Friday, November 16, 2012

IPv4 Netmask reference

A netmask is a 32-bit mask used to divide an IP address into subnets and specify the networks available hosts. In a netmask, two bits are always automatically assigned. For example, in 255.255.225.0, "0" is the assigned network address; and in 255.255.255.255, "255" is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used.

There are plenty of these netmask references out there, but I prefer my own: hence this Tech Tip. We've never seen anybody use a network larger than a /4 (256M hosts), so we've truncated the table at that point

 
What is cisco notation,,,?
When creating ACLs for Cisco routers, one specifies networks using a base IP address and what looks like an inverted netmask: rather than set a one bit for each part of the address that's a network, they set a one bit for each part that's a host. 

Thursday, November 15, 2012

Download Tool

Packet tracer  (Cisco Simulator)

Putty 

masqurade nat cisco using overloading

Prerequerties
Read the article guncyber-net.blogspot.com/2012/11/masqurade-nat-on-cisco-router.html first

This is simple example for overloading :
================================================================
interface ethernet 0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.


interface ethernet 1
 ip address 10.10.20.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.


interface serial 0
 ip address 172.16.10.64 255.255.255.0
 ip nat outside

!--- Defines serial 0 with an IP address and as a NAT outside interface.


ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
 !

!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.


ip nat inside source list 7 pool ovrld overload
 !
 !
 !
 !

!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has the source address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP address.


access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31

==================================================================

Note: Cisco highly recommends that you do not configure access lists referenced by NAT commands with permit any. Using permit any can result in NAT consuming too many router resources which can cause network problems.

Notice in the previous configuration that only the first 32 addresses from subnet 10.10.10.0 and the first 32 addresses from subnet 10.10.20.0 are permitted by access-list 7. Therefore, only these source addresses are translated. There may be other devices with other addresses on the inside network, but these are not translated.

Services And support

Services :

1. Setup and manage Mikrotik router
  • BGP router
  • Bandwidth Management
  • Firewall
  • And other networking services
 2. Setup and manage Cisco router
  • BGP Router
  • Bandwidth Management
  • Firewall
  • Telephony services
  • And other networking services
3. Setup and manage Cisco switch
  • Vlan 
  • Trunk
  • Telepony services
4. Setup dan manage Ubuntu server
  • Basic server
  • Web server
  • Mail server (zimbra)
  • Smtp
  • Firewall
  • And other services 
5. Internet services provider
  • Dedicated Internet Services Wireless Connection
  • Dedicated Internet Services Fiber Optic Connection
  • Note : our partner www.cic.net.id
 
Contact us :
email : gunadi.x@gmail.com
Facebook : www.facebook.com/guncyber
Phone : +62 83184209909

Installing squid on Ubuntu

Step 1
Update adn upgrade system :
sudo apt-get update
sudo apt-get upgrade

Step 2
Install squid proxy server
sudo apt-get install squid

Stpe 3
Copy the original squid the configuration
cp /etc/squid/squid.conf /etc/squid/squid.conf.original

Step 4
Setting up configuration of squid
1. To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:

    http_port 8888

2.Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer's hostname. In this example it is set to weezie

    visible_hostname weezie

3. Using Squid's access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl fortytwo_network src 192.168.42.0/24

    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow fortytwo_network

4. Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we'll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/42 subnetwork:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl biz_network src 10.1.42.0/24
    acl biz_hours time M T W T F 9:00-17:00


    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow biz_network biz_hours

After making changes to the /etc/squid/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:


Step 5

Restart the squid server 
sudo /etc/init.d/squid restart



Or you can setting up the squid server via Webmin, but you should have already webmin on your ubuntu server, for setting up squid on menu Server - Squid Proxy Server like this picture :








Masqurade NAT On Cisco Router

Step 1 

Defining NAT Inside and Outside Interfaces :

The first step to deploy NAT is to define NAT inside and outside interfaces. You may find it easiest to define your internal network as inside, and the external network as outside. However, the terms internal and external are subject to arbitration as well. This figure shows an example of this.

















Step 2 


Allowing internal user to access internet :

You many want to allow internal users to access the internet, but you may not have enough valid addresses to accommodate everyone. If all communication with devices in the internet originate from the internal devices, you need a single valid address or a pool of valid addresses.This figure shows a simple network diagram with the router interfaces defined as inside and outside:










In this example, you want NAT to allow certain devices (the first 31 from each subnet) on the inside to originate communication with devices on the outside by translating their invalid address to a valid address or pool of addresses. The pool has been defined as the range of addresses 172.16.10.1 through 172.16.10.63. 

Now  you are ready to configure NAT. In order to accomplish what is defined above, use dynamic NAT. With dynamic NAT, the translation table in the router is initially empty and gets populated once traffic that needs to be translated passes through the router. As opposed to static NAT, where a translation is statically configured and is placed in the translation table without the need for any traffic

In this example, you can configure NAT to translate each of the inside devices to a unique valid address, or to translate each of the inside devices to the same valid address. This second method is known as overloading. An example of how to configure each method is given here.

Command : 
interface ethernet 0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.


interface ethernet 1
 ip address 10.10.20.1 255.255.255.0
 ip nat inside

!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.


interface serial 0
 ip address 172.16.10.64 255.255.255.0
 ip nat outside

!--- Defines serial 0 with an IP address and as a NAT outside interface.


ip nat pool no-overload 172.16.10.1 172.16.10.63 prefix 24
 !

!--- Defines a NAT pool named no-overload with a range of addresses
!--- 172.16.10.1 - 172.16.10.63.


ip nat inside source list 7 pool no-overload
 !
 !

!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has
!--- the source address translated to an address out of the
!--- NAT pool "no-overload".


access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.
 
-- Complete --



Source :
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic3








Wednesday, November 14, 2012

Assign IP address Mikrotik

Using command line

IP address management can be accessed under the /ip address submenu:

[MikroTik] ip address>
IP addresses are given to router to access it remotely and to specify it as a
gateway for other hosts/routers.

    print  Show IP addresses
      get  get value of item's property
     find  Find addresses
      set  Change IP address properties
      add  Add IP address
   remove  Remove IP address
   enable  Enable IP address
  disable  Disable IP address
  comment  Set comment for IP address
   export  Export list of IP addresses
[MikroTik] ip address> 
 

Assign IP address to Cisco Router

Step 1
Connecting the computer and the router using Console Cable.

Step 2
Entering to the router using Putty aplication like this picture