext_if=”rl0″ –> tergantung ethernet card nya
int_if=”rl1″ –> tergantung ethernet card nya

#scrub in
nat on $ext_if from $int_if=”rl1″:network to any -> ($ext_if)

setelah itu save

kemudian di test dahulu
[root@luckyy_man]# pfctl -f /etc/pf.conf
[root@luckyy_man]# pfctl -sn
nat on rl0 inet from 192.168.0.0/24 to any -> (rl0) round-robin

Bila muncul begini nat sudah berhasil

supaya bisa autorun pada waktu booting maka perlu di edit
di /etc/rc.conf.local

[root@luckyy_man]# vi /etc/rc.conf.local
sendmail_flags=NO
pf=YES
check_quotas=NO
ntpd=NO
named_flags=”"

setelah itu save

agar dpt forward maka edit /etc/sysctl.conf

[root@luckyy_man]# vi /etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets

kemudian reboot
nah openbsd anda sudah bisa jadi router

CARA MUDAH INSTALL SQUID di OPENBSD

hmm, emang gak terlalu susah kok install OPENBSD
begitu kata teman2

oke, ini CERPEN YG Keberapa ya ?? lupa

kl ini udah gak asing lagi sih bagi teman2

yg pasti harus download squid nya dulu (pake yg tar.gz aja biar gak repot)
utk lebih baik nya baca http://www.benzedrine.cx/transquid.html

[root@luckyy_man]# wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE11.tar.gz

[root@luckyy_man]# mkdir /usr/local/src –> sembarang mau di taruh mana ekstraknya squid
[root@luckyy_man]# tar zxfv squid-2.5.STABLE11.tar.gz -C /usr/local/src/

Cek dgn
[root@luckyy_man]# vipw
———————————-
nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin
user1:$2a$06$qaJOhO42.xicTJOIEygmPeMV//QWvE7bZJJLWtRBbxKctubbt2Iga:1000:1000:
:0:0:user1:/home/user1:/bin/sh
———————————–
Belum ada user squid –> sip kl gitu bisa lanjut
kl sudah ada di remove dulu

[root@luckyy_man]# cd /usr/local/src/squid-2.5.STABLE11
[root@luckyy_man]# ./configure –sysconfdir=/etc/squid
–enable-pf-transparent –enable-snmp –enable-ssl
–enable-removal-policies=lru,heap
–enable-default-languages=English
–enable-err-languages=English –enable-delay-pools
–enable–cache-digests –enable-poll
–disable-ident-lookups –disable-hostname-checks
–enable-storeio=diskd,ufs

hmm (bisa di modifikasi sesuka hati yg penting ada
–enable-pf-transparent —-enable-storeio=diskd,ufs ) kan sudah di kompile kernel
lanjut

[root@luckyy_man]# make –> {bukan make love loh }
[root@luckyy_man]# make install

terus langkah2 spt biasanya anda, terserah anda

terus edit di /etc/squid/squid.conf
[root@luckyy_man]# vi /etc/squid/squid.conf
————yg penting———————————-
cache_dir diskd /cache 11000 26 256 –> misalkan aja
cache_effective_user squid
cache_effective_group squid
httpd_accel_host virtual –> buat transparnet
httpd_accel_port 80 –> buat transparnet
httpd_accel_with_proxy on –> buat transparnet
httpd_accel_uses_host_header on –> buat transparnet
———————————————————

Buat Direktori cache

[root@luckyy_man]# /usr/local/squid/sbin/squid -z

supaya bisa booting autoamtic

tambahkan di /etc/rc.local

[root@luckyy_man]# vi /etc/rc.local
if [ -x /usr/local/squid/sbin/squid ]; then
echo -n ‘squid’; /usr/local/squid/sbin/squid -D
fi

Jalankan dengan

[root@luckyy_man]# /usr/local/squid/sbin/squid -D untuk START
[root@luckyy_man]# /usr/local/squid/sbin/squid -k shutdown Untuk STOP
[root@luckyy_man]# /usr/local/squid/sbin/squid -k reconfigure Untuk restart

Cek dengan
[root@luckyy_man]# tail -f /var/log/messages

Tambahkan redirect di /etc/pf.conf
[root@luckyy_man]# vi /etc/pf.conf
————————————-
ext_if=”rl0″ –> public
int_if=”rl1″ –> local

rdr on $int_if proto tcp from any to any port 80 -> 192.168.0.1 port 3128

ip 192.168.0.1 –> ip openbsd yg di install squid
port 3128 —> port yg dipakai di /etc/squid.conf

Kemudian save
terus
[root@luckyy_man]# pfctl -f /etc/pf.conf
[root@luckyy_man]# pfctl -sn
nat on rl0 inet from 192.168.0.0/24 to any -> (rl0) round-robin
rdr on rl1 inet proto tcp from any to any port = www -> 192.168.0.1 port 3128

test browsing anda
sudah jalan belum squid nya

bila belum jalan di tambahkan

[root@luckyy_man]# chgrp squid /dev/pf
[root@luckyy_man]# chmod g+rw /dev/pf

RAsakan Bedanya pake Diskd, semoga berhasil
Spesial Thanks to siapa saya yg udah bantu
Jangan Lupa join di #awali or ikut milling list www.awali.org

Cara Mudah Membuat Firewall Sederhana OPENBSD

Sebelum membuat firewall ini, sebaiknya membaca dulu di
ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.pdf (download komplit)
khusus

http://www.openbsd.org/faq/pf/example1.html

Firewall ini sederhana, cuman menutup port-port default yg terbuka (kl buka terus nanti masuk angin) supaya tidak mudah untuk disusupi

[root@luckyy_man]# vi /etc/pf_firewall.conf

ext_if = “rl0″ # —> Ethernet card
int_if = “rl1″

tcp_services = “{ 22, 53, 113 }”
icmp_types = “echoreq”

priv_nets = “{ 192.168.1.0/24, 192.168.0.0/24 }” # –> tergantung ip privat anda
ip_isp = “{202.xxx.xxx.xxx, 202.xxx.xxx.xxx }” #–> bukan Triple X loh

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)
nat on $ext_if from 192.168.0.0/24 to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 80 -> 192.168.1.1 port 3128

# filter rules
block all # Menutup semua port

pass quick on lo0 all

# provide unrestricted Internet access to internal computers
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

# allow the following incoming traffic to the firewall
pass in on $ext_if inet proto tcp from any to ($ext_if)
port $tcp_services flags S/SA keep state

#Agar ISP bisa Baca SNMP -mu
pass in quick on $ext_if proto udp from $ip_isp to port { 161, 162 }

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass in on $int_if from 192.168.0.0/24 to any keep state
pass out on $int_if from any to 192.168.0.0/24 keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

Save & exit

[root@luckyy_man]# pfctl -f /etc/pf_firewall.conf

Untuk mengecek apakah udah jalan gunakan nmap
tapi nmap dari ip public, jgn nmap dari localhost,
kl dari localhost maka tetap terlihat terbuka
Hasil Nmap dari Bos JALI (TCP)
(The 1647 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
69/tcp filtered tftp
113/tcp open auth
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
707/tcp filtered unknown
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
4444/tcp filtered krb524
5050/tcp filtered mmcc

hasil Nmap dari Bos Jali (UDP)
(The 1429 ports scanned but not shown below are in state: open|filtered)
PORT STATE SERVICE
37/udp closed time
59/udp closed priv-file
84/udp closed ctf
102/udp closed iso-tsap
108/udp closed snagas
121/udp closed erpc
187/udp closed aci
249/udp closed unknown
261/udp closed nsiiops
266/udp closed unknown
280/udp closed http-mgmt
299/udp closed unknown
320/udp closed unknown
352/udp closed dtag-ste-sb
423/udp closed opc-job-start
462/udp closed datasurfsrvsec
520/udp closed route
556/udp closed remotefs
573/udp closed banyan-vip
599/udp closed acp
608/udp closed sift-uft
660/udp closed mac-srvr-admin
675/udp closed unknown
687/udp closed unknown
700/udp closed unknown
714/udp closed unknown
773/udp closed notify
837/udp closed unknown
845/udp closed unknown
872/udp closed unknown
896/udp closed unknown
954/udp closed unknown
962/udp closed unknown
974/udp closed unknown
1083/udp closed ansoft-lm-1
1389/udp closed iclpv-dm
1435/udp closed ibm-cics
1438/udp closed eicon-server
1454/udp closed interhdl_elmd
1460/udp closed proshare2
1495/udp closed cvc
1499/udp closed fhc
1524/udp closed ingreslock
1541/udp closed rds2
2041/udp closed interbase
6146/udp closed lonewolf-lm
7004/udp closed afs3-kaserver
7006/udp closed afs3-errors
32779/udp closed sometimes-rpc22

ini firewall sederhana, akan meng close semua port termasuk port 80, saat ini belum tau caranya buka port http (soalnya gak pake web server) mungkin ada teman2 yg bisa bantu ??

Spesial Thnks to Bos JALI & Bos Soegemblung yg telah membantu dan mau direpoti agar SNMP bisa terbaca ISP
Hidup Bos JALI & Bos GEMBLUNG

Bagi teman2 yg punya ilmu yg mau di share silahkan masukan di www.awari.org
dan jgn lupa join di #awari –> Dalnet

Cara Mudah MengKompile KERNEL buat Optimasi SQUID

Sambungan dari Cara mudah Membuat Router

langkah pertama meng optimasi kernel nya dahulu

Tambahkan

[root@luckyy_man]# vi /etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
kern.maxfiles=8192
kern.maxclusters=16384

[root@luckyy_man]# ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 1048576
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 147026
max memory size (kbytes, -m) 439668
open files (-n) 128 –> ini yg di perbesar
pipe size (512 bytes, -p) 1
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 532
virtual memory (kbytes, -v) 1056768

terus edit di /etc/login.conf
——————————
default:
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:
:umask=022:
:datasize-max=256M:
:datasize-cur=75M:
:maxproc-max=128:
:maxproc-cur=64:
penfiles-cur=1024: —> yg di edit
:stacksize-cur=4M:
:localcipher=blowfish,6:
:ypcipher=old:
:tc=auth-defaults:
:tc=auth-ftp-defaults:

daemon:
:ignorenologin:
:datasize=infinity:
:maxproc=infinity:
penfiles-cur=1024: –> di edit juga
:stacksize-cur=8M:
:localcipher=blowfish,8:
:tc=default:

—————————————

kemudiaan save dan reboot

[root@luckyy_man]# ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 1048576
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 147026
max memory size (kbytes, -m) 439668
open files (-n) 1024 —> sudah berubah
pipe size (512 bytes, -p) 1
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 532
virtual memory (kbytes, -v) 1056768

langkah berikutnya adalah mendownload source kernel
- src.tar.gz
- sys.tar.gz

Misalkan menggunakan OpenBSD 3.7

jangan lupa di install Wget –> spt cara install bash

[root@luckyy_man]# wget ftp://ftp.kd85.com/pub/OpenBSD/3.7/src.tar.gz
[root@luckyy_man]# wget ftp://ftp.kd85.com/pub/OpenBSD/3.7/sys.tar.gz

kemudian
[root@luckyy_man]# tar zxfv src.tar.gz -C /usr/src
sambil menunggu proses chating di #indoopenbsd (agak lama ekstraknya)

[root@luckyy_man]# tar zxfv sys.tar.gz -C /usr/src

terus

[root@luckyy_man]# cd /usr/src/sys/arch/i386/conf/
[root@luckyy_man]# vi GENERIC –> (bukan obat GENERIC )

——–tambahkan————-
option MSGMNB=16384
option MSGMNI=40
option MSGSEG=2048
option MSGSSZ=64
option MSGTQL=1024
——————————

[root@luckyy_man]# /usr/sbin/config GENERIC
[root@luckyy_man]# cd /usr/src/sys/arch/i386/compile/GENERIC/
[root@luckyy_man]# make clean
[root@luckyy_man]# make depend
[root@luckyy_man]# make

(menggunakan athlon 1900 ram 512 mb, cuman 10 menit)

GANTi KERNEL

[root@luckyy_man]# cd /usr/src/sys/arch/i386/compile/GENERIC/
[root@luckyy_man]# cp /bsd /bsd.old
[root@luckyy_man]# cp bsd /bsd —> ketik yes

[root@luckyy_man]# reboot

abis booting

[root@luckyy_man]# uname -a
OpenBSD luckyy_man.com 3.7 GENERIC#0 i386

Spesial Thanks To : CANAXIS, Lotnos, SigSeg (#indoopenbsd)
Yg sudah memberi Petunjuk buat OPTIMASI KERNEL

SUDAH JADI

Untuk server warnet:

Edit :
vi /etc/sysctl.conf
net.inet.ip.forwarding=1

vi /etc/pf.conf
eth0 = “fxp0″
eth1 = “fxp1″

vi /etc/rc.conf.local
sendmail_flags=NO
pf=YES
check_quotas=NO
ntpd=NO
named_flags=”"

Do command :
nat on $eth0 from $eth1 to any -> ($eth0)

83.170.72.153 login ro pler123

http://www.wbglinks.net/pages/openbsd/cvsup.html

sudo pfctl -e -f /etc/pf.conf

http://www.0xdeadbeef.info/conf/pf.conf.35

———————————-
Thanks buat luckyy_man untuk artikelnya dan awali.org sebagai media nya.. semoga maju trus..