configuration speedy connection with load balancing prolink

Wednesday, January 30, 2008

This summary is not available. Please click here to view the post.

Labels: , ,

Free BSD Router with PPPOE Dial

Friday, January 4, 2008

source from sentot
a. Device Configutarion
> cat /etc/rc.conf
sshd_enable="YES"
fsck_y_enable="YES"
gateway_enable="YES"
natd_interface="tun0"
ifconfig_xl0="up"
ifconfig_xl1="inet 192.168.10.10 netmask 255.255.255.0"
hostname="router.yourhostname"
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="speedy"
ppp_nat="YES"
b. Firewall, IDS, Deamon Configuration
> cat /etc/rc.local
/usr/local/bin/portsentry -tcp
/usr/local/bin/portsentry -udp
/sbin/ipfw add deny tcp from any to any 135-137/sbin/ipfw add deny udp from any to any 135-137
/sbin/ipfw add deny tcp from any to any 6257/sbin/ipfw add deny udp from any to any 6257
/sbin/ipfw add deny tcp from any to any 6699/sbin/ipfw add deny udp from any to any 6699
/sbin/ipfw add deny tcp from any to any 2754/sbin/ipfw add deny udp from any to any 2754
/sbin/ipfw add deny tcp from any to any 2535/sbin/ipfw add deny udp from any to any 2535
/sbin/ipfw add deny tcp from any to any 4661-4672/sbin/ipfw add deny udp from any to any 4661-4672
/sbin/ipfw add deny tcp from any to any 1214/sbin/ipfw add deny udp from any to any 1214
/sbin/ipfw add deny tcp from any to any 1024/sbin/ipfw add deny udp from any to any 1024
/sbin/ipfw add deny tcp from any to any 6881-6889/sbin/ipfw add deny udp from any to any 6881-6889
/sbin/ipfw add deny tcp from any to any 6346-6347/sbin/ipfw add deny udp from any to any 6346-6347
/sbin/ipfw add deny tcp from any to any 8000/sbin/ipfw add deny udp from any to any 8000
/sbin/ipfw add deny tcp from any to any 8372/sbin/ipfw add deny udp from any to any 8372
/sbin/ipfw add deny tcp from any to any 8360/sbin/ipfw add deny udp from any to any 8360
/usr/local/squid/sbin/squid -D
/sbin/ipfw add 350 fwd 192.168.10.10,3128 tcp from 192.168.10.0/24 to any www
c. Simple squid configuration
> cat squid.conf
http_port 192.168.10.10:3128
icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? js
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /cache 3000 16 256 Q1=72 Q2=64
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
ftp_user areksitiung@yahoo.com
wais_relay_port 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minute
positive_dns_ttl 6 hour
negative_dns_ttl 5 minute
range_offset_limit 0 KB
acl porn url_regex "/usr/local/squid/etc/bokep.txt"
acl noporn url_regex "/usr/local/squid/etc/nobokep.txt"
acl all src 0.0.0.0/0.0.0.0
acl manager proto
cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl handikanet src 192.168.10.0/24
acl SSL_ports port 443 563
acl irc_ports port 6667
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access deny porn !noporn
http_access allow manager localhost
http_access allow handikanet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CONNECT !irc_ports
http_access deny all
icp_access allow all
connect_timeout 2 minute
peer_connect_timeout 30 seconds
read_timeout 15 minute
request_timeout 30 second
client_lifetime 5 day
pconn_timeout 120 second
shutdown_lifetime 30 second
cache_mgr yourmail@yahoo.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.yourhostname.com
logfile_rotate 10
forwarded_for on
log_icp_queries off
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db offnetdb_low 900net
db_high 1000net
db_ping_period 5 minutes
query_icmp on
test_reachability on
nonhierarchical_direct off
prefer_direct on
ignore_unknown_nameservers on
high_memory_warning
0store_dir_select_algorithm round-robin
ie_refresh on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#acl magic_words1 url_regex -i 192.168.10.
#acl magic_words2 url_regex -i .update .ftp .torrent .exe .vqf .rpm .zip .rar
.tar.gz .iso .mpeg .mp3 .mpe .mpg .qt .ram .rm .raw .wav .wmv .mov .avi .gp3
.fla .dat
delay_pools 3
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2delay_parameters 2 8000/80000 8000/80000
delay_access 2 allow magic_words2

Labels: ,

Planning Internet Cafe With Speedy internet Connection

Tuesday, December 25, 2007

Using PC LINUX and router Mikrotik

Network Schema 192.168.1.2/29

Modem 4 Port ----------Mikrotik ---Hub-------Client 192.168.0.0/24

192.168.1.1/29 192.168.0.254/24

Linux proxy
192.168.1.3/29

A. Router Mikrotik Configuration

a. Interface

/ interface ethernet
set Local name="Local" mtu=1500 mac-address=00:50:DA:5F:AB:16 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
set Public name="Public" mtu=1500 mac-address=00:A0:D2:11:C2:79 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no

b. ARP

/ ip arp
add address=192.168.0.7 mac-address=00:19:21:14:4A:E7 interface=Local \
comment="" disabled=no
add address=192.168.0.4 mac-address=00:E0:4D:2F:81:6E interface=Local \
comment="" disabled=no
add address=192.168.0.1 mac-address=00:1B:B9:57:79:75 interface=Local \
comment="" disabled=no
add address=192.168.0.6 mac-address=00:E0:4D:2F:4D:F3 interface=Local \
comment="" disabled=no
add address=192.168.0.11 mac-address=00:1B:B9:57:7E:31 interface=Local \
comment="" disabled=no
add address=192.168.0.2 mac-address=00:E0:4D:2F:81:6D interface=Local \
comment="" disabled=no
add address=192.168.0.5 mac-address=00:19:21:DD:90:F4 interface=Local \
comment="" disabled=no
add address=192.168.0.10 mac-address=00:1B:B9:95:EB:6D interface=Local \
comment="" disabled=no
add address=192.168.0.253 mac-address=00:1A:92:56:79:5E interface=Local \
comment="" disabled=no
add address=192.168.1.1 mac-address=00:18:6E:CA:4F:2E interface=Public \
comment="" disabled=no
add address=192.168.1.3 mac-address=00:1B:11:66:2A:69 interface=Public \
comment="" disabled=no
c. DNS ISP
/ ip dns
set primary-dns=192.168.1.3 secondary-dns=202.134.0.155 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w

d. IP address

/ ip address
add address=192.168.1.2/29 network=192.168.1.0 broadcast=192.168.1.7 \
interface=Public comment="" disabled=no
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \
interface=Local comment="" disabled=no

e. Mangle

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.0/24 protocol=icmp \
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes \
comment="ToS" disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet \
new-packet-mark=ICMP-PM passthrough=yes comment="" disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay \
comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet \
new-packet-mark=DNS-PM passthrough=yes comment="" disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay \
comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="Services" \
disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3128 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=http passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
new-connection-mark=ym_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet \
new-packet-mark=ym passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
new-connection-mark=cs_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet \
new-packet-mark=cs passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6667-7000 action=mark-connection \
new-connection-mark=irc_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
new-packet-mark=irc passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=mt_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
new-packet-mark=mt passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
new-connection-mark=email_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet \
new-packet-mark=email passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
new-connection-mark=ssh_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet \
new-packet-mark=ssh passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=500-3127 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=3129-6665 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7001-65535 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=500-3127 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=3129-6665 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=7001-65535 action=mark-connection \
new-connection-mark=games_conn passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=games_conn action=mark-packet \
new-packet-mark=games passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet \
new-packet-mark=Naik passthrough=no comment="Up Traffic" disabled=no
add chain=forward src-address=192.168.0.0/24 action=mark-connection \
new-connection-mark=Koneksi passthrough=yes comment="Conn-Mark" \
disabled=no
add chain=forward in-interface=Public connection-mark=Koneksi \
action=mark-packet new-packet-mark=Turun passthrough=no \
comment="Down-Direct Connection" disabled=no
add chain=output out-interface=Local dst-address=192.168.0.0/24 \
action=mark-packet new-packet-mark=Turun passthrough=no comment="Down-Via \
Proxy" disabled=no
f. ip nat

/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment="" disabled=no
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=80 \
dst-address-list=!servergames action=dst-nat to-addresses=192.168.1.3 \
to-ports=8080 comment="Pakai Proxy Linux" disabled=no
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=3128 \
dst-address-list=!servergames action=dst-nat to-addresses=192.168.1.3 \
to-ports=8080 comment="" disabled=no
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=8080 \
dst-address-list=!servergames action=dst-nat to-addresses=192.168.1.3 \
to-ports=8080 comment="" disabled=no
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=80 \
action=redirect to-ports=8080 comment="Tanpa proxy Linux" disabled=yes
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=3128 \
action=redirect to-ports=8080 comment="" disabled=yes
add chain=dstnat src-address=192.168.0.0/24 protocol=tcp dst-port=8080 \
action=redirect to-ports=8080 comment="" disabled=yes

g. filter

/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop invalid \
connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow \
esatblished connections" disabled=no
add chain=input connection-state=related action=accept comment="Allow related \
connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input in-interface=!Public action=accept comment="Allow connection \
to router from local network" disabled=no
add chain=input action=drop comment="Drop everything else" disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
address-list=knock address-list-timeout=15s comment="" disabled=no
add chain=input protocol=tcp dst-port=7331 src-address-list=knock \
action=add-src-to-address-list address-list=safe address-list-timeout=15m \
comment="" disabled=no
add chain=input connection-state=established action=accept comment="accept \
established connection packets" disabled=no
add chain=input connection-state=related action=accept comment="accept related \
connection packets" disabled=no
add chain=input connection-state=invalid action=drop comment="drop invalid \
packets" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and \
drop port scan connections" disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \
action=tarpit comment="suppress DoS attack" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="detect DoS attack" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment="jump to \
chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="jump to chain \
services" disabled=no
add chain=input dst-address-type=broadcast action=accept comment="Allow \
Broadcast Traffic" disabled=no
add chain=input action=log log-prefix="Filter:" comment="" disabled=no
add chain=input action=accept comment="Allow access to router from known \
network" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="" \
disabled=no
add chain=input src-address=192.168.5.0/29 action=accept comment="" \
disabled=no
add chain=input src-address=192.168.4.0/29 action=accept comment="" \
disabled=no
add chain=input src-address=63.219.6.0/24 action=accept comment="" disabled=no
add chain=input src-address=125.0.0.0/8 action=accept comment="" disabled=no
add chain=input action=drop comment="drop everything else" disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment="0:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment="3:3 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment="3:4 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment="8:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment="11:0 and limit for 5pac/s" disabled=no
add chain=ICMP protocol=icmp action=drop comment="Drop everything else" \
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="Port \
scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="NMAP FIN Stealth scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/FIN \
scan" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="SYN/RST \
scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="FIN/PSH/URG scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="ALL/ALL scan" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="NMAP NULL scan" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="dropping \
port scanners" disabled=no
add chain=forward connection-state=established action=accept comment="allow \
established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow \
related connections" disabled=no
add chain=forward connection-state=invalid action=drop comment="drop invalid \
connections" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop \
Blaster Worm" disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop \
Messenger Worm" disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster \
Worm" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" \
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" \
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" \
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" \
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" \
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" \
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" \
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" \
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" \
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop \
Beagle.C-K" disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment="Drop MyDoom" \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor \
OptixPro" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" \
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" \
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" \
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop \
Dabber.A-B" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop \
Dumaru.Y" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop \
MyDoom.B" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" \
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" \
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop \
SubSeven" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, \
Agobot, Gaobot" disabled=no
add chain=forward action=jump jump-target=virus comment="jump to the virus \
chain" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop Invalid \
connections" disabled=no
add chain=input connection-state=established action=accept comment="Allow \
Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop \
comment="drop invalid connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow \
already established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow \
related connections" disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment="" \
disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" \
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" \
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" \
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC \
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC \
portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" \
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" \
disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" \
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny \
NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" \
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny \
BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" \
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" \
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC \
portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC \
portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" \
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" \
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny \
BackOriffice" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop \
invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow \
established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow \
already established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow \
source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow \
echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow \
time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow \
parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
add chain=input connection-state=established action=accept comment="Accept \
established connections" disabled=no
add chain=input connection-state=related action=accept comment="Accept related \
connections" disabled=no
add chain=input connection-state=invalid action=drop comment="Drop invalid \
connections" disabled=no
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Allow \
limited pings" disabled=no
add chain=input protocol=icmp action=drop comment="Drop excess pings" \
disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment="SSH for secure \
shell" disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" \
disabled=no
add chain=input src-address=159.148.172.192/28 action=accept comment="From \
Mikrotikls network" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="From our \
private LAN" disabled=no
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything \
else" disabled=no
add chain=tcp protocol=tcp p2p=all-p2p action=drop comment="deny DHCP" \
disabled=no
add chain=tcp src-address=192.168.0.2 protocol=tcp dst-port=3133 p2p=all-p2p \
action=drop comment="deny BackOriffice" disabled=no
h. ip firewaal address list
/ ip firewall address-list
add list=servergames address=202.93.20.201 comment="" disabled=no
i.queue type

/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name="PFIFO-64" kind=pfifo pfifo-limit=64
add name="default-small" kind=pfifo pfifo-limit=10
add name="pcq-download" kind=pcq pcq-rate=384000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name="pcq-upload" kind=pcq pcq-rate=64000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000

j.queue tree

/ queue tree
add name="ICMP" parent=global-in packet-mark=ICMP-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="DNS" parent=global-in packet-mark=DNS-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="downstream" parent=Local packet-mark=Turun limit-at=0 \
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="upstream" parent=global-in packet-mark=Naik limit-at=0 \
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
k. queue simple

/ queue simple
add name="Fantasy.net" dst-address=0.0.0.0/0 interface=Local parent=none \
priority=1 queue=default/default limit-at=0/786000 max-limit=0/786000 \
total-queue=default disabled=no
add name="01" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default time=0s-0s, p2p=fasttrack \
disabled=no
add name="02" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default disabled=no
add name="03" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default disabled=no
add name="04" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default time=0s-0s, disabled=no
add name="06" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default p2p=fasttrack disabled=no
add name="05" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/60000 total-queue=default disabled=no
add name="07" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default disabled=no
add name="08" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default disabled=no
add name="09" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default disabled=no
add name="10" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 queue=default/default \
limit-at=0/16000 max-limit=8000/48000 total-queue=default disabled=no
add name="11" target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/48000 total-queue=default p2p=all-p2p disabled=no
add name="Server" target-addresses=192.168.0.253/32 dst-address=0.0.0.0/0 \
interface=Local parent=Fantasy.net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 \
max-limit=8000/120000 total-queue=default disabled=yes

B. LINUX Proxy

a. vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=00:1B:11:66:2A:69
IPADDR=192.168.1.3
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet

b. Routing Proxy Ke Modem

[root@proxies squid]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

169.254.0.0 * 255.255.0.0 U 0 0 0 eth0

default . 192.168.1.1 UG 0 0 0 eth0

c. named.conf

tambahkan opsi fowarder di named.conf

// query-source address * port 53;
forwarders {
203.130.193.74;
202.134.0.155;
202.134.2.5;
};

};

d. resolve.conf

[root@proxies squid]# cat /etc/resolv.conf
nameserver 192.168.1.1
nameserver 203.130.193.74
nameserver 202.134.0.155
nameserver 202.134.2.5

e. Squid.conf

http_port 8080
#icp_port 3130

icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cache
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

### Opsi Tuning Squid
refresh_pattern -i \.(swfpngjpgjpegbmptiffpnggif) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(movmpgmpegflvavimp33gpsiswma) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(zipraracebzbz2targzexe) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i (.*html$.*htm.*shtml.*aspx.*asp) 43200 90% 1440 reload-into-ims override-lastmod
refresh_pattern -i \.(classcssjsgifjpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpejpegpngbmptif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiffmovaviqtmpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpgmpewavaumid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zipgzarjlhalzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rartgztarexebin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqxpdfrtfdocswf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inccabadtxtdll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(aspacgiplshtmlphp3php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache
#cache_dir aufs /cache 20000 16 256
#cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
cache_dir aufs /cache 50000 16 256

### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off

### DNS server
dns_nameservers 127.0.0.1

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB

### Opsi Timeout
connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off
pconn_timeout 15 second
shutdown_lifetime 15 second

### Opsi ACL
acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.1.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i \.(aiffasfavidifdivxmovmoviemp3mpe?g?mpv2oggra?msndqtwavwmfwmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager

http_access allow manager IIX Safe_ports
http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all

### Paramater Administratif
cache_mgr support@fantasy.war.net.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.fantasy.war.net.id

### Opsi Akselerator
memory_pools off
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off

### Pendukung Transparan Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

### Membatasi Besar File untuk download
reply_body_max_size 3512000 allow client block tidakbebasdownload

### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all

header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en

f. firewall tambahan di proxy

#05-12-05
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 12 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 12 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 12 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 12 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 16 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 16 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 16 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 16 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 17 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 17 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 17 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 17 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 12:20 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 12:20 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 12:20 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 12:20 -j REJECT

/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 110 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 110 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 110 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 110 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 25 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 25 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 25 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 25 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 123 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 123 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 123 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 123 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 23 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 --destination-port 23 -j REJECT

/sbin/iptables -N syn-flood
/sbin/iptables -A INPUT -i input_interface -p tcp --syn -j syn-flood
/sbin/iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
/sbin/iptables -A syn-flood -j DROP

/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 199 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 --destination-port 199 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 199 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 --destination-port 199 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 119 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 --destination-port 119 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 119 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 --destination-port 119 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 111 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 --destination-port 111 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 111 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 --destination-port 111 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 --destination-port 411 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 --destination-port 411 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 67:68 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 --destination-port 67:68 -j REJECT

Have nice try this tips.

Labels: , ,

Simple sample Prolink Load Balancing Cryptone.Net

Tuesday, December 11, 2007

Config Show


System Configuration Setting
=========================================================================
Firmware: Version : TMH121-A V1013-MB2.4-E
Release Date : Jan 24 2006
Printout Time : SUN NOV 25 16:30:40 2007
Time Zone : GM+08:00
Primary NTP IP: time.chttl.com.tw
Secondary NTP : stdtime.gov.hk
=========================================================
LAN status: IP address : 192.168.1.1
MAC address : 00:D0:DA:00:18:51
Mask : 255.255.255.0
Dhcp status : Enable
Dhcp IP Start : 192.168.1.12 - 192.168.1.20
DNS IP address: 203.130.193.74
=========================================================
DHCP
reserved IP: MAC address IP address
-----------------------------------
=========================================================
WAN status: 1.IP address : 192.168.11.100
Netmask : 255.255.255.0
MAC address : 00.d0.da.00.18.52
Connect To : InterNet
Current status: Enable
Healthy Check : NoDefault
Type : Static IP
Primary DNS : 192.168.11.254
Secondary DNS : 203.130.193.74
GatewayAddress: 192.168.11.254
Schedule : Disable
---------------------------------------------------------
2.IP address : 192.168.12.100
Netmask : 255.255.255.0
MAC address : 00.d0.da.00.18.53
Connect To : InterNet
Current status: Enable
Healthy Check : NoDefault
Type : Static IP
Primary DNS : 192.168.12.254
Secondary DNS : 203.130.193.74
GatewayAddress: 192.168.12.254
Schedule : Disable
=========================================================
Routing setup: Work mode : Basic NAT mode
Static Route :
Network NetMask Gateway Status
-------------------------------------------------------
---------------------------------------------------------
Dynamic Route : Status: Disable
=========================================================
Routing Table: Network NetMask Gateway
---------------------------------------------------
0.0.0.0 0.0.0.0 192.168.12.254
192.168.1.0 255.255.255.0 192.168.1.1
192.168.11.0 255.255.255.0 192.168.11.100
192.168.12.0 255.255.255.0 192.168.12.100
=========================================================
IP Filtering: No. IP address Port Pass/Drop status
-------------------------------------------------------------------------------------------
=========================================================
Remote
IP Filtering: No. IP address Status
---------------------------
=========================================================
DoS Defense: Function Parameter Time of Lock Status
---------------------------------------------------------
Oversized Ping 32 Enable
Port Scan 1000 5 Enable
TCP SYN Flooding (Wan) 1000 5 Enable
TCP SYN Flooding (Lan) 1000 5 Enable
ICMP Flooding (Wan) 1000 5 Enable
ICMP Flooding (Lan) 1000 5 Enable
UDP Flooding (Wan) 1000 5 Enable
UDP Flooding (Lan) 1000 5 Enable
=========================================================
ALG: Options Status
---------------------------------------------------------
Ipsec Pass Through (Port 500) Disable
PPTP Pass Through (Port 1723) Disable
VOIP Pass Through Disable
=========================================================
Virtual Server: ID Global_Port Local_Port Local_IP_address Status
-----------------------------------------------------
---------------------------------------------------------
Group: StartPort EndPort Local_IP_address TCP/UDP Status
-----------------------------------------------------
=========================================================
Multi-DMZ Host: No. DMZ_Host_IP_address IP_address_from_ISP Status
-----------------------------------------------------
---------------------------------------------------------
Dynamic-IP-DMZ: Wan HOST_IP_address Status
----------------------------------
1 0.0.0.0 Disable
2 0.0.0.0 Disable
=========================================================
Multi-NAT: No LAN_IP_address NetMask Wan_IP Wan_No
---------------------------------------------------------
=========================================================
Load Balance: Weight Round Robin
Wan 1: 1
Wan 2: 1
=========================================================
Dynamic DNS: Status : Disable
=========================================================
Proxy Server: Status: Disable
=========================================================
Mail Alert : Status: Disable
=========================================================
URL Filtering : Status: Disable
=========================================================
Throughput
Control : Wan DownLoad(kbits/s) UpLoad(kbits/s) Port Usage% Status
---------------------------------------------------------
1. 384 64
---------------------------------------------------------
2. 384 64
=========================================================
WAN CONTROL:
Special : StartPort EndPort Select-WAN Status
Application ----------------------------------------
1000 3127 Wan1 Enable
3129 8079 Wan1 Enable
8081 65000 Wan1 Enable
1 1000 Wan2 Enable
3128 3128 Wan2 Enable
8080 8080 Wan2 Enable
6667 7000 Wan2 Enable
5050 5060 Wan2 Enable
---------------------------------------------------------
IP binding : No Start-Remote-IP End-Remote-IP StartPort EndPort Select-WAN Status
-------------------------------------------------------------------------
1. 0.0.0.0 0.0.0.0 1000 3127 Wan1 Enable
2. 0.0.0.0 0.0.0.0 3129 8079 Wan1 Enable
3. 0.0.0.0 0.0.0.0 8081 65000 Wan1 Enable
4. 0.0.0.0 0.0.0.0 1 1000 Wan2 Enable
5. 0.0.0.0 0.0.0.0 3128 3128 Wan2 Enable
6. 0.0.0.0 0.0.0.0 8080 8080 Wan2 Enable
7. 0.0.0.0 0.0.0.0 6667 7000 Wan2 Enable
8. 0.0.0.0 0.0.0.0 5050 5060 Wan2 Enable
---------------------------------------------------------
Special IP : Start-IP-Address End-IP-Address WAN Status
Assignment --------------------------------------------
=========================================================
QoS IP Control: Local_IP_address DownLoad(kbits) UpLoad(kbits) Wan-Apply Min/Max Status
------------------------------------------------------------------------
=========================================================
Remote Control: Status: Disable
=========================================================
MAC IP binding: Status : Enable
Selection: BLOCK all packets
which were not in the following list
MAC-Address IP-Address
----------------------------------
=========================================================================

Labels:

Simple Sample DLINK Load Balancing Configuration

1a.jpg

Wan 1 Configuration

2a.jpg

config wan 2

4.jpg
Config Porting LoadBalancing for trafik priority

3.jpg

dlink statistics

Labels:

Detail CISCO DSLAM

Monday, December 10, 2007

User EXEC Mode

When you log in to the Cisco DSLAM, you are in user EXEC, or simply EXEC, command mode. The EXEC mode commands available at the user level are a subset of those available at the privileged level. The user EXEC mode commands allow you to connect to remote switches, change terminal settings on a temporary basis, perform basic tests, and list system information.

The user EXEC mode prompt consists of the DSLAM host name followed by the angle bracket (>):

Frodo>

or

DSLAM>

The default host name is DSLAM, unless it has been changed through use of the host name global configuration command.
Privileged EXEC Mode

The privileged EXEC mode command set includes all user EXEC mode commands and the configure command, through which you can access global configuration mode and the remaining configuration submodes. Privileged EXEC mode also includes high-level testing commands, such as debug, and commands that display potentially secure information.

To enter or exit privileged EXEC mode, follow these steps:

Command Task
Step 1

DSLAM> enable



Password:password

Enter privileged EXEC mode from EXECmode.1
Step 2

DSLAM#

Enter privileged EXEC commands.
Step 3

DSLAM# disable



DSLAM>

Exit privileged EXEC mode and return to EXEC mode.2
1The prompt changes to the DSLAM host name followed by the pound sign (#).
2The prompt changes back to the DSLAM host name followed by the angle bracket (>).

The system administrator uses the enable password global configuration command to set the password, which is case sensitive. If an enable password was not set, you can access privileged EXEC mode only from the console.
ROM Monitor Mode

ROM monitor mode provides access to a basic system kernel, from which you can boot the Cisco DSLAM or perform diagnostic tests. The system can enter ROM mode automatically if the Cisco DSLAM does not find a valid system image, or if the configuration file is corrupted. The ROM monitor prompt is rommon x> without the DSLAM host name. The x represents the number of commands entered into the prompt.

You can also enter ROM monitor mode by interrupting the boot sequence with the Break key during loading.

To return to EXEC mode from ROM monitor mode, use the cont command:

rommon 1> cont



DSLAM>

Global Configuration Mode

Global configuration mode provides access to commands that apply to the entire system. From global configuration mode you can also enter the other configuration modes described in these sections.

Command Task
Step 1

DSLAM# configure

or

DSLAM# configure terminal
Enter global configuration mode from privileged EXEC mode.
Step 2

Configuring from terminal, memory,

or network [terminal]?

This prompt appears only if you use the first option in Step 1. Specify the source of the configuration commands at the prompt. You can specify the terminal, NVRAM, or a file stored on a network server as the source of configuration commands. The default is to enter commands from the terminal console.
Step 3

DSLAM(config)#

Enter configuration commands.1
Step 4

DSLAM(config)# exit

Exit global configuration mode and return to privileged EXEC mode.
1The prompt changes to (config)#.
Interface Configuration Mode

Interface configuration mode provides access to commands that apply to an interface. Use these commands to modify the operation of an interface such as an ATM, Ethernet, or asynchronous port.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# interface interface-type

interface-number

Enter interface configuration mode from global configuration mode.1
Step 3

DSLAM(config-if)# exit

Exit interface configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-if)#.
Profile Configuration Mode

Profile configuration mode provides access to DSL profile commands. (See "Configuring Digital Subscriber Lines".)

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# dsl-profile profile-name

Enter profile configuration mode and specify a profile.1
Step 3

DSLAM(cfg-dsl-profile)# exit

Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (cfg-dsl-profile)#.
Line Configuration Mode

Line configuration mode provides access to commands used to configure lines on the DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# line line-index

Enter line configuration mode from global configuration mode.1
Step 3

DSLAM(config-line)# exit

Exit profile mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-line)#.
ATM Router Configuration Mode

ATM router configuration mode provides access to commands used to configure Private Network-to-Network Interface (PNNI) routing.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm router pnni

Enter ATM router configuration mode from global configuration mode.1
Step 3

DSLAM(config-atm-router)# exit

Exit ATM router configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
PNNI Node Configuration Mode

The PNNI node configuration mode is a submode of ATM router configuration mode and provides access to commands you use to configure PNNI nodes on the Cisco DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm router pnni

Enter ATM router configuration mode from global configuration mode.1
Step 3

DSLAM(config-atm-router)# node

node-index

Enter PNNI node configuration mode from ATM router configuration mode.2
Step 4

DSLAM(config-pnni-node)# exit

Exit PNNI node configuration mode and return to ATM router configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-atm-router)#.
2The prompt changes to (config-pnni-node)#.
Auto-sync Configuration Mode

The auto-sync configuration mode is a submode for automatically synchronizing the configuration/flash between the Cisco primary and secondary redundant NI-2s.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# auto-sync

Enter auto-sync configuration mode.1
Step 3

DSLAM(config-auto-sync)# file

Enter the configuration or flash file that you want to be automatically synchronized.
Step 4

DSLAM(config-auto-sync)# exit

Exit auto-sync configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-auto-sync)#.
Redundancy Configuration Mode

The redundancy configuration mode provides access to commands used to configure redundancy on the DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# redundancy

Enter redundancy configuration mode from global configuration mode.1
Step 3

DSLAM(config-red)# exit

Exit redundancy configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-red)#.
VRF Configuration Mode

The VPN routing/forwarding instance (VRF) configuration mode provides access to commands used to configure a VRF on the DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# ip vrf vrf-name

Enter VRF configuration mode from global configuration mode.1
Step 3

DSLAM(config-vrf)# exit

Exit VRF configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-vrf)#.
DHCP Pool Configuration Mode

The DHCP configuration mode provides access to commands used to configure a DHCP server on the DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# ip dhcp pool name

Enter DHCP pool configuration mode from global configuration mode.1
Step 3

DSLAM(config-dhcp)# exit

Exit DHCP configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-dhcp)#.
ATM Accounting File Configuration Mode

ATM accounting file configuration mode provides access to commands used to configure a file for accounting and billing of virtual circuits (VCs).

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm accounting file

accounting-filename

Enter ATM accounting file configuration mode from global configuration mode.1
Step 3

DSLAM(config-acct-file)# exit

Exit ATM accounting file configuration mode and return to global configuration mode. Enter end to return to privileged EXEC mode.
1The prompt changes to (config-acct-file)#.
ATM Accounting Selection Configuration Mode

ATM accounting selection configuration mode provides access to commands used to specify the connection data to be gathered from the DSLAM.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm accounting selection

accounting-selection-index

Enter ATM accounting selection configuration mode from global configuration mode.1
Step 3

DSLAM(config-acct-sel)# exit

Exit ATM accounting selection configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-acct-sel)#.
ATM E.164 Translation Table Configuration Mode

ATM E.164 translation table configuration mode provides access to commands that you use to configure the translation table that maps native E.164 format addresses to ATM end system (AESA) format addresses.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm e164 translation-table

Enter ATM E.164 translation table configuration mode from global configuration mode.1
Step 3

DSLAM(config-atm-e164)# exit

Exit ATM E.164 translation table configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.
1The prompt changes to (config-atm-e164)#.
ATM Signaling Diagnostics Configuration Mode

ATM signaling diagnostics configuration mode provides access to commands used to configure the signaling diagnostics table.

Command Task
Step 1

DSLAM# configure terminal

Go to global configuration mode.
Step 2

DSLAM(config)# atm signalling diagnostics

Enter ATM signaling diagnostics configuration mode.
Step 3

DSLAM(cfg-atmsig-diag)# exit

Exit ATM signaling diagnostics configuration mode and return to global configuration mode. Enter end to return to privileged EXECmode.

Using Context-Sensitive Help

The user interface provides context-sensitive help in all modes. This section describes how to configure and display context-sensitive help.
Configuring Help for Terminal Sessions

The following commands configure full help.
Command Task

DSLAM# terminal full-help

In privileged EXEC mode, configure the current terminal session to receive help for the full set of user-level commands.

DSLAM(config-line)# full-help

In line configuration mode, configure a specific line to allow users without privileged access to obtain full help.

Displaying Context-Sensitive Help

To get help specific to a command mode, a command, a keyword, or an argument, perform one of these tasks:
Command Task

help

Obtain a brief description of the help system in any command mode.

abbreviated-command-entry?

Obtain a list of commands that begin with a particular character string.

abbreviated-command-entry

Complete a partial command name.

?

List all commands available for a particular command mode.

command ?

List the associated keywords of a command.

command keyword ?

List the associated arguments of a keyword.

To view a list of commands that begin with a particular character sequence, type those characters followed immediately by the question mark (?). Do not include a space. This form of help is called word help, because it completes a word for you.

In this example, the system displays the possible commands in privileged EXEC mode that begin with "co."

DSLAM# co?



configure connect copy

This form helps you determine the minimum subset that you can use to abbreviate a command.
Command Syntax Help

To list keywords or arguments, enter a question mark (?) in place of a keyword or argument. Include a space before the ?. This form of help is called command syntax help, because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered.

This example demonstrates the use of command syntax help to complete the access-list command. Entering the question mark (?) displays the allowed arguments:

DSLAM(config)# access-list ?



<1-99> IP standard access list

<100-199> IP extended access list

Enter the access list number, 99, followed by a question mark (?) to display the allowed keywords:

DSLAM(config)# access-list 99 ?



deny Specify packets to reject

permit Specify packets to forward

Enter the deny argument followed by a question mark (?) to display the next argument (host name or IP address) and two keywords:

DSLAM(config)# access-list 99 deny ?



Hostname or A.B.C.D Address to match

any Any source host

host A single host address

Enter the IP address followed by a question mark (?) to display a final (optional) argument. The indicates that you can press Return to execute the command:

DSLAM(config)# access-list 99 deny 131.108.134.0 ?



A.B.C.D Wildcard bits



DSLAM(config)#

The system adds an entry to access list 99 that denies access to all hosts on subnet 131.108.134.0.
Checking Command Syntax

The user interface provides an error indicator (^) that appears in the command string in which you have entered an incorrect or incomplete command, keyword, or argument.

This example shows a command entry that is correct up to the last element:

DSLAM# clock set 13:04:30 28 apr 98



^

% Invalid input detected at '^' marker.

The caret symbol (^) and help response indicate the location in which the error occurs. To list the correct syntax, re-enter the command, substituting a question mark (?) where the error occurred:

DSLAM# clock set 13:32:00 23 February ?



<1993-2035> Year

DSLAM# clock set 13:32:00 23 February

Enter the year, using the correct syntax, and press Enter to execute the command:

DSLAM# clock set 13:32:00 23 February 1993

Using the Command History Features

The user interface provides a history or record of commands you enter. You can use the command history feature for recalling long or complex commands or entries, including access lists. With the command history feature, you can complete the tasks in the following sections:

* Setting the Command History Buffer Size
* Recalling Commands
* Disabling the Command History Feature

Setting the Command History Buffer Size

By default, the system records ten command lines in its history buffer. Use the following commands to set the number of command lines the system records:
Command Task

DSLAM# terminal history [size

number-of-lines]

In privileged EXEC mode, enable the command history feature for the current terminal session.

DSLAM(config-line)# history

[size number-of-lines]

In line configuration mode, enable the command history feature for a specific line.

Recalling Commands

To recall commands from the history buffer, perform one of these tasks:
Key Sequence/Command Task
Press Ctrl-P or the Up Arrow key.1 Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
Press Ctrl-N or the Down Arrow key.1 Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively more recent commands.

DSLAM> show

history

While in EXEC mode, list the last several commands you have just entered.
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Disabling the Command History Feature

The command history feature is automatically enabled. Use the following commands to disable it:
Command Task

DSLAM> terminal no

history

In EXEC mode, disable the command history feature for the current terminal session.

DSLAM(config-line)

# no history

In line configuration mode, configure the line to disable the command history feature.
Enabling Enhanced Editing Mode

Although the current software release enables the enhanced editing mode by default, you can disable it and revert to the editing mode of previous software releases. Use the following commands to re-enable the enhanced editing mode:
Command Task

DSLAM> terminal
editing

In EXEC mode, enable the enhanced editing features for the current terminal session.

DSLAM(config-line)
# editing

In line configuration mode, enable the enhanced editing features for a specific line.

Moving Around on the Command Line

Use these keystrokes to move the cursor around on the command line for corrections or changes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.
Completing a Partial Command Name

If you cannot remember a complete command name, you can use Tab to allow the system to complete a partial entry:
Keystrokes Task

If your keyboard does not have Tab, press Ctrl-I instead.

In this example, when you enter the letters conf and press Tab, the system provides the complete command:

DSLAM# conf

DSLAM# configure

If you enter an ambiguous set of characters, the system generates an error message. To display the list of legal commands beginning with the specified string, enter a question mark (?) after you see the error message. See the "Using Word Help" section.
Pasting in Buffer Entries

The system provides a buffer that contains the last ten items you deleted. You can recall these items and paste them in the command line by using these keystrokes:
Keystrokes Task

The buffer contains only the last ten items you have deleted or cut. If you press Esc Y more than 10 times, you cycle back to the first buffer entry.
Editing Command Lines that Wrap

The new editing command set provides a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts 10 spaces to the left. You cannot see the first 10 characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back, use these keystrokes:
Keystrokes Task
1The arrow keys function only on ANSI-compatible terminals such as VT100s.

In the following example, the access-list command entry extends beyond one line. When the cursor reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) indicates that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.

DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1

DSLAM(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25

DSLAM(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq

DSLAM(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

When you complete the entry, press Ctrl-A to check the complete syntax before pressing Return to execute the command. The dollar sign ($) appears at the end of the line to indicate that the line has scrolled to the right:

DSLAM(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

The Cisco DSLAM default is a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width command to provide the correct width.

Use line wrapping together with the command history feature to recall and modify previous complex command entries.
Deleting Entries

Use any of these keystrokes to delete command entries if you make a mistake or change your mind:
Keystrokes Task

Scrolling Down a Line or a Screen

When you use the help facility to list the commands available in a particular mode, the list is often longer than the terminal screen can display. In such cases, a More prompt appears at the bottom of the screen. To respond to the More prompt, use these keystrokes:
Keystrokes Task

Redisplaying the Current Command Line

If you enter a command and a message appears on your screen, you can easily recall your current command line entry. To do so, use these keystrokes:
Keystrokes Task

Transposing Mistyped Characters

If you have mistyped a command entry, you can transpose the mistyped characters by using these keystrokes:
Keystrokes Task

Controlling Capitalization

You can capitalize or lowercase words or capitalize a set of letters with these keystrokes:
Keystrokes Task

Designating a Keystroke as a Command Entry

To use a particular keystroke as an executable command, insert a system code:

Keystrokes Task

Disabling Enhanced Editing Mode

To disable enhanced editing mode and revert to the editing mode, use this command in privileged EXEC mode:
Command Task

DSLAM# terminal no
editing

Disable the enhanced editing features for the local line.

If you have prebuilt scripts that do not interact well when enhanced editing is enabled, you can disable enhanced editing mode. To re-enable enhanced editing mode, use the terminal editing command.
Ending a Session

After you use the setup command or another configuration command, exit the Cisco DSLAM and quit the session.

To end a session, use this EXEC command:
Command Task

DSLAM> quit

End the session.

Labels: ,

Command DSLAM CISCO

Table 1-1: Command Modes
Command Mode Access Method Prompt Exit Method
EXEC (user) Log in to the switch or Cisco DSLAM.

DSLAM>

Use the logout command.
Privileged EXEC From user EXEC mode, use the enable command and enter your password.

DSLAM#

To return to user EXEC mode, use the disablecommand.
ROM monitor From privileged EXEC mode, use the reload command. Press Break during the first 60 seconds while the system boots.

rommon x>

The x represents the number of commands that have been entered at the DSLAM prompt. To exit to ROM monitor mode, use the contcommand.
Global configuration From privileged EXEC mode, use the configure command. Use the keyword terminal to enter commands from your terminal.

DSLAM(config)#

To exit to privileged EXEC mode, use the exit or end command or press Ctrl-Z.
Interface configuration From global configuration mode, enter by specifying an interface with the interface command.

DSLAM(config-if)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Profile configuration From global configuration mode, enter by specifying a profile with a dsl-profile command.

DSLAM(cfg-dsl-profile)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Line configuration From global configuration mode, enter by specifying a management interface with a line command.

DSLAM(config-line)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM router configuration From global configuration mode, configure the ATM router configuration with the atm router pnni command.

DSLAM(config-atm-router)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
PNNI node configuration From ATM router configuration mode, configure the PNNI routing node with the node command.

DSLAM(config-pnni-node)#

To exit to ATM router configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Auto-sync configuration From global configuration mode, configure redundancy synchronization features with the auto-sync command.

DSLAM(config-auto-sync)

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
Redundancy configuration From global configuration mode, configure additional redundancy options with the redundancy command.

DSLAM(config-red)

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
VRF configuration From global configuration mode, configure a VPN routing/forwarding (VRF) routing table with the ip vrf command.

DSLAM(config-vrf)

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
DHCP pool configuration From global configuration mode, configure the DHCP address pool name and enter DHCP pool configuration mode, with the ip dhcp pool command.

DSLAM(dhcp-config)

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting file configuration From global configuration mode, define an ATM accounting file with the atm accounting file command.

DSLAM(config-acct-file)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM accounting selection configuration From global configuration mode, define an ATM accounting selection table entry with the atm accounting selection command.

DSLAM(config-acct-sel)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.
ATM E.164 translation table configuration From global configuration mode, enter the atm e164 translation-table command.

DSLAM(config-atm-e164)

To exit to privileged EXECmode, use the exitcommand, the end command, or press Ctrl-Z.
ATM signaling diagnostics configuration From global configuration mode, enter the command atm signalling diagnostics index.

DSLAM(cfg-atmsig-diag)

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, use the end command or press Ctrl-Z.

Labels: ,