konfigurasi server gateway dengan fitur proxy, webserver dan dhcp
TRANSCRIPT
Panduan Penyelesaian Ujian Kompetensi Keahlian TKJ Paket III
Membuat perencanaan sesuai dengan topologi jaringan yang disediakan (Knowledge,Attitude)
(eth1) (eth0) Internet PC/Laptop Client Server Gateway Melakukan perhitungan subnetting terhadap ip address yang ditentukkan untuk network public dan private
Eth1 Network A 192.168.100.0/28
Binary Bit (CIDR) 11111111.11111111.11111111.11110000
Konversi Desimal (Subnet) 255.255.255.240
Jumlah Subnet 2 (pangkat digit 1)
2 ^ 4 = 16 Subnet Jumlah Host 2 (pangkat digit 0)
(2 ^ 4) - 2 = 16 – 2 = 14 Host Jumlah Blok Subnet 256 – 240 = 16, 32, 48, 64, 80, 96, 112, 128, 144, 160,
176, 192, 208, 224, 240 Eth0 Network A 192.168.88.0/24
Binary Bit (CIDR) 11111111.11111111.11111111.00000000
Konversi Desimal (Subnet) 255.255.255.0
Jumlah Subnet 2 (pangkat digit 1)
2 ^ 0 = 0 Subnet Jumlah Host 2 (pangkat digit 0)
(2 ^ 8) - 2 = 256 – 2 = 254 Host Jumlah Blok Subnet 256 – 0 = 0
192.168.88.0/24 192.168.100.0/28
192.168.100.1/28
192.168.100.2/28 (DHCP)
192.168.88.xxx/24
Perakitan dan Instalasi Server (Skill, Attitude) Lakukan perakitan komputer dengan mengutamakan keselamatan kerja. Lakukan installasi server Debian 6 dengan aturan pemartisian hardisk
(root filesystem 80 gb) dan (swap 2 x ukuran RAM) Melakukan pembuatan dan penyusunan kabel jaringan dengan standar T568B (cross over)
Kiri
Kanan
Orange – Putih Hijau – Putih Orange Hijau
Hijau - Putih Orange – Putih Biru Biru
Biru – Putih Biru – Putih Hijau Orange
Coklat – Putih Coklat – Putih Cokat Cokat
Melakukan konfigurasi Router (nat) sebagai Gateway Server. (Skill) Konfigurasi ip address # nano /etc/network/interfaces auto lo iface lo inet loopback
auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static
address 192.168.100.1 netmask 255.255.255.240 network 192.168.100.0 broadcast 192.168.100.255 dns-nameservers 192.168.100.1 dns-search smkn4gorontalo.sch.id
Restart layanan # /etc/init.d/networking restart
Konfigurasi ip forward # nano /etc/sysctl.conf # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additional system variables # See sysctl.conf (5) for information. #kernel.domainname = example.com # Uncomment the following to stop low-level messages on console #kernel.printk = 3 4 1 3 # Uncomment the next two lines to enable Spoof protection (reverse-path filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies # See http://lwn.net/Articles/277146/ # Note: This may impact IPv6 TCP sessions too #net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1 Konfigurasi Iptables untuk routing nat # nano /etc/rc.local #!/bin/sh -e # rc.local # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # In order to enable or disable this script just change the execution # bits.
# By default this script does nothing. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE exit 0
Melakukan konfigurasi DHCP untuk interface jaringan lokal (Skill) Install DHCP Server # apt-get install dhcp3-server Konfigurasi DHCP Server # nano /etc/dhcp3/dhcpd.conf # A slightly different configuration for an internal subnet. subnet 192.168.100.0 netmask 255.255.255.240 { range 192.168.100.2 192.168.100.6; option domain-name-servers 8.8.8.8; option domain-name "smkn4gorontalo.sch.id"; option routers 192.168.100.1; option broadcast-address 192.168.100.15; default-lease-time 600; max-lease-time 7200; } Restart layanan DHCP Server # /etc/init.d/isc-dhcp3-server restart Lakukan restart (reboot) pada PC Server dan lakukan pengujian akses koneksi dari PC Client / Laptop ke Server dengan tools (ping).
Melakukan konfigurasi Web Server # apt-get install apache2 php5 php5-mysql mysql-server phpmyadmin # nano /var/www/index.html <html><head><title>UKK 2015 TKJ</title></head> <body>Assalamualaikum <p> Selamat datang di Server saya ! <br>Nama : Walid Umar <br>Kelas : XII TKJ <br>Alamat : Gorontalo, Jl. Jalaludin Tantu No. 60 <br>Email : [email protected] </body> </html> # nano /etc/apache2/ports.conf <IfModule mod_ssl.c> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 https </IfModule>
Konfigurasi Proxy Server # apt-cdrom add
# apt-get update
# apt-get install squid # nano /etc/squid/squid.conf
http_port 3128 transparent acl blok dstdomain "/etc/squid/situs" no_cache deny blok http_acces deny blok acl jaringan src 192.168.100.0/28 http_acces allow jaringan cache_mgr [email protected] visible_hostname www.smkn4gorontalo.sch.id #http_access deny all # nano /etc/squid/situs
www.google.com www.yahoo.com google.com yahoo.com iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -s 192.168.100.0/28 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A PREROUTING -s 192.168.100.0/28 -p tcp --dport 443 -j REDIRECT --to-ports 3128