TECHNOLOGI: February 2009

Wednesday, February 18, 2009

Know the basic commands in linux, unix, shell, and the terminal

Perhaps this paper has been stale for linuxer that use the terminal each day to manage the entire process in the system. But for the newbie that I also like this:) and for those who linuxer new to linux this paper may be very meaningful and very useful to know the basic in-perinta linux unix atu. If the DOS file naming only follow the rules / - of 8.3 (8 character file name and 3 extension) for example, ABCDEFGH.TXT.

Uppercase and lowercase letters in the commands and file names are different, eg different NAMAFILE.tar.gz with namafile.tar.gz, note the command ls will be wrong if diketikkan LS.

There is no mandatory extension like. COM and. EXE to the program and. Batchfile for BAT. diekskusi file that can be marked with the asterisk, if the backup file in the DOS will berekstensi. BAK if dilinux will be marked with a '~' if the file that start with (.) is a hidden file in linux and the file will not be displayed if we provide ls command.

DOS program using sign / sebgai parameter / switch if using dilinux sign - as a parameter / switch, using the example in the DOS command dir / s dilinux when using ls-R.

basic commands linux | unix

1. cp -> basic commands used for copying files or directories.

use:
cp [option] ... [-T] SOURCE DEST
cp [option] ... SOURCE ... DIRECTORY
cp [option] ...-t DIRECTORY SOURCE ...
Copy SOURCE to DEST, or multiple SOURCE (s) to DIRECTORY

Mandatory arguments to long options are mandatory for short options too.
-a,-archive same as-the House of Representatives
Backup [= CONTROL] make a backup of each existing destination file
-b-like backup but does not accept an argument
-Copy-contents copy contents of special files when recursive
-d same as-no-dereference-preserve = link
-f,-force if an existing destination file can not be
opened, remove it and try again
-i,-interactive prompt before overwrite
-H follow command-line Symbolic links
-l,-link link files instead of copying
-L,-dereference always follow Symbolic links
-P,-no-dereference never follow Symbolic links
-p same as-preserve = mode, ownership, timestamps
-Preserve [= ATTR_LIST] preserve the Specified attributes (default:
mode, ownership, timestamps), if possible
additional attributes: links, all
same as-c-preserve = context
-No-preserve = ATTR_LIST do not preserve the attributes Specified
-Parents use full source file name under DIRECTORY
-R,-r,-recursive copy directories recursively
-Remove-destination remove each existing destination file before
attempting to open it (contrast with-force)
-Sparse = WHEN control creation of sparse files
-Strip-trailing-slashes remove any trailing slashes from each SOURCE
arguments
-s,-Symbolic-Symbolic links make links instead of copying
S-,-suffix = suffix override the usual backup suffix
-t,-target-directory = DIRECTORY copy all SOURCE arguments into DIRECTORY
-Q,-no-target-directory treat DEST as a normal file
-u,-update copy only when the SOURCE file is newer
than the destination file or when the
destination file is missing
-v,-verbose explain what is being done
-x,-one-file-system stay on this file system
-Z, context = Context-set security context of copy to Context
-Help display this help and exit
-Version output version information and exit

2. rm -> basic commands used to delete a file or directory.

usage: rm [option] ... FILE ...

-d,-directory unlink FILE, even if it is a non-empty directory
(super-user only, this works only if your system
supports `unlink 'for nonempty directories)
-f,-force ignore nonexistent files, never prompt
-i,-interactive prompt before any removal
-No-preserve-root do not treat `/ 'specially (the default)
-Preserve-root fail to operate recursively on `/ '
-r,-R,-recursive remove directories and their contents recursively
-v,-verbose explain what is being done
-Help display this help and exit
-Version output version information and exit

3. mkdir -> basic commands used to create a new directory

usage: mkdir [option] DIRECTORY ...

-Z,-context = Context (SELinux) set security context to Context
Mandatory arguments to long options are mandatory for short options too.
-m,-mode = MODE set permission mode (as in chmod), not rwxrwxrwx - umask
-p,-parents no error if existing, make parent directories as needed
-v,-verbose print a message for each created directory
-Help display this help and exit
-Version output version information and exit

4. ls -> basic commands used to view the contents of the directory.

5. dir -> basic commands used to view the contents of the directory.

6. vdir -> basic commands used to view the contents of the directory.

7. pushd -> basic commands used to enter into a directory.

Very simple, create a Wifi network (Hot spots)

Weird title I think I make this, but it is intentionally. The goal may seem nyeleneh though.
Several months ago, in the office where I work, we subscribe to the speedy internet. Installation is easy, because the fall in the computer in the office also has become one alian alias network LAN (Local Area Network). At the time of installation of DSL modem from telkom connect directly to the Hub, and then the engineers set the IP on one computer, the aim is to make the class IP DSL modem. (It may get easier). IP is set after the class and also after the Getaway have to switch on the server telkom, they used the Internet directly. Another computer that only set the IP class and of course is with the DSL modem.
After a few months and then the Internet is making many changes in our office (we are in school) from the internet so much information that can be obtained. Enthusiastic friends also high on the internet. More friends have started "style" by bringing the laptop to school. And even have friends - friends who use the internet as a media learning materials, including me. . It's not fair if the Internet is in the school can only be enjoyed by teachers, while students do not. Although the program goes to the Internet in the school out by telkom not up to us. We go to regular customer category. (ka punten PT. Telkom, Pami tiasa mah ka sadaya sakola lebet program Internet Goes To School).
Yes it is kemabali to ... ... ..
By thinking of it is for facilitating our friend - a friend has a laptop and Wifi facilities (what can connect to the internet only 4 computer units) and also for children. So we terfikirkan to create a network Nirkabel.alias wireles LAN. Start at that time we try to make a list kemi needs, they are only for internal only, then we need is just an Access Point that we will use to distribute the wave (kasarnya term). When we try to find - search kebuthan us so we decided to use the brand Access Point D-Link DL 166 with the type. Because we do not want to ribet alias so easy trap settings on our wireless network with this very simple. Next step - step.
1. IP in the Access Point is 192.168.0.1, while we in our network that are IP is 192.168.1.1 so it has a different class. In fact, can only samkan. But because we do not want ribet, the Access Point that we have made the new network. So we create a WAN (Work Area Network). So that the installation is kemi Access Points to connect to Hub via WAN port (the port is standard, the RJ 45)

2. Once installed properly, we see the status in the Access Points have been OK, then we immediately try to use a laptop with the features Wifi, and after we see, the laptop in the network, detected a host name or the defaul waves. We try and connect successfully, then we try and browsing also works. Until this stage is the installation of Wifi sduah realized. However, as we consider the aspect of security, we continue porses installation.
3. After work, we try to go to the Control Panel on the access point (here we can set the relation with the wireles). Type in the DL-166 we can do this settting of the Web Browser. We use the internet explorer. Then we type in 192.168.0.1 in the web page, and then the login page will appear. For the user name of this device is admin and password blank. Aakemudian we can make settings in accordance with needs. Again, not to use our ribet fasiltas Run the Wizard on the Access Point. What we change is the name SIID network that will recognize by the other device (host name) and one of our security that is enabled (enable) WEP, the aim is to ensure that every person who will go to the wireless network we have to enter a Password.

Nah sberes have created a network hotspot, it's easy once. But it's that simple. Yet the goal of building a hot spot for sharing the internet. But Allah, I will discuss the - the other part has to be noticed dlam create Wireless network.

In fact there are new problems arising from sharing the internet, but I submit it later. OK hopefully useful and hopefully we da [at continued learning and learning.

Protect servers from attack spamming, scanning, and Harvesting dDoS attacks

Fire security to the server will come with a variety of ways. Most often it may be SPAM email that will come to your mailbox. Or may be scanning the ip addres will overwrite your server. There are several ways to attack melawah all of that, for example, with only installing SpamAssassin on our server. Akan resource server automatically but we will be used to run SpamAssassin this. For example, the CPU is the server that will be the higher or the more memory we have a few.
Moreover, if the attack comes with SPAM email repeatedly in large numbers, to be sure the CPU or memory will be used to run SpamAssassin this process.

So in this paper the author would like to introduce how to prevent attacks in this top layer with the kernel using iptables. Because iptables is blocked with the automatic resource (CPU, Memory) our server will not be used at all. When there is a request from list ip address the problem of spamhaus.org, it will be directly in this block through iptables. Thus, automatic service-service we will be running normally, without interruption or additional burden.

Here is a short script that we can install in our server. How this script is very simple, the first list will take the ip address that was registered in the spamhaus.org (http://www.spamhaus.org/drop/drop.lasso) as an ip address that is often problematic due to SPAM attacks, scanning or DoS.

ILE="/tmp/drop.lasso"
URL="http://www.spamhaus.org/drop/drop.lasso"
echo ""
echo -n "Applying DROP list to existing firewall..."
[ -f $FILE ] &amp;&amp; /bin/rm -f $FILE || :
cd /tmp
wget $URL
#iptables policy di hapus
/sbin/iptables -F
#jalankan policy yang sudah ada
./regular_rules
blocks=$(cat $FILE | egrep -v '^;' | awk '{ print $1}')
/sbin/iptables -N droplist
for ipblock in $blocks
do
/sbin/iptables -A droplist -s $ipblock -j LOG --log-prefix "DROP List Block"
/sbin/iptables -A droplist -s $ipblock -j DROP
done
/sbin/iptables -I INPUT -j droplist
/sbin/iptables -I OUTPUT -j droplist
/sbin/iptables -I FORWARD -j droplist
echo "...Done"
/bin/rm -f $FILE

regular_rules is that we run the script before running the script above. This script contains the policy of iptables before we have removed with the command iptables-F. Certainly, if you do not have a policy in your iptables, regular_rules line is not needed.

Make Google PageRank

Google search engine will give the value or PageRank for any URL with the algorithm too. To do this for Google PageRank? Certainly, according to the name to determine the ranking of a URL in its database engine. The higher the ranking of a URL will be located at the top in the search results on Google.

To create a Google PageRank of the URL you're not hard, because Google provides the modules to create the PageRank of a URL. In this occasion I will submit two PHP scripts that you can plug in your URL to determine the PageRank of a URL.

First is the script to call the Google PageRank module. This simple script can be developed to become more interactive, where visitors can enter your website URL PageRank of interest.

Create a file pr.php as below with the editor that you use often.

// pagerank.php adalah nama file yang berisi modul pagerank google
include('pagerank.php');
$pr = getPageRank('http://infokomtek.com');
echo 'Page rank dari infokomtek.com adalah '.$pr;
?>

Then, create a file pagerank.php as below with the save in the same directory with the files that have been pr.php we make earlier.

php
define('GOOGLE_MAGIC', 0xE6359A60);
function _zeroFill($a, $b){
$z = hexdec(80000000);
if ($z & $a){
$a = ($a>>1);
$a &= (~$z);
$a |= 0x40000000;
$a = ($a>>($b-1));
}else
$a = ($a>>$b);
return $a;
}
function _mix($a,$b,$c){
$a -= $b; $a -= $c; $a ^= (_zeroFill($c,13));
$b -= $c; $b -= $a; $b ^= ($a<<8);>
$c -= $a; $c -= $b; $c ^= (_zeroFill($b,13));
$a -= $b; $a -= $c; $a ^= (_zeroFill($c,12));
$b -= $c; $b -= $a; $b ^= ($a<<16);>
$c -= $a; $c -= $b; $c ^= (_zeroFill($b,5));
$a -= $b; $a -= $c; $a ^= (_zeroFill($c,3));
$b -= $c; $b -= $a; $b ^= ($a<<10);>
$c -= $a; $c -= $b; $c ^= (_zeroFill($b,15));
return array($a,$b,$c);
}
function _GoogleCH($url, $length=null, $init=GOOGLE_MAGIC){
if(is_null($length))
$length = sizeof($url);
$a = $b = 0x9E3779B9;
$c = $init;
$k = 0;
$len = $length;
while($len >= 12){
$a += ($url[$k + 0] + ($url[$k + 1] << "http://infokomtek.com/wp-includes/images/smilies/icon_cool.gif" alt="8)" class="wp-smiley"> + ($url[$k + 2] <<>$url[$k + 3] <<>
$b += ($url[$k + 4] + ($url[$k + 5] << "http://infokomtek.com/wp-includes/images/smilies/icon_cool.gif" alt="8)" class="wp-smiley"> + ($url[$k + 6] <<>$url[$k + 7] <<>
$c += ($url[$k + 8] + ($url[$k + 9] << "http://infokomtek.com/wp-includes/images/smilies/icon_cool.gif" alt="8)" class="wp-smiley"> + ($url[$k + 10] <<>$url[$k + 11] <<>
$_mix = _mix($a,$b,$c);
$a = $_mix[0]; $b = $_mix[1]; $c = $_mix[2];
$k += 12;
$len -= 12;
}
$c += $length;
switch($len){
case 11: $c += ($url[$k + 10] <<>
case 10: $c += ($url[$k + 9] <<>
case 9 : $c += ($url[$k + 8] <<>
case 8 : $b += ($url[$k + 7] <<>
case 7 : $b += ($url[$k + 6] <<>
case 6 : $b += ($url[$k + 5] <<>
case 5 : $b += ($url[$k + 4]);
case 4 : $a += ($url[$k + 3] <<>
case 3 : $a += ($url[$k + 2] <<>
case 2 : $a += ($url[$k + 1] <<>
case 1 : $a += ($url[$k + 0]);
}
$_mix = _mix($a,$b,$c);
return $_mix[2];
}
function _strord($string){
for($i = 0;$i < strlen($string);$i++)
$result[$i] = ord($string{$i});
return $result;
}
function getPageRank($url){
$pagerank = -1;
$ch = "6"._GoogleCH(_strord("info:" . $url));
$fp = fsockopen("www.google.com", 80, $errno, $errstr, 30);
if($fp){
$out = "GET /search?client=navclient-auto&ch=" . $ch . "&features=Rank&q=info:" . $url . " HTTP/1.1\r\n";
$out .= "Host: www.google.com\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)){
$data = fgets($fp, 128);
$pos = strpos($data, "Rank_");
if($pos === false){
}else
$pagerank = substr($data, $pos + 9);
}
fclose($fp);
}
return $pagerank;
}
?>

regular_rules is that we run the script before running the script above. This script contains the policy of iptables before we have removed with the command iptables-F. Certainly, if you do not have a policy in your iptables, regular_rules line is not needed.

Backup MySQL Data With PHP

phpSalah one programming that is widely used in the world at this time is PHP. PHP bergembang so rapidly used in the content of websites that use CMS engine. For instance is wordpress or joomla. CMS is the second most of the MySQL database. MySQL is a database that we can use for free.

This is important when we are using the MySQL data backup. Backup should we do this many times so that we keep data secure, when the hard disk damage or loss of data due to the reason we do not know. Here are any posts short, how to use a simple PHP script to make backups of data in MySQL.

$dbname = "infokomtek_com";
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "******";
$backupFile = "infokomtek_com";
$backupFile = $dbname . date("Y-m-d-H-i-s") . '.gz';
$command = "mysqldump --opt -h $dbhost -u $dbuser -p $dbpass $dbname | gzip > $backupFile";
system($command);
?>

$ dbname = "infokomtek_com" is the name of the data base that we want to backup. $ dbhost = "localhost" is the host name data base we are. $ dbuser = "root" user to access a database. $ dbpass = "******" is the password to access the databases. Depending on your settings in MySQL, sometimes the password is not necessary to connect to MySQL.

If you save this script in crontab PHP, then you can backup your data base in accordance with yours.

Installing Ubuntu 8.40

ubuntu is a distro that peminatnya increase of late. And according to the magazine Linux Journal, Ubuntu was ranked as the first tune the distribution by Linuxer. Ubuntu issue with the latest version of the various new features that are available. The latest version, this 8:04 LTS, codename has the name of Hardy Heron.

Next we will show how installing the Ubuntu distro hopefully useful to the readers. Stages in the installation, the author will show screenshotnya, so hopefully will be more easily understood.
Take about 10 menitan for instaling do this. There are some steps to install Ubuntu on your PC, as follows:

1. Download the ISO image at the following URL, and burning a CD with the software you like, such as Nero, CDBurnerXP, Roxio.
2. Insert the CD drive to you, restart your PC. BIOS is set to be the first time that the CD drive is read.
If the Ubuntu CD detected properly, it will appear as the following screen to select the language you want to use in the installation.

Select the "Install Ubuntu", and click Enter.

So the process will begin installing. The data needed will be stored in RAM sepeerti with the screen below,

Select the language you will use. English is also available.

Enter your location or region, including the time for which you use for your server.

Select your keyboard layout, and try to enter some characters keyboard for testing whether you are correct what has not.

The next step is to partition hard disks. Hard drive partition is very easy, but it must be extra careful. Because once we change the data partition is in will be lost.
There are three options for hard disk partition, as follows:
1. When you want to keep using the existing OS, for example, want to dual boot with Windows XP, then select the first option, namely "Guided - resize the partition and use the freed space".
2. If you want to only use Ubuntu on your computer, and delete data on the hard disk, then select the second option, namely "Guided - use entire disk".
3. You can even choose the option "Manual" when the first and second choice is not in your plan. Of course you are expected to have knowledge of the partition and the server.

The remaining disk space as a swap memory. Usually the memory is large duakali you. If you have the 512Mb swap is 1024MB.
Each time you change a partition, for example, delete, change the size of, the content or the data partition will be erased.
The next step is to create a user to be able to login to Ubuntu. Enter your name and your password, do not forget to always remember it.

Enter the Id and password to log in when you are finished Ubuntu install.

If you do not have difficulty or error, then you ready-ready to install Ubuntu.
Click the 'Install' button NOW!

Install Ubuntu 8.04 (Hardy Heron) operating system will be done with the emergence of this screen.

5. Around 9 or 10 menitan, install will be finished and ready for your PC with a Linux PC restart.

Now you are ready to use with Ubuntu using the Id and password that you entered earlier.

Tuesday, February 17, 2009

10 tips Extending Reach and strength of your Wireless Network

Microsoft was very concerned about wireless or wireless, on the site authorized in www.microsot.com, Microsoft provides a prescription telling tune up a wireless network, following Tony Northrup any posts on the company site is Windows Vista;

If Windows ever notifies you about the weak signal, so you may be able to lose your connection entirely in some parts of your home. If you want to improve the signal to your wireless network, try some tips to extend your wireless coverage and improve the performance of your wireless network.

1.Posisikan access points or wireless router in the center of your location.
When possible, place the wireless router in the center or the location of your home.

2. Move the router away from the floor and away from walls and objects made of metal (such as a metal cupboard etc.).
Metal, walls, floors, and will disrupt your wireless router signal. The interference from nearby access points or wireless router, the more severe the interference received, and weak connection.

3. Changing the antenna.
The antenna supplied with the wireless router is usually bertype Omni-directional, meaning they broadcast signals in all directions around the router, but there may be some areas not the desired signal. and change the antenna to the hi-gain antenna that focuses the wireless signals only one direction will be able to direct the signal in the direction you need it most.

4.Gantilah your wireless network adapter.
Wireless network signal must be sent both to and from your computer. Sometimes, your computer can not receive the signals from both access points. To fix this, replace the laptop or PC-based wireless network card with USB wireless adapter that uses an external antenna is very helpful, with Hi-Gain USB Wireless antenna belonging adapter, can significantly increase the coverage expansion.

5.Tambahkan repeater
Wireless repeaters extend the range of your wireless network, without requiring you to add cables. Place the wireless repeater on the mid points between the access point and your computer, and you will get increased wireless signal. Some access points or radio that's designed as a repeater; Senao Engenius ECB / EOC 3220, Edimax 7206APg, and Zinwel ZW2194.

6.Rubah Channelnya
Wireless routers can broadcast on multiple channels or channel, similar to the way radio stations use different channels. In the United States and Canada, this channel is 1, 6, and 11. Just as you'll sometimes hear interference on one radio station while the other is very clear, try changing your channel access points through the configuration page, you may get increased signal strength, you do not need to change your computer's configuration, because it automatically detect the new channel you have change.

7.Turunkan wireless interference.
If you have a "cordless" or a wireless phone or other electronics in your home, your computer may not be able to "hear" your wireless access points due to noise from other wireless devices such as the above. To have "quiet", Avoid using electronic wireless 2.4GHz frequency. Instead, look for cordless phone that uses 900Mhz or 5.8GHz frequency.

8.Update firmware or driver your wireless adapter.
Wireless device manufacturers regularly make free improvements to their products. Sometimes, these improvements can improve their performance. To get the firmware update or latest drivers visit their website.

Similarly, Windows XP also regularly update the driver. Updates are usually improve the performance and reliability. To get the update, visit Microsoft Update, and then click the Select Hardware Type your wireless adapter, Install any updates relating to your wireless network.
Note If you go to Microsoft Update, you have two options: the Express Install for critical security and Custom Install for high priority and optional updates. You can get a driver update if you use the Custom.

9.Ambil equipment from one vendor.
While the Linksys wireless router will work better with the Edimax wireless USB adapter, but you will often get better performance if you select the router and network adapter from the same vendor.

10.Upgrade 802.11b to 802.11g devices.
802.11b standard is the most common type of wireless network, but 802.11g is about five times faster. 802.11g is upside-compatible with 802.11b, so you can still use 802.11b equipment that you have. If you're using 802.11b and you are not satisfied with the performance, consider replacing them with standard access points 802.11gyang sure the equipment will be compatible with 802.11g. If you are buying new equipment, make sure to select 802.11g.

The wireless network did not reach the theoretical bandwidth limit. 802.11b usually get ransfer rate between 2-5Mbps. 802.11g are usually in the range of 13-23Mbps.

Creating Wireless Network Ad-Hoc No Router in Windows XP

Wireless networks or wireless is very useful because it allows you to use your computer and connect to the internet anywhere in the home or office. However, most of the wireless network using a wireless router, which must be purchased separately. If you have more than one computer, you can set up a wireless network without the need to buy a wireless router and save your own money.

Conventional wireless network, wireless router that is functioning as a base stationt, like many in the base station for cordless phones. All wireless communication through a wireless router, which allows the nearest computer to connect to the Internet or to each other.

Ad hoc wireless network works like a walkie-talkie, as the computer to communicate directly with each other. By enabling Internet Connection Sharing on one computer, you can share Internet access

Ad hoc network is a smart alternative to using a wireless router, but have several weaknesses:

* If your computer is connected to the Internet is dead or shut down, all computers that are part of the ad hoc network lose Internet access.
* To connect to the Internet, one computer always requires a network connection cable.

To connect the computer to the Internet using an ad hoc wireless network, follow these steps (described in more detail later in this article):

1. Enable Internet Connection Sharing on the computer connected the Internet. You can skip this step if you do not need to access the Web.
2. Manage ad hoc wireless network on a computer connected to the internet.
3. Add your other computers to the wireless network.

How to enable Internet Connection Sharing

In the wireless network with the router, the router has forwarding important communication from the computer in the network to the Internet. On an ad hoc network, you must specify a single computer to serve this role. Your computer must have a cable connection to the Internet, and must be left on if you want to be able to use your other computers.
How to set up the first computer

Manage ad hoc wireless network that allows computers to share an internet connection without router

1. If necessary, install a wireless network adapter
2. Click Start, and then click Control Panel.
3. Select a category below, click Network and Internet Connections
4. Below the icon, or select Control Panel, click Network Connections.
5. Right-click your wireless network connection, and then click Properties.
6.Pada Wireless Network Connection Properties dialog box, click the Wireless Networks tab.
7. On the Wireless Networks tab, under the selected network, click ADD.
8. In the Wireless network properties dialog box, on the Association tab, type the name of an ad hoc wireless network in Network name (SSID) box (shown in step 10). For example, you could name your wireless network NETKOM.
9. Clear the Key is provided for me automatically check box and select This is a computer-to-computer (ad hoc) network check box.
10. Create a password with 13-digit key in the second-network. For best security, use a combination of letters, numbers and punctuation marks. Then click OK
11. Click OK again to save the changes

How to set up additional computers

If you want to add to your network does not have built-in support for wireless network, install a network adapter nirkabelnya.

Windows XP automatically detects the new adapter, and will let you know that he found a wireless network.

Now your computer is connected to your wireless network

Note: The steps ditas only applies if you use Windows XP Service Pack 2 (SP2). If you have not installed SP2, visit Microsoft Update to install before connecting to an ad hoc network.

1. Right-click Wireless Network icon in the lower right corner of your screen, then click View Available Wireless Networks.

Note:
If you encounter problems, do not be afraid to ask manufacturers to brand adapter you use to help your problem.
2. The windows Wireless Network Connection appears and displays your wireless network listed with the SSID that you select. If you do not see your network, click Refresh Network List in the top left corner. Click your network, and then click Connect in the lower right corner.
3. Windows XP will ask you to enter the key password, then click Connect.

Windows XP will show signal strength that is connected to your network. After you connect, you can close the Wireless Network Connection window.

Repeat the above three steps on each computer that is connected to the wireless ad hoc network.

Linksys WRT54GL With DDWRT Firmware

By default the Linksys WRT54GL with original firmware can only road in AP mode only, so he can not act as a station or a client, but when he upgraded firmwarenya with DDWRT (www.dd-wrt.com), Linksys disitulah furor started last, he rose class from economy class to premium class, the firmware made in Germany, Sebastian Gottschall aka BrainSlayer, considered to improve the performance of these access points.
Feature of Linux-based firmware are:

# 802.1x Extensible Authentication Protocol (EAP)
# Access restrictions
# Ad Hoc
Afterburner #
# Client Isolation Mode
# Client Mode (supports multiple connected clients)
# DHCP Forwarder (udhcp)
# DHCP server (dnsmasq or udhcp)
# Forwarder DNS (dnsmasq)
Unit #
# Dynamic DNS (DynDNS, easyDNS, FreeDNS, No-IP, TZO,
ZoneEdit, custom, and others)
# Hotspot Portal (Sputnik Agent, Chillispot)
# IPv6
# JFFS2 (JFFS2)
# MMC / SD Card Support (hardware modification required)
NTP #
# Ntop Remote Statistic (ntop)
# OpenVPN Client & Server (only in VPN-build of the firmware)
# Port Triggering
# Port Fowarding
# PPTP VPN Server & Client
# QoS Bandwidth Management
# QoS L7 Packet Classifier (l7-filter)
# RFlow
Routing # (bird)
# Samba FS Automount
# Syslog
# Rx Antenna
# Tx Antenna
# Show Status of Wireless Clients and WDS with System
Uptime / Processor Utilization
# Site Survey
# SNMP
# SSH server & client (dropbear)
# Startup, Firewall, and Shutdown scripts (startup script)
# Static DHCP
# Style (Changeable GUI; v.23)
# Supports New Devices (WRT54G V3, V3.1, v4, V5 and WRT54GS
V2.1, V3, v4)
# Telnet server & client
# Power transmits adjustment (0-251mW, default is 28mW, 100mW is
safe)
# UPnP
# VLAN
# WOL (Wake On Lan) (WOL)
# WDS Connection Watchdog
# WDS Repeater Mode
# Wireless MAC Address Cloning
# Wireless MAC Filter
# WMM (Wi-Fi MultiMedia)
# WPA over WDS
# WPA / TKIP with AES
# WPA2

Based on the author experience, type access points (AP) Linksys upgraded to a suitable DDWRT, is the Linksys WRT54GL, besides AP type, the possibility of failure of one update, so do not try upgrading your firmware without the knowledge and experience.

DDWRT to upgrade the firmware, download the first step in the first firmware dwrt site: www.dd-wrt.com, choose the version according to your desire, you should select the mini version first, security for your Linksys devices, after the download on your computer, you enter to the web configuration Linksys WRT54GL, you go to the administration section, select the field firmware upgrade, do upgrade, remember during the firware upgrade, do not connect to the power is turned off or out, in case of a result so will damage the Linksys you have a message after the upgrade successful, you do the reset, to be more stable, and then after the reset, do the upgrade back by using the standard firmware, remember once again after the upgrade process is completed or successful, do the reset for the second time. Such scenarios DDWRT firmware upgrade process, any posts in the other we will feature some DDWRT.

What Is wIFI

According to wikipedia: Wi-Fi was originally a brand name given by the Wi-Fi Alliance to describe the embedded technology, wireless local area network (WLAN) based on the IEEE 802.11 standard. In 2007, the general term Wi-Fi has expanded describes generic wireless interface of mobile computing devices, such as laptops in Lans. The term Wi-Fi was chosen as a play on the term "Hi-Fi", and is often mistaken to be incorrect abbreviation for wireless fidelity. Wi-Fi and Wi-Fi Certified logo are registered trademarks of the Wi-Fi Alliance, the trade organization that tests and certifies equipment in accordance with the 802.11x standards.
If you've been in a coffee shop, restaurant, hotel or campus, usually right in the middle of your wireless network. Many of us use wireless networks, also called WiFi or 802.11 networking, to connect the computers in our house, and now the increasing number of cities use the technology to provide free or cheap Internet access to residents. At the close the day, the wireless network can become so widespread that we can access the Internet almost anywhere at any time, without using cables, so wonderful life.
A wireless network uses radio waves, such as mobile phone, tv and radio do. In fact, communication via a wireless network much as two-way radio communication. This is what happens:

1. A computer wireless adapter translates data into radio signals and transmits the indoor or outdoor antenna.
2. A wireless router receives the signal and decodes it. He sends information to the Internet using a physical, Ethernet cable connection.

This process also works vice versa, with the router receiving data from the Internet, translating into radio signals and sends them to the computer via a wireless adapter.

Radio is used for WiFi communication are the same as that used for radio walkie-talking, handphones and other devices. They can send and receive radio waves, and they can convert 1s and 0s into radio waves and convert the radio waves back into 1s and 0s. WiFi radio but there are some important differences from other radio:

* They send in the frequency of 2.4 GHz or 5GHz. This frequency is very high compared with the frequency used for mobile phones, walkie-talking and television. The higher frequency allows the signal to carry more data.
* They use 802.11 networking standards, which come in several flavors:
o 802.11b version is the first to reach the market. There is a slow and least expensive standard, and it becomes a little more quickly as the standard to be cheaper. 802.11b transmits at 2.4 GHz frequency band of radio spectrum. This can handle up to 11 megabits of data per second, and using the free code keying (CCK) coding.
o standard 802.11g also transmits at 2.4 GHz, but a lot faster than 802.11b - it can handle up to 54 megabits of data per second. 802.11g is faster because it uses orthogonal frequency-division multiplexing (OFDM), a more efficient coding techniques.
o 802.11a transmits at 5GHz and can move up to 54 megabits of data per second. And he also uses OFDM coding. New standards, like 802.11n, can be even faster than 802.11g. However, the 802.11n standard is not yet final.
* WiFi radio can send on one of the three frequency bands. Or, they can "frequency hop" rapidly between the various bands. Frequency hopping helps reduce interference and lets multiple devices use the same wireless connection simultaneously.

Each product tested and approved as "Wi-Fi Certified" (a trademark) by the Wi-Fi Alliance certification is the same as one another, even if they originate from different producers. A user with the "Wi-Fi Certified" product can use the access point with other brands client hardware that also is certified. Usually, however, any Wi-Fi product using the same radio frequency (for example, 2.4GHz for 802.11b or 11g, 5GHz for 802.11a) will work together with others, even if not "Wi-Fi Certified."

As long as they all have wireless adapters, several devices that can use a router to connect to the Internet. This connection is simple and almost invisible, and it is quite reliable. If the router fails or if too many people trying to use a high-bandwidth applications at the same time, however, users can experience interference or lose their connection.

f you want to launch wireless network in your home, office, or public area, the first thing you want to do is make sure that your computer has the right wireless devices. Most new laptops and many new desktop computers come with built-in wireless transmitters. Laptop if you do not, you can buy a wireless adapter that plugs into the PC card slot or USB port. Desktop computers can use USB adapters, or you can buy an adapter that plugs in to the PCI slot in the computer case. Many of these adapters can use more than one 802.11 standard.

After you install your wireless adapter and drivers that allow it to operate, your computer must be able to know automatically to the network that already exists. This means that when you change your computer in a WiFi hotspot, the computer will inform you that there is a network and ask if you want to connect to. If you have an older computer, you may need to use a software program to detect and connect to the wireless network.

Connected to the internet via wifi is very convenient for us. home wireless network so that is also comfortable. They help us to easily connect multiple computers and to move them from place to place without disconnecting and reconnecting wires, and we can play in many positions such as our computer is.

WIFI

Wifi era has started, increasing the development of more flamboyant wifi in Indonesia since dibebaskannya use 2.4Ghz frequency by the government, so many network wifi / hotspot start scattered in major cities in the land of our water, but the development of this hope-hope marked by anxious owners hotspot, I fear pierced!, the question is how to preserve or minimize the risk
security of our hotspot, wifi nih bung, would love suggestions:

1. Enable the use of WPA and WEP encryption you use is not that any person can go, with this system, each computer has the authority to speak with fellow members worgroupnya, outside the members of "no entry", WEP and WPA are also able to
prosecute acts of "tap" data traffic on your wifi network, so data such as username, paaword, bank account, etc. love letter, Allah can be safe, you should enable WEP security on the level of maximum 128-bit instance, and change password periodically, eg 3-4 days once.
2. Hide Service Set Id (SSID) on the Access Points you, because with the SSID set to Open, then easily found by other people who do scanning wifi network, so people can have bad intention nyerobot to go to your hotspot network, nah lu!

3. Register the MAC address computer / laptop you are a client, the MAC Address Filtering feature in your access points, so that the computer that you want to access the hotspot can be obstructed, a permit must first have a donk on ............. .

4. Make classes scanning on your network, who knows, there is ip address that is connecting to the foreign or bercokol on your network, so use a static ip address, not dynamic, it is better to use the ip address that is different between access points and network and local / gateway you.

5. The latter, often read on the internet on sites that discuss security, who knows there is a bug in the driver points you access, such as the new-barupf this wifi driver on the notebook that lets Apple brand can attack in the remote, when you need to update it your wifi device firmware, but be careful firmware update can cause a risk of damage to your device wifi, search for information before.

MICROTIK

Wifi in the world famous name Mikrotik very well as Operating System (OS) and the router wifi equipment, although the OS to include a complete Proxy, bandwidth management, firewall, hotspot, VPN etc. we charge a fee for the license, but if we use only as only router, operating system from Latvia can be used without any time limit, we can download it for free in www.mikrotik.co.id, but if all the above functions in addition to the router we are given only in the limits of just one day to use. So with a fairly minimal computer speknya eg, Pentium I, 1-2 GB hard disk, 64 MB memory, no mouse, keyboard or monitor, if Mikrotik is the way, we only need mose, keyboard and monitor during installation only. so we can make a router with minimal funds, we buy equipment from a router that can be millions of rupiah expensive. Let's begin the installation, before we have a Mikrotik imagenya files downloaded from the site www.mikrotik.co.id, and we burn to blank cd.

INSTALLATION

Make sure the computer before you install into Mikrotik OS already have 2 Lan Card, to spek hardware that will be used, you can see in rujukannya http://mikrotik.com

- * Booting from CD ROM

Select the packages to be selected, the need for Proxy + Router + Bandwidth Management, you should select:

- System

- DHCP

- Advanced Tols

- Routing

- Routing Test

- Security

- Synchronous

- Web Proxy

- Web Proxy Test

After selecting the required paket2 press the "i" to start installation

Appear any posts "Do you want to keep ..............." select n (no)

"Continue .....", select y (yes)

Start to create a partition and format the hard disk, after installation of the earlier paket2 selected.

Once finished, reboot the Mikrotik requested by pressing enter.

After booting, appear to undertake the hard disk, you can select yes or no, select no to also not sure if your hard disk free from the bad sector.

You are prompted to log in, type in the admin: Mikrotik Login: admin

to put a password just hit enter, as a blank password on the new installation,

- Dou you want to see ...................., select no, to speed up the process

Mikrotik console appears, namely:

[admin @ Mikrotik]>

To change the name of this machine Mikrotik, type:

[admin @ Mikrotik]> system identity set name = mywifi

Then change to console

[admin @ mywifi]>

Mikrotik engine change password, type the password =

[admin @ mywifi]> password

old password (blank type, if you have not previously set a password

new password: .........( type the new password?

Retype new password :................ (enter password again)

To shut off the Mikrotik we simply type in the following

[admin @ mywifi]> system shutdown

[admin @ mywifi]> system reboot (to restart it)

[admin @ mywifi]> system reset (to reset the configuration that we already created earlier)

Commands above must be done in the admin directory.

After that you need to activate the second LAN Card is inserted, with the example below:

[admin @ mywifi]> interface ethernet enable ether1

[admin @ mywifi]> interface ethernet enable ether2

If the error sign appears, there are two reasons:

The first: There is the possibility LAN Card installed, damaged

the second from the LAN Card Driver not disupport by Mikrotik

For the second LAN Card installed (if the two are complete), type .............

[admin @ mywifi]> ip address

[admin @ mywifi] ip address> print interface (or command can be abbreviated to "in pr")

Then tampillah second LAN Card, note the console above indicates we are already in the ip address

Based display monitor LAN Card Mikrotik first called "ether1" where ether1 this later connected to the Public IP / Internet LAN Card are both called "ether2" is connected to the Local IP / LAN Local, and then we give ip address to each LAN Card, command with the / command as follows:

[admin @ mywifi]> ip address

[admin @ mywifi] ip address> add interface = ether1 address = 172.16.0.254/24

[admin @ mywifi] ip address> add interface = ether2 address = 192.168.1.254/24

To find out the result type:

[admin @ mywifi] ip address> print

See the results on the image above. to ascend to the higher type the colon "..", or "/" to the admin directory, which is the highest directory.

Then we fill the gateway ip address from the LAN Card is the first, which is where we get internet access

[admin @ mywifi]> ip route add gateway = 192.168.1.1

Then we fill the DNS ip address, fill in appropriate recommendations from your ISP,

[admin @ mywifi]> ip dns set primary-dns = 202.134.1.7

admin @ mywifi]> ip dns set secondary-dns = 202.134.0.155

So that all client computers in LAN can browse the Internet more quickly enough to take with the DNS cache on the router Mikrotik, so the client computer does not berlu far meresolve DNS on the ISP DNS server, the Router Mikrotik need to set in order to perform DNS cache storage

[admin @ mywifi]> ip dns set allow-remote-requests = yes

But all the client computers, setting the IP Address field is filled primary DNS, with its IP Address Router Mikrotik, to leave the secondary DNS is just empty. Note also the picture above when we type in a command, it will appear warning

"no such argument."

Then we set the machine so that we can be a Mikrotik router

[admin @ mywifi]> ip firewall nat

[admin @ mywifi] ip firewall nat> add chain = srcnat arc-address = 192.168.1.0/24 out-interface = ether1 action = Masquerade

We see the results

[admin @ mywifi] ip firewall nat> print

See the results on your monitor. to ascend to the higher type the colon "..", or "/" to the admin directory, which is the highest directory.

Then we fill the gateway ip address from the LAN Card is the first, which is where we get internet access

[admin @ mywifi]> ip route add gateway = 192.168.1.1

Then we fill the DNS ip address, fill in appropriate recommendations from your ISP,

[admin @ mywifi]> ip dns set primary-dns = 202.134.1.7

admin @ mywifi]> ip dns set secondary-dns = 202.134.0.155

So that all client computers in LAN can browse the Internet more quickly enough to take with the DNS cache on the router Mikrotik, so the client computer does not berlu far meresolve DNS on the ISP DNS server, the Router Mikrotik need to set in order to perform DNS cache storage

[admin @ mywifi]> ip dns set allow-remote-requests = yes

But all the client computers, setting the IP Address field is filled primary DNS, with its IP Address Router Mikrotik, to leave the secondary DNS is just empty. Note also the picture above when we type in a command, it will appear warning

"no such argument."

Then we set the machine so that we can be a Mikrotik router

[admin @ mywifi]> ip firewall nat

[admin @ mywifi] ip firewall nat> add chain = srcnat arc-address = 192.168.1.0/24 out-interface = ether1 action = Masquerade

We see the results

[admin @ mywifi] ip firewall nat> print

Now early in this we have been able to make Mikrotik Router, in order to know the results we do the ping test (for the command "ping" this must be done in the highest directory in the directory "admin") to the client computer from the router Mikrotik us, when it appears in the process ping are the words "ping time out" or "host unreachable" and we did not succeed to connect, try re-examine the setting Mikrotik also carefully or ip address configuration on the client computer, and then try to ping the internet address of the client computer or browsing from client computers, if successful the work is also our duty to make Mikrotik Router.

Hotspot Can Do Free Snifing from our House?

Hotspot Can Do Free Snifing from our House?

This question is often dilontarkan to the author, since the frequency of use 2.4Ghz released by the government, the growth of the network and wifi hotspot increased dramatically, entertainment parks, restaurants, cafes, offices and do not escape enliven atmosphere ber-hotspot ria. We can access the Internet free from places that have hotspotnya. This phenomenon ngiler create some opportunities for people to get berinternet ria, They even want to enjoy the free Internet from home with a wifi hotspot to shoot the signal from their residence, he he he can not ya ............
In general, creating a hotspot is by using a tool called access points, where the access points are equipped with internal antenna strength is about 3-5db, (eg, access points are in the picture beside) the access points with internal antennas are very limited in scope, about tens or even hundreds of square meters, above that, the signal difficult arrested, especially if the distance over 500 meters or more of the access points are, if you like the concept a fan of your favorite FM radio in Surabaya, and then when you are traveling to Semarang , if you can hear the radio broadcast you are favored, although the radio with the most expensive in Semarang? Hotspot concept in public places like that are designed for the user is not local to the outside of the hotspot is located. But if access points in the hotspot is outside the antenna / outdoor strength above 10 db or more, there is a possibility he can be accessed from a short distance away, although outside the hotspot is located. We suggest you do the survey first to place the hotspot for the type or brand of access points used and the type of antenna attached to the access points, also you should have enough knowledge about the wifi and the wifi equipment specifications, without the knowledge that difficult for you to "menembaknya", although some of the hotspot is created deliberately to "open", there is no pengamannya, so you are able to access them, "IF" you really are in a wifi signal reach its

Wireless networks

STEP BY STEP DHCP

Dynamic IP, this document describes briefly set DHCP on Linux machines. Only the translation.

DHCP Server Step-by-Step

What is DHCP
DHCP (Dynamic Host Configuration Protocol) is a protocol in which an IP address automatically provided from the server to clients. This means
Menghandle the DHCP server IP address, so that the other computer dalamnetwork does not need to manually set the address
Ip-nya. Setting up a DHCP server mean that we need to reduce the work setting up the network on each PC is connected
in a network.

To setup a DHCP server on linux (Redhat 6.0 used here)
required

LAN yag work well
dhcpd (dhcp-2.0b1pl6-6.i386.rpm or newer)

Redhat 6.0 in all required in the kernel has terkompiled in.
If you have a computer in a few network devices such as:

eth0 - nyambung to the Internet
eth1 - LAN to nyambung

You must determine Hati2 in the interface which will
have a DHCP service. Suppose diingankan a DHCP server
only request from eth1, and eth0 is not for the ISP to tekoneksi.

Download DHCP server software
Search in http://ww.rpmfind.net
or
nohup wget-T0 ftp://ftp.isc.org/isc/dhcp/dhcp-3.0b1pl17.tar.gz

Configure / etc / dhcpd.conf
After DHCP (either by NER or by source) is installed, create a configuration file
/ etc / dhcpd.conf. Suppose the network's internal IP address is 192.168.0.x
kira2 the configuration will be like this

# / Etc / dhcpd.conf
# Dhcpd Configuration
default-lease-time 86400; # one day
max-lease-time 86400; # one day

subnet 192.168.0.0 netmask 255.255.255.0 (
range 192.168.0.2 192.168.0.250;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
# # The IP address of the server name
option domain-name-servers 192.168.0.1;
option domain-name "mydomain.com";
# # If you have Samba acting as a Wins Server
option NetBIOS-name-servers 192.168.0.1;
NetBIOS option-dd-server 192.168.0.1;
NetBIOS node-option-type 8;
NetBIOS option-scope "";
)
If you have a Linux box and Samba DNS diperluka the extra
options in a specific configuration. If your DNS server
123123123123 and 123123123124 the required options below:

option domain-name-servers 123,123,123,123 123,123,123,124;

If you do not use Samba acting as a primary server and Wins
the "option NetBIOS-" you need to remove or comment out.

Configuring / etc / rc.d / init.d / dhcpd
If you install the DHCP package from the rpm will be obtained directly filestart up
/ etc / rc.d / init.d / dhcpd running order for both the need to change little in

#! / bin / sh
#
Dhcpd # This shell script takes care of starting and stopping
# Dhcpd.
#
# Chkconfig: 2345 65 35
# Description: dhcpd provide access to Dynamic Host Control Protocol.

# Source function library.
. / etc / rc.d / init.d / functions

# Source networking configuration.
. / etc / sysconfig / network

# Check that networking is up.
[$ (Networking) = "no"] & & exit 0

[-F / usr / sbin / dhcpd] | | exit 0
[-F / etc / dhcpd.conf] | | exit 0

# See how we were called.
case "$ 1" in
start)
# Start daemons.
echo-n "Starting dhcpd:"
/ sbin / route add-host 255255255255 dev eth1 2> / dev / null
daemon / usr / sbin / dhcpd eth1
echo
touch / var / lock / subsys / dhcpd
;
stop)
# Stop daemons.
echo-n "Shutting down dhcpd:
/ sbin / route del-host 255255255255 dev eth1 2> / dev / null
killproc dhcpd
echo
rm-f / var / lock / subsys / dhcpd
;
restart)
$ 0 stop
$ 0 start
;
status)
dhcpd status
;
*)
echo "Usage: dhcpd (start | stop | restart | status)"
exit 1
esac

exit 0

Required the addition of
/ sbin / route add-host 255255255255 dev eth1 2> / dev / null
at startup, and additional options when dhcpd eth1 run
DHCP server function that can only be direquest from eth1

Running DHCP
Before DHCP mejalankan first need to leases made before the file is empty

# Touch / etc / dhcpd.leases

If the file has been created over startpup run with

# / Etc / rc.d / init.d / dhcpd start

NAT with the 2.4.x kernel

On the new linux kernel, there are facilities Netfilter and iptables instead ipchains with the addition of some facilities of which the marks on each package is filtered, the addition of NAT and mangle table. Table-This table has its own function, according to the name, table NAT handle all the needs of the Network Addresss Translation, including port redirection and IP Masquerading, while for Mangle table can be used to sign on a package, and the next to be processed or transmitted on a particular condition.

Mangle table discussion on this is not discussed here, since it deviate from the topic we are, the Network Address Translation (NAT).

As discussed previously. changes also occurred in the implementation of IP Masquerading, which is originally placed in the filter table, but the iptables, IP Masqurading placed on the table that is distinctive NAT. Therefore, the author only add pengimplementasian IP Masquerading in the kernel 2.4.xx, while for the copyright still held sdr. Agus Hartanto :-).

If you do not know whether the IP Masquerade, and what uses, please see any posts of the NAT with linux works sdr. Agus, because in this article was not described in more detail about this, afraid of ideas later allegedly cheat other people :-), I also still use the picture presented by any posts sdr. Agus because iptables is basically similar to ipchains and so that readers understand it more easily. Discussion on examples raised using RedHat linux as a reference, so there may be differences in location of the file if you use a distribution other than RedHat.

1. Preparation
To connect to the internet using the IP Masquerade, at least there must be a linux machine in a network that is connected to the Internet and have at least one real / official IP, besides of course the Linux kernel must also support IP Masquerade. The program to enable IP Masquerade on kernel 2.4.x is to use iptables, although actual ipfwadm and ipchains is also available, but the iptables has kinekerja faster compared with the preceding, and has a higher level of security, such as limiting the number of incoming packets.

iptables is already available by default in the 2.4.x kernel, but if you want to mengkompilasinya separately, the program you can search and download through netfilter.samba.org, or through a site linux archive site such as Freshmeat.

For the first step, the computer-a computer connected to the internal network, should be given the IP address using private and placed in a netmask with a gateway computer.

Example:

-----------------
ISP ppp0 = 202.151.22.1 ----------+
----------------- |
|
|
|
+-------------+-------------+---------------+
| | | |
-----+----- -----+----- -----+----- -------+--------
192.168.1.2 192.168.1.3 192.168.1.4 eth0 = 192.168.1.1
----------- ----------- ----------- ----------------
CLIENT 1 CLIENT 2 CLIENT 3 Server

netmask = 255.255.255.0

For IP-Masquerade, your kernel must support some of the drivers below:

* Enable Loadable module support
CONFIG_MODULES
- Allow you to call the kernel component
in the form of a module

* Networking support
CONFIG_NET

* Network firewalls
CONFIG_FIREWALL

* TCP / IP networking
CONFIG_INET

* Netfilter Support
CONFIG_NETFILTER

* Netfilter: Connection Tracking
CONFIG_IP_NF_CONNTRACK

* Netfilter: Iptables support Style
CONNFIG_IP_NF_IPTABLES

* Netfilter: Filter packets
CONFIG_IP_NF_FILTER

* Netfilter: reject packets
CONFIG_IP_NF_TARGET_REJECT

* Netfilter: NAT Support
CONFIG_IP_NF_NAT
CONFIG_IP_NF_NAT_NEEDED

* Netfilter: IP Masquerading
CONFIG_IP_NF_TARGET_MASQUERADE

* Netfilter: Redirection
CONFIG_IP_NF_TARGET_REDIRECT

* Netfilter: IRC NAT Support
CONFIG_IP_NF_NAT_IRC

* Netfilter: Mangle Table
CONFIG_IP_NF_MANGLE

* Netfilter: Log target support
CONFIG_IP_NF_TARGET_LOG

* Netfilter: Ipchains Style Support
CONFIG_IP_NF_COMPAT_IPCHAINS

* Netfilter: Ipfwadm Style Support
CONFIG_IP_NF_COMPAT_IPFWADM

* Dummy net driver support
CONFIG_DUMMY

In the kernel 2.4.x installed on redhat, option-the option is activated in the form of modules, so you do not need kernel mengkompile back again, which of course is very tiring for the not :-). And to use the modules, you do not need to call first to use modprobe, but you only need to run iptables, and automatically, the required modules will be loaded into memory by iptables.

2. Enabling IP_FORWARDING
To enable ip_forward you need to give value 1 to the file / proc/sys/net/ipv4/ip_forward, for example, by typing the command prompt in linux:

[root @ server /] # echo "1"> / proc/sys/net/ipv4/ip_forward

This is very important to note, because the kernel since 2.0.34, the kernel does not enable it by default.

Or other means, you can add the following line in / etc / sysctl.conf:

net.ipv4.ip_forward = 1

with the line then the script / etc / rc.d / init.d / network will provide the value of 1 automatically to the file / proc/sys/net/ipv4/ip_forward at the start linux.

3. Calling the module module supporting IP Masquerade
As mentioned above, in the 2.4.x kernel modules that are available do not need to be called first, you just run iptables, and automatically, modules that are required will be loaded to memory. While some of the modules that are on the Netfilter kernel 2.4.x (located in the directory / lib/modules/2.4.x/kernel/net/ipv4/netfilter) is:

ipchains.o ip_nat_ftp.o iptable_nat.o ipt_mark.o ipt_owner.o ipt_TCPMSS.o
ip_conntrack_ftp.o ip_nat_irc.o ip_tables.o ipt_MARK.o ipt_REDIRECT.o ipt_tos.o
ip_conntrack_irc.o ip_queue.o ipt_limit.o ipt_MASQUERADE.o ipt_REJECT.o ipt_TOS.o
ip_conntrack.o iptable_filter.o ipt_LOG.o ipt_MIRROR.o ipt_state.o ipt_unclean.o
ipfwadm.o iptable_mangle.o ipt_mac.o ipt_multiport.o ipt_tcpmss.o

4. Configure IP Rules of Forwarding and Firewall does little
To enable IP Masquerade, you must give the command:

iptables-t nat-A POSTROUTING-s yyy.yyy.yyy.yyy. / x-j Masquerade as the table above.

For more details, try to note the example below:

1. You have a network with the gateway IP address 192.168.1.1 and the linux client 192.168.1.2 client s / d 192.168.0.4 with netmask 255.255.255.0, and you want to enable IP Masquerading on the address of this address, then you must type the command:

iptables-t nat-A POSTROUTING-s 192.168.1.0/24-d 0.0.0.0 / 0-j Masquerade

2. You have the address of the IP address above spt but you only want to bernomer client with IP 192.168.1.5 and 192.168.0.10 can only access the internet, then you should just type the command:

iptables-t nat-A POSTROUTING-s 192.168.1.5/32-d 0.0.0.0 / 0-j Masquerade
iptables-t nat-A POSTROUTING-s 192.168.1.10/32-d 0.0.0.0 / 0-j Masquerade

3. You have the address of the IP address spt above and you want all clients can access the Internet, unless the IP 192.168.1.5 and 192.168.1.10 are not able to access the internet, then you should type the command:

iptables-t nat-A POSTROUTING-s 192.168.1.0/24-d 0 / 0-j Masquerade

to enable masquerading. Then we cegat second computer with the command:

iptables-I INPUT-s 192.168.1.5/32-d 0 / 0-j DROP
iptables-I INPUT-s 192.168.1.10/32-d 0 / 0-j DROP

4. Certain administrative facilities facilities
We can also do pencegatan against the package that the package will go to a particular port, it also allows us to turn off or turn on some internet facilities, for example, you want your client with the address 192.168.1.5 is not allowed to do the chat, then we can deny men - , packets from the client 192.168.1.5 package that will go to the IRC port (example port number 6667).
Below is an example to intercept TCP packets from the client with the address 192.168.1.5 to the port 6667:

iptables-I INPUT-p tcp-s 192.168.1.5/32-d 0 / 0 - destination-port 6667-j DROP

To open or remove a rule that the rules we have created we can change the option-I, etc.-A, for example, with the option-D for example:

iptables-I INPUT-p tcp-s 192.168.1.5/32-d 0 / 0 - destination-port 6667-j DROP

can be removed with the command:

iptables-D INPUT-p tcp-s 192.168.1.5/32-d 0 / 0 - destination-port 6667-j DROP

5. Note option option iptables I used above

A rule-add
-I insert (insert) a firewall rule to the top of the line
D-delete rule you created
-s source address
-d destination address
In the DROP iptables deny unknown target, instead of using the DROP target

TECHNOLOGI