Sedikit Tentang iptables di Linux

Linux menggunakan IPTABLES sebagai firewall-nya, sedikit tentang
konfigurasi IPTABLES :
iptables memiliki 3 tabel firewall yaitu, tabel INPUT ( tabel filter untuk paket yang
berasal dari luar ), OUTPUT ( sebaliknya dari tabel INPUT), FORWARD ( tabel filter un
tuk paket yang akan di forward ke luar atau kedalam firewall ) CMIIW :)
Asumsikan kita ada 2 komputer, komputer A dengan ip 192.168.100.3 /24, dan komputer B dengan ip 192.168.100.8 /24.

Komputer A



Komputer B

Jika kita ingin komputer A men-drop semua paket dari luar :

redarix:/ # iptables -P INPUT DROP



Kita coba ping dari komputer B ( 192.168.100.8 /24), hasilnya akan didrop oleh komputer A.


Jika paket yg diinginkan oleh komputer A hanya icmp dari komputer B :

redarix:/ # iptables -A INPUT -p icmp -s 192.168.100.8 -j ACCEPT


*ket: perintah diatas menambahkan policy pada tabel INPUT, protocol icmp yang bersumber dari ip 192.168.100.2, maka paket icmp tersebut akan diterima.

Kita coba ping ke komputer A, maka paket icmp akan diterima.


Jika komputer A hanya ingin membuka port 22 untuk komputer B :

redarix:/ # iptables -A INPUT -p tcp -s 192.168.100.8 --dport 22 -j ACCEPT



Kita coba test ssh gunakan telnet di windows.

c:\>telnet 192.168.100.3 22

Jika hasilnya seperti gambar dibawah maka port 22 sudah dibuka oleh komputer A

Running fsck after reboot

Pernah jalankan chkdsk [nama-drive] /F di windows!, itu akan check harddisk di windows setelah restart. Tapi kalau di linux, anda bisa jalankan perintah ini.

redarix:/home/syahal # shutdown -rF now

ket : r = reboot after shutdown
F= Force fsck on reboot

Perintah itu akan check disk anda setelah reboot dari linux.

File Server di Linux openSUSE dengan Samba Server

1. Asumsi, sudah terdapat samba server di linux.

2. Oke, kita buat skenario-nya :
Kita buat Ada 3 Departement :

• hrd
• marketing
• operation
  

user dari 'hrd' adalah danie ( akses-nya read + write )
user dari 'marketing' adalah ragil ( akses-nya read + write )
user dari 'operation' adalah pry ( akses-nya read + write )
masing - masing user bekerja pada direktori mereka masing - masing, kecuali user 'mursani' yang,bisa mengakses semua direktori mereka.
* Sorry guys, nama kalian digunakan tanpa permisi :)


3. Buat masing - masing folder. Khusus untuk folder public, folder tersebut bisa siapa saja bisa read + write oleh siapa saja :

redarix:/DATA/ # mkdir -p shared/{hrd,marketing,operation,public}

Setelah kita buat, maka akan terbuat struktur direktori-nya :

shared :

• hrd
• marketing
• operation
• public
  

4. Lalu kita buat user tanpa shell, dan buat group :

redarix:/DATA/ # useradd -s /sbin/nologin hrd
redarix:/DATA/ # useradd -s /sbin/nologin marketing
redarix:/DATA/ # useradd -s /sbin/nologin operation


kita buat group hrd, marketing, operation :

redarix:/DATA/ # groupadd hrd
redarix:/DATA/ # groupadd marketing
redarix:/DATA/ # groupadd operation

kita masukan user danie, ragil, pry, mursani ke dalam group masing - masing, khusus untuk user mursani, user tersebut masuk kedalam semua group :

redarix:/DATA/ # useradd -s /sbin/nologin -G hrd danie
redarix:/DATA/ # useradd -s /sbin/nologin -G marketing ragil
redarix:/DATA/ # useradd -s /sbin/nologin -G operation pry
redarix:/DATA/ # useradd -s /sbin/nologin -G hrd,marketing,operation mursani


5. Lalu kita buat ownership dari folder 'hrd','marketing','operation','public' :

redarix:/DATA/ # chown hrd.hrd hrd/ && chmod 770 hrd/ && marketing.marketing marketing/ && chmod 770 marketing && chown operation.operation operation/&& chmod 770 operation && chmod 777 public/


6. Kita buat password untuk masing-masing user :

redarix:/DATA/ # smbpasswd -a danie
redarix:/DATA/ # smbpasswd -a ragil
redarix:/DATA/ # smbpasswd -a pry
redarix:/DATA/ # smbpasswd -a mursani

7. Kemudian kita edit konfigurasi dari /etc/samba/smb.conf gunakan text editor favoritanda, saya sendiri
lebih prefer menggunakan vi editor :)
isi dari smb.conf sebagai berikut :


# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2009-10-27
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 65
preferred master = Yes
security = user

# context dari [global] diatas sudah di-generate otomatis dari Yast ( jika anda menggunakan
# openSUSE sebagai file server ) Untuk variabel "security", kita tambahkan nilai "user" agar
# file server yang diakses akan meminta username dan password.

[public]
browseable = Yes
comment = public's docs
guest ok = Yes
inherit acls = Yes
path = /DATA/shared/public
read only = No


[hrd]
writeable = Yes
browseable = Yes
comment = hrd's docs
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
path = /DATA/shared/hrd

[marketing]
writeable = Yes
browseable = Yes
comment = hrd's docs
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
path = /DATA/shared/marketing

[operation]
writeable = Yes
browseable = Yes
comment = hrd's docs
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
path = /DATA/samba/operation

8. Simpan konfigurasi dari /etc/samba/smb.conf, lalu jalankan service samba :

redarix:/DATA/samba # /etc/init.d/smb start


9. Terakhir, kita coba hasil dari setup file server yang kita buat :

• dari linux : - coba ketik dibawah ini di konqueror.

smb://192.168.100.1 ( selain IP, bisa menggunakan computer name )

• dari windows : - bisa langsung masuk ke "My Network Places".

10. Selesai, simple :)

Remote SSH Tanpa Password

Bosan remote ssh ke komputer lain selalu ditanya password, mungkin ini bisa jadi solusi.

1. Anda generate public/private rsa user anda terlebih dahulu menggunakan ssh-keygen.

syahal@redarix:~> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/syahal/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/syahal/.ssh/id_rsa.
Your public key has been saved in /home/syahal/.ssh/id_rsa.pub.
The key fingerprint is:
bb:da:dd:f6:f7:04:59:1b:d8:90:bd:57:5f:2e:0b:b0 syahal@redarix

2. Masuk ke direktori /home/syahal/.ssh/ Rename nama file id_rsa.pub menjadi authorized_keys.

syahal@redarix:~/.ssh> mv -v id_rsa.pub authorized_keys
`id_rsa.pub' -> `authorized_keys'

3. Gunakan scp untuk copy file authorized_keys anda ke komputer yang dituju ( dalam hal ini komputer dengan
IP 192.168.100.10 dengan user root ). dan tujuan copy-nya ke /root/.ssh/.

syahal@redarix:~/.ssh> scp authorized_keys root@192.168.100.10:/root/.ssh/
Password:
authorized_keys 100% 396 0.4KB/s 00:00

4. Terakhir, anda bisa coba dari komputer anda ( dalam hal ini komputer saya dengan IP 192.168.100.6 ) ke komputer yang anda ingin remote ( komputer dengan IP 192.168.100.10 ).

syahal@redarix:~/.ssh> ssh root@192.168.100.10
Last login: Wed Aug 12 23:25:24 UTC 2009 from 192.168.100.6 on ssh
Last login: Wed Aug 12 23:25:32 2009 from 192.168.100.6

root@sysresccd /root %

Dijamin anda tidak akan diminta password.

Rename volume label ext3 dan FAT32 di Linux

Di Linux, jika anda ingin memberi nama label pada partisi ext3 dan FAT32 anda bisa menggunakan program tune2fs (untuk file system ext3 ) dan mlabel ( untuk file system FAT32 ).

Untuk tune2fs, gunakan perintah dibawah ini :

redarix:/home/syahal # tune2fs -L SYAHAL /dev/sdb1

SYAHAL = volume label

Untuk FAT32, gunakan mlabel:

redarix:/home/syahal/ # mlabel -i /dev/sdb5 ::REDARIX

REDARIX = volume label

VirtualBox-2.2.2 on openSUSE 11.1 ( Host ) : Windows XP ( Guest ) get stuck on 4 Bit Color in fullscreen condition

If u have trouble with VirtualBox-2.2.2 on openSUSE 11.1 ( Host ) that Windows XP ( Guest ) get stuck on 4 Bit Color in fullscreen condition.
This is the workaround :

1. Use VBoxManage, with parameter setextradata :
syahal@redarix:~> VBoxManage setextradata global GUI/MaxGuestResolution 800,600

2. Running VirtualBox with fullscreen.

3. Damn..!!!, it’s works…. hehehe..

USB on VirtualBox non OSE openSUSE 11.0

1. Check your group id, use this command
syahal@redarix:/> id
uid=1000(syahal) gid=100(users) groups=16(dialout),109(vboxusers),33(video),100(users)

2. Add this line in /etc/fstab :
none /proc/bus/usb usbfs devgid=109,devmode=664 0 0

3. Login as root, mount all point in /etc/fstab :
redarix:/ # mount -a

4. Running VirtualBox, and mount your USB device from VirtualBox.
5. Finish.

Koneksi Internet Dengan Bluetooth Sony Ericsson K630i di openSUSE 11.0

1.Pairing bluetooth HP anda terlebih dahulu.
2.Gunakan tool ’sdptool’ untuk mendapatkan informasi address bluetooth hp.

syahal@redarix:~> sdptool search dun
Inquiring …
Searching for dun on 00:1F:E4:4E:41:A7 …
Service Name: Dial-up Networking
Service RecHandle: 0x2008003
Service Class ID List:
"Dialup Networking" (0x1103)
"Generic Networking" (0x1201)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Profile Descriptor List:
"Dialup Networking" (0x1103)
Version: 0x0101

3. Masuk sebagai root, kemudian konfigurasi file /etc/bluetooth/rfcomm.conf:
isi dari file rfcomm.conf.

rfcomm0 {
# Automatically bind the device at startup
bind yes;

# Bluetooth address of the device
device 00:1F:E4:4E:41:A7;

# RFCOMM channel for the connection ( ikuti channel 1, berdasarkan hasil dari ’sdptool’ )
channel 1;

# Description of the connection
comment "SE K630i";
}

4. Binding address bluetooth hp ke device /dev/rfcomm0, gunakan perintah ini :

redarix:/home/syahal # rfcomm bind 0 00:1F:E4:4E:41:A7

5. Periksa hasil binding device :

redarix:/home/syahal # ls -l /dev/rfcomm0
crw-rw—- 1 root root 216, 0 2009-03-28 09:32 /dev/rfcomm0

6. Gunakan wvdial untuk dial ke internet. konfigurasi /etc/wvdial.conf

[Dialer K630i]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Init3 = AT+CGDCONT=1,"IP","indosatm2"
Modem = /dev/rfcomm0
Phone = *99#
Username = UsernameAnda
Password = PasswordAnda
Stupid Mode = 1
Dial Command = ATDT
Auto DNS = 1

Simpan, untuk "indosatm2", gunakan acess point provider anda.

7. Siap untuk dial ke internet:

redarix:~ # wvdial K630i
–> WvDial: Internet dialer version 1.60
–> Cannot get information for serial port.
–> Initializing modem.
–> Sending: ATZ
ATZ
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Sending: AT+CGDCONT=1,"IP","indosatm2"
AT+CGDCONT=1,"IP","indosatm2"
OK
–> Modem initialized.
–> Idle Seconds = 300, disabling automatic reconnect.
–> Sending: ATDT*99#
–> Waiting for carrier.
ATDT*99#
CONNECT
~[7f]}#@!}!}!} }9}#}%B#}%}(}"}’}"}"}&} } } } }%}&UA; L}-~
–> Carrier detected. Starting PPP immediately.
–> Starting pppd at Sat Mar 28 09:55:00 2009
–> Pid of pppd: 13261
–> Using interface ppp0
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> local IP address 114.58.63.98
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> remote IP address 10.64.64.64
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> primary DNS address 202.155.0.10
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> secondary DNS address 202.155.0.15
–> pppd: p�[06][08]��[06][08]@�[06][08]
–> Script /etc/ppp/ip-up run successful
–> Default route Ok.
–> Nameserver (DNS) Ok.

8. Selesai.

How to transfer files from pc to cellphone using bluetooth via console.

1. Make sure that you’ve installed :
- bluez, bluez-hcidump, bluez3-test, bluez3-utils.

2. Scan your bluetooth’s cellphone
syahal@redarix:~> hcitool scan
Scanning …
00:1F:E4:4E:41:A7 RedK630i

Then, you can get mac address and name of your cellphone.

3. Login as root, and use ‘l2ping‘ to make sure that your cellphone get connected to your pc.
And get reply from your cellphone

redarix:/home/syahal # l2ping 00:1F:E4:4E:41:A7
Ping: 00:1F:E4:4E:41:A7 from 00:10:60:A8:C9:4D (data size 44) …
44 bytes from 00:1F:E4:4E:41:A7 id 0 time 27.37ms
44 bytes from 00:1F:E4:4E:41:A7 id 1 time 43.81ms
44 bytes from 00:1F:E4:4E:41:A7 id 2 time 37.88ms
44 bytes from 00:1F:E4:4E:41:A7 id 3 time 40.85ms

4. Scan your cellphone memory.

redarix:/home/syahal # obexftp -l 00:1F:E4:4E:41:A7
Scanning for (null) …
Found: 00:1F:E4:4E:41:A7
Browsing 00:1F:E4:4E:41:A7 …
Connecting…done
Receiving "00:1F:E4:4E:41:A7"…
done
Disconnecting…done

Thereis two memmory on your cellphone ( ‘Phone memory‘ and ‘Memory card‘ ).

5. Use obexftp to get path listing of your directory cellphone.

redarix:/home/syahal # obexftp -l 00:1F:E4:4E:41:A7 "Memory card"/Music/
Scanning for (null) …
Found: 00:1F:E4:4E:41:A7
Browsing 00:1F:E4:4E:41:A7 …
Connecting…done
Receiving "00:1F:E4:4E:41:A7"…
done
Receiving "Memory card/Music/"… Sending "Memory card"… Sending "Music"… done

6. Now, we try to put file mp3 from pc to your cellphone. Use this command :
Scanning for (null) …
Found: 00:1F:E4:4E:41:A7
Browsing 00:1F:E4:4E:41:A7 …
Connecting…done
Sending "Matchbox Twenty - Cold.mp3"…/done
Sending "00:1F:E4:4E:41:A7"… failed: 00:1F:E4:4E:41:A7
Sending "Memory card/Music/"… failed: Memory card/Music/
Disconnecting…done

7. That’s All.

NFS Server Repository

Server ( example : 192.168.100.1 )
1. redserver:~ # zypper in nfs-kernel-server yast2-nfs-server
2. yast > Network Services > NFS Server.
3. Choose Start (starting nfs service) and Open Port in Firewall, Next.
4. Add Directories to export.
5. Finish.
6. redserver:~ # cat /etc/exports
/opt/iso *(ro,root_squash,sync,no_subtree_check)

*Note :
- /opt/iso Directory.
- * Host or you can put with ip number.
- ro read only.
- root_squash root user on the client does not have full root privileges over the files on
the mounted share.
- sync sync means that the NFS server waits for local disk writes to complete, thus
minimizing the risk of data corruption if the server suddenly fails.
- no_subtree_check if only part of a volume is exported, a routine called subtree checking verifies that
a file that is requested from the client is in the appropriate part of the volume. If
the entire volume is exported, disabling this check will speed up transfers.

Client ( example : 192.168.100.6 )
1. Make sure portmap service is running
redarix:/home/syahal # rcportmap start
2. Show nfs server shared from 192.168.100.1 :
redarix:/home/syahal # showmount -e 192.168.100.1
Export list for 192.168.100.1:
/opt/iso *
3. Mounting nfs server 192.168.100.1
redarix:/home/syahal # mount -t nfs 192.168.100.1:/opt/iso/ /mnt/
4. Show mounting result.
redarix:/home/syahal # df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda5 ext3 7.9G 5.3G 2.3G 71% /
udev tmpfs 501M 176K 501M 1% /dev
/dev/sda7 ext3 46G 40G 3.9G 92% /data
/data/download/jakarta_map/Megapolitan.iso
iso9660 207M 207M 0 100% /data/program_files/jakarta
192.168.100.1:/opt/iso/
nfs 9.4G 8.0G 994M 90% /mnt
5. Try configure repository from yast
Yast > Softaware > Software Repositories > Add > NFS
Repository Name : update
Server Name : 192.168.100.1
Path to Directory or ISO Image : /opt/iso
Next.
6. Finish.

Setup wifi Acer 4720Z

1. redarix:~ # lspci
05:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (rev 02)
2. Download firmwire broadcom wireless
redarix:~ # /usr/sbin/install_bcm43xx_firmware
3. Try configure your wireless in yast.
4. Finish.

Install driver modem conexant chipset modem usb prolink 1456.

1. Install gcc, kernel-source, make.

• redarix:~ # zypper in gcc kernel-source make

2. Download driver modem conexant chipset modem usb untuk prolink 1456 disini
3. Exctract driver.

• redarix:~ # tar -xzf dgcmodem-{version}.tar.gz

4. Jalankan "make install" di folder dgcmodem-{version}

• redarix:~ # make install
  

5. Setelah selesai compile.
6. Jalankan "dgcconfig"

• redarix:~ # dgcconfig

7. buat koneksi internet melalui yast, gunakan device /dev/modem
yast > Network Devices > Modem.
8. Selesai.

Install widget Easy Monitor di SuperKaramba.

1. Paket karamba ada di DVD openSUSE 11.0 include dengan kdeutils3-extra. Install karamba

• redarix:~ # zypper in kdeutils3-extra

2. Jalankan karamba ada di gecko > Utilities > Desktop > SuperKaramba
3. Download Easy Monitor ada disini

How to set password on grub

1. Login as root.
   redarix:~ # grub-md5-crypt
   Password:
   Retype password:
   $1$zrqqv$smtnY9hrvn7WvFunfSPkR0
2. Use your favorite editor to edit /boot/grub/menu.lst and add the md5 password result to the menu.lst.
   redarix:~ # vi /boot/grub/menu.lst
   
   title openSUSE 11.0 - 2.6.25.20-0.1
   root (hd0,0)
   password --md5 $1$zrqqv$smtnY9hrvn7WvFunfSPkR0
   kernel /boot/vmlinuz-2.6.25.20-0.1-pae root=/dev/disk/by-id/scsi-SATA_MAXTOR_STM38021_6RW1G08R-part1 resume=/dev/sda5 splash=silent showopts
   initrd /boot/initrd-2.6.25.20-0.1-pae
3. Reboot your OS.
4. Finish.
   

Step-by-step install VirtualBoxGuestAdditions on VirtualBox-2.0.6_39765_openSUSE11-1 openSUSE 11.0

1. Download VBoxGuestAdditions.iso.
2. Running your VirtualBox openSUSE 11.0 and mount VBoxGuestAdditions.iso
3. Mount result will be placed on /media/VBOXADDITIONS_2.0.6_39755 ( depend on your VBoxGuestAdditions version )
4. Firstly, you have to install gcc, kernel-source, kernel-syms.
5. Running installer of VBoxGuestAdditions on in /media/VBOXADDITIONS_2.0.6_39755/VBoxLinuxAdditions-x86.run
6. After finished, you have to restart your virtualbox Operating System...
7. Now, you can access VBoxGuestAdditions menu on VirtualBox...

VPN Client Klik BCA di openSUSE 10.3

1. Copy profile (.pcf) dari windows, paste di /etc/opt/cisco-vpnclient/Profiles/
2. edit sudoers, agar user lain bisa menjalankan vpnclient tanpa password.
vi /etc/sudoers

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
%users ALL = (ALL) NOPASSWD:/usr/local/bin/vpnclient

3. Buat Script connect vpn
vi vpnclient_connect

#!/bin/bash
sudo /usr/local/bin/vpnclient connect "KlikBCA Bisnis"

4. Simpan, taruh file di /usr/local/bin/vpnclient_connect
5. Buat Script disconnect vpn

vi vpnclient_disconnect

#!/bin/bash
sudo /usr/local/bin/vpnclient disconnect
echo ""
echo "Press ENTER to continue"
read

6.Masuk ke /usr/local/bin/
jalankan vpnclient_connect
syahal@redarix:~>./vpnclient_connect

7. Untuk disconnect vpnclient_disconnect.
jalankan vpnclient_disconnect
syahal@redarix:~>./vpnclient_disconnect

8. Selesai.

Network Host Interface on VirtualBox-2.0.6 via openSUSE 11.0 yast

1. Make sure that you have installed bridge-utils :
#zypper in bridge-utils
2. create your ifcfg-br0 with yast2..
1) yast2 > Network Devices > Network Settings >
2) Click Add > Device Type=Network Bridge > Next
3) Click Edit(Network Bridge)
4) Set DHCP > Bridge Devices=eth0
5) Click General > Activate device=At Boot Time > Enable Device Control for Non-root User Via Kinternet
6) Next > Finish
3. Create interface vbox0 for user syahal
1) #VBoxAddIF vbox0 syahal br0
2) Finish
4. Setup your OS on VirtualBox:
1) Setting > Network > Attached to=Host Interface
2) Interface Name = vbox0
3) Ok
5. boot your OS, and you can get dhcp from Your server.
6. that's all folks!!

By: Syahal Nur Arip.