Konfigurasi Linux Debian Penting

KONFIGURASI YANG DI TULIS
CONFIGURATION ROUTER AND SERVER

spesifikasi:
OS BY : Debian lenny 5.00
EDITING FILE BY : Nano
1.ROUTER
1.edit interfaces from directory /etc/network

auto eth0
iface eth0 inet static
address 172.16.5.2
netmask 255.255.255.240
network 172.168.3.0
broadcast 192.168.11.240
auto eth1
address 192.168.11.71
netmask 255.255.255.0
network 172.168.11.0
broadcast 192.168.11.255
# dns-* options are implemented by the resolvconf package, if installed

dns-nameservers 192.168.11.2
dns-search sch.id
up route add -net 192.168.11.2 netmask 255.255.255.240 gw 192.168.11.1

up echo 1 > /proc/sys/net/ipv4/ip_forward
2.edit sysctl from directory /etc ---------> perintahnya nano /etc/sysctl

Hapus lambang # pada command line net.ipv4.tcp_syncookies=1
3.edit rc.local from directory /etc for MASQUERADE iptables and setting firewall in router
---------> perintahnya nano /etc/rc.local
# Enable IP Forward
#—————————————————————
echo “1? > /proc/sys/net/ipv4/ip_forward
#—————————————————————
# Module kernel for Connection Tracking NAT FTP
#—————————————————————
modprobe ip_nat_ftp
#—————————————————————
# Flush all rules
#—————————————————————
/sbin/iptables -F
/sbin/iptables -t nat -F
#—————————————————————
# NAT
#—————————————————————
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#—————————————————————
# Default policy “Block ALL”
#—————————————————————
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
#—————————————————————
# The loopback interface should accept all traffic
#—————————————————————
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#—————————————————————
# INPUT (Protect Our Router from Outside)
#—————————————————————
/sbin/iptables -I INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp –dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp –dport 161:162 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
#—————————————————————
# FORWARD (Allowed specific port services on outside)
#—————————————————————
/sbin/iptables -I FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 20:21 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –dport 22 -j ACCEPT
/sbin/iptables -A FORWARD -p udp –dport 53 -j ACCEPT
/sbin/iptables -A FORWARD -p udp –dport 67 -j ACCEPT
/sbin/iptables -A FORWARD -p icmp -j ACCEPT
#—————————————————————
# OUTPUT (Allowed specific access from Our Router to Outside)
#—————————————————————
/sbin/iptables -I OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp –dport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp –dport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

exit 0
4. restart network interfaces configuration with command /etc/init.d/networking restart
5. DHCP configuration
* install dhcp3 with command #apt-get install dhcp3-server
* edit file filter from directory /etc/network
change
ip_subnet=192.16.3.3/29
* type command line to root #chmod 0775 /etc/network/filter
* edit file dhcpd.conf from directory /etc/dhcp3
change
subnet 192.168.1.0
netmask 255.255.255.0 {
range 192.168.1.1 192.168.1.50;
option domain-name "smkn1.co.id";
deny unknown-clients;
}
* restart service dhcp with command line #/etc/init.d/dhcp3-server restart
2. SERVER
1.network configuration
* edit interfaces from directory /etc/networking
auto eth0
address 192.168.11.71
netmask 255.255.255.0
network 172.168.11.0
broadcast 192.168.11.255
# dns-* options are implemented by the resolvconf package, if installed

dns-nameservers 192.168.11.2
dns-search sch.id
2. DNS configuration
* install bind9 with command #apt-get install bind9

* edit file db to directory /etc/bind
change @ IN SOA smkn1.co.id. root.smkn1.co.id. (
add @ IN NS smkn1.co.id.
add www IN PTR 192.168.11.71.
* create file db smkn1.co.id to directory /etc/bind

change @ IN SOA smkn1.co.id. root.smkn1.co.id. (
add
@ IN NS smkn1.co.id.
@ IN A 192.168.11.71
@ IN AAAA ::1
www IN A 192.168.11.71
192.168.11.71 IN PTR NS1
mail IN CNAME NS1

pop IN CNAME NS1
smtp IN CNAME NS1
imap IN CNAME NS1
* edit file named.conf to directory /etc/bind

change
zone "192.168.11.in-addr.arpa" {
type master;
file "/etc/bind/db.192"; };
zone "www.smkn1.co.id" {
type master;
file "/etc/bind/db.smkn1.co.id"; };
* edit file named.conf.local to directory /etc/bind
zone "smkn1.co.id" {
type master;
file "/etc/bind/db.smkn1.co.id";
};
zone "11.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};
* edit file resolv.conf to directory /etc

change
search smkn1.co.id
nameserver 127.0.0.1
nameserver 192.168.11.71
* restart bind9 with command /etc/init.d/bind9 restart
* test with ping www.smkn1.co.id
3. HTTP WEB SERVER configuration
* install apache2 with command line #apt-get install apache2

* edit file index.html from directory var/www
tulis perintah untuk menampilkan
SELAMAT DATANG DI LKS DST.....
* open browser type address www.smkn1.co.id
4. SQUID, PROXY, IPTABLES and BlOCK WEBSITE
* install squid with command #apt-get install squid

* stop squid service with command #/etc/init.d/squid stop
* edit squid.conf from directory /etc/squid/
change
acl smkn1 src 192.168.0.0/24
http_access allow smkn1.co.id
icp_access allow smkn1
acl porn url_regex /usr/local/squid/etc/porn.txt
http_access deny porn all
cache_mgr adhox@masterweb.com
visible_hostname smkn1.co.id
* create folder proxy1 with command #mkdir /home/proxy
* give permission folder chace Proxy with command #chown -R proxy.proxy /home/proxy
* create folder swap with command #squid -f /etc/squid/squid.conf -z
* create file blokir website to directory /usr/local/squid/etc/blokir.txt
fill with
www
www
www
www
www
* restart squid with #/etc/init.d/squid restart
* create rule iptables with command
# iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
# iptables -t nat -I PREROUTING -i eth0 -p udp -m udp --dport 80 -j REDIRECT --to-ports 3128
**** ubah Ke bahasa ingriss****
5.MAIL Server
Setting Mail Server dan WebMail Debian Lanny
Posted by Ant_Ok | | 0 komentar
1. pertama kita instal dulu postfix

apt-get install postfix
2. pilih internet site lalu masukkan nama domain anda
3. lalu buka file main.cf yang berada di directory postfix
nano /etc/postfix/main.cf
4. tambahkan script berikut
mydomain = coba.com (nama domain anda
home_mailbox = Maildir/
inet_interfaces = all
#mailbox_command = procmail -a "$EXTENSION"
5. lalu simpan konfigurasi dan restart postfix
/etc/init.d/postfix restart
6. lalu install courier

apt-get install courier-imap courier-pop
7. lalu install php5
apt-get install php5
8. selanjutnya install mysql server dan squirrelmail
apt-get install mysql-server squirrelmail
9. setelah itu masuk ke /etc/squirrelamil/conf.pl
/etc/squirrelmail/conf.pl
10. pilih 1 Server Configuration lalu pilih 2 masukkan nama domain anda
11. lalu pilih update imap setting isikan mail.nama_domain.com seperti yang sudah di bahas pada konfigurasi dns
server
12. lalu pilih update smtp setting masukkan seperti pada langkah no 11
13. tekan s untuk save lalu tekan q untuk quit
14. setelah masuk ke directory /etc/skel
cd /etc/skel
15. untuk membuat directory mailbox pada tiap user kita harus membuat directory mailboxnya
maildirmake Maildir
16. setelah itu buatlah user untuk mail server anda dengan perintah
adduser nama_user
17. masukkan password untuk user anda dan semua keterangan yang diperlukan
18. buatlah dua user
19. setelah itu masuklah ke protokol pop untuk mengirim pesan
telnet localhost 25
20. ketikkan perintah di bawah ini
ehlo test {enter}
mail from: nama_user@coba.com {enter}
rcpt to: nama_user@coba.com {enter}
data {enter}
subject: isikan subject untuk pesan anda
tes mail < ini adalah pesan anda
tekan titik (.)
quit
21. untuk mengecek email yang kita kirim masuk ke protokol smtp
telnet localhost 110
user nama_user_penerima
pass pasword_user
retr 1
bila muncul pesan anda tadi maka mail server telah berhasil bila ada pesan error restart komputer anda
22. selanjutnya masuk ke /etc/squirrelmail/apache.conf
cd /etc/squirrellmail/apache.conf
23. konfigurasikan untuk membuat virtual host
documentroot /usr/share/squirrelmail
servername mail.nama_domain.com
24. masuk ke file /etc/apache/httpd.conf

cd /etc/apache/httpd.conf
25. carilah pada baris paling terakhir cari script berikut
documentroot /var/www/
servername www.nama_domain.com
26. restart apache anda

/etc/init.d/apache restart
27. bukalah webbrowser ketikkan alamat webmail yang tadi anda buat
28. loginlah dan cobalah untuk kirim dan terima pesan
29. jika ada kesalahan tolong di benarkan dan saya moho
6. FTP SERVER
1. install paket vsftpd

perintahnya #apt-get install vsftpd
2. Edit file vsftpd.conf di folder /etc
Isi dengan
listen=YES
anonymous_enable=YES
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
user_config_dir=/etc/vsftpd_user
anon_root=/home/ftp
3. Edit file vsftpd.chroot_list ke folder /etc
Isi dengan
4. buat folder vsftpd_user pada direktory /etc

perintanya #mkdir /etc/vsftpd_user
5. edit pada direktori /etc/vsftpd_user/uploader
Isinya
listen=YES
anonymous_enable=YES
local_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftp
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=ftp
banner_file=/etc/vsftpd.banner
message_file=welcome.msg
deny_email_enable=YES
banned_email_file=/etc/vsftpd.banned_emails
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
tcp_wrappers=YES
user_config_dir=/etc/vsftpd_user
write_enable=YES
max_clients=50
max_per_ip=5
6.tambah user uploader
perintahnya #adduser uploader
jawab pertanyaan2 yang diajukan
7.cari dan Rubah home directory user tersebut dengan edit file /etc/passwd
# nano /etc/passwd atau buka file etc/passwd dari winspc

cari baris yang ada tulisan uploader, ubah bagian /home/uploader menjadi /home/ftp
misal :
uploader:x:1003:1003:,,,:/home/uploader:/bin/bash
maka dirubah menjadi :
uploader:x:1003:1003:,,,:/home/ftp:/bin/bash

Konfigurasi Linux Debian Penting

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Konfigurasi Linux Debian Penting

Загружено:

Авторское право:

Доступные форматы

KONFIGURASI YANG DI TULIS

CONFIGURATION ROUTER AND SERVER

1.edit interfaces from directory /etc/network

# dns-* options are implemented by the resolvconf package, if installed

up route add -net 192.168.11.2 netmask 255.255.255.240 gw 192.168.11.1

2.edit sysctl from directory /etc ---------> perintahnya nano /etc/sysctl

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

4. restart network interfaces configuration with command /etc/init.d/networking restart

# dns-* options are implemented by the resolvconf package, if installed

* install bind9 with command #apt-get install bind9

* create file db smkn1.co.id to directory /etc/bind

mail IN CNAME NS1

* edit file named.conf to directory /etc/bind

* edit file resolv.conf to directory /etc

* restart bind9 with command /etc/init.d/bind9 restart

* test with ping www.smkn1.co.id

3. HTTP WEB SERVER configuration

* install apache2 with command line #apt-get install apache2

4. SQUID, PROXY, IPTABLES and BlOCK WEBSITE

* install squid with command #apt-get install squid

Setting Mail Server dan WebMail Debian Lanny

Posted by Ant_Ok | | 0 komentar

1. pertama kita instal dulu postfix

6. lalu install courier

24. masuk ke file /etc/apache/httpd.conf

26. restart apache anda

1. install paket vsftpd

4. buat folder vsftpd_user pada direktory /etc

# nano /etc/passwd atau buka file etc/passwd dari winspc

Вам также может понравиться