Friday, November 16, 2012

IPv4 Netmask reference

A netmask is a 32-bit mask used to divide an IP address into subnets and specify the networks available hosts. In a netmask, two bits are always automatically assigned. For example, in 255.255.225.0, "0" is the assigned network address; and in 255.255.255.255, "255" is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used.

There are plenty of these netmask references out there, but I prefer my own: hence this Tech Tip. We've never seen anybody use a network larger than a /4 (256M hosts), so we've truncated the table at that point

 
What is cisco notation,,,?
When creating ACLs for Cisco routers, one specifies networks using a base IP address and what looks like an inverted netmask: rather than set a one bit for each part of the address that's a network, they set a one bit for each part that's a host. 

Thursday, November 15, 2012

Download Tool

Packet tracer  (Cisco Simulator)

Putty 

masqurade nat cisco using overloading

Prerequerties
Read the article guncyber-net.blogspot.com/2012/11/masqurade-nat-on-cisco-router.html first

This is simple example for overloading :
================================================================
interface ethernet 0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.


interface ethernet 1
 ip address 10.10.20.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.


interface serial 0
 ip address 172.16.10.64 255.255.255.0
 ip nat outside

!--- Defines serial 0 with an IP address and as a NAT outside interface.


ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
 !

!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.


ip nat inside source list 7 pool ovrld overload
 !
 !
 !
 !

!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has the source address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP address.


access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31

==================================================================

Note: Cisco highly recommends that you do not configure access lists referenced by NAT commands with permit any. Using permit any can result in NAT consuming too many router resources which can cause network problems.

Notice in the previous configuration that only the first 32 addresses from subnet 10.10.10.0 and the first 32 addresses from subnet 10.10.20.0 are permitted by access-list 7. Therefore, only these source addresses are translated. There may be other devices with other addresses on the inside network, but these are not translated.

Services And support

Services :

1. Setup and manage Mikrotik router
  • BGP router
  • Bandwidth Management
  • Firewall
  • And other networking services
 2. Setup and manage Cisco router
  • BGP Router
  • Bandwidth Management
  • Firewall
  • Telephony services
  • And other networking services
3. Setup and manage Cisco switch
  • Vlan 
  • Trunk
  • Telepony services
4. Setup dan manage Ubuntu server
  • Basic server
  • Web server
  • Mail server (zimbra)
  • Smtp
  • Firewall
  • And other services 
5. Internet services provider
  • Dedicated Internet Services Wireless Connection
  • Dedicated Internet Services Fiber Optic Connection
  • Note : our partner www.cic.net.id
 
Contact us :
email : gunadi.x@gmail.com
Facebook : www.facebook.com/guncyber
Phone : +62 83184209909

Installing squid on Ubuntu

Step 1
Update adn upgrade system :
sudo apt-get update
sudo apt-get upgrade

Step 2
Install squid proxy server
sudo apt-get install squid

Stpe 3
Copy the original squid the configuration
cp /etc/squid/squid.conf /etc/squid/squid.conf.original

Step 4
Setting up configuration of squid
1. To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:

    http_port 8888

2.Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer's hostname. In this example it is set to weezie

    visible_hostname weezie

3. Using Squid's access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl fortytwo_network src 192.168.42.0/24

    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow fortytwo_network

4. Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we'll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/42 subnetwork:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl biz_network src 10.1.42.0/24
    acl biz_hours time M T W T F 9:00-17:00


    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow biz_network biz_hours

After making changes to the /etc/squid/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:


Step 5

Restart the squid server 
sudo /etc/init.d/squid restart



Or you can setting up the squid server via Webmin, but you should have already webmin on your ubuntu server, for setting up squid on menu Server - Squid Proxy Server like this picture :