How to build a Computer Network Infrastructure in a Building or Office?

Builing an IT infrastructure is an important process for supporting company efficiency. It has to be a well-planned system. If it works optimally the company can reduce costs and even help increase the productivity of the business.

However, the standard procedure may vary depending on the specific requirements, size of the building, and the complexity of the network.
Below are the general outline of the steps.

1.Need Assessment
This is the most important step. You have to know the client’s need. You have to determine the networks requirements and objectives for the building. How many users that will use the system, types of devices, bandwidth requirements, coverage areas dan future scalability because the company may have plans for expansion.

There are few criteria must be fulfilled when you setup an IT Infrastructure.

2.Network design
The next step is network design. You have to plan the placement of networking equipment, such as routers, switches, and wireless access points. There are few consider factors:
-limited space on the corner, you may have to use a mounted rack that provide access to devices both from the front and rear, cabling requirements, network segmentation
and location of the server rooms.

1.Zero Latency
Latency can be interpreted as the time needed to move data from one place to another. Each device can have different latency depending on the level of network quality it has. Inappropriate router or switches can cause latency.
2.Zero Downtime
Any downtime will interfere with the company’s operational activities.That’s why proper installation and infrastructure are very important.
3.Capacity storage
Storage system that can deliver superior performance.
4.Virtualization
Virtualization has benefits as follows:
-energy saving (no hardware)
-faster server provision (deployment is faster)
-improved disaster recovery (replication can be done easily)
5.Security
Security is one of the most important in having the ideal IT infrastructure. The main role of security system is to remove any vulnerable and put the system into optimized status.

3.Cabling Infrastructure
You have to make sure that you follow the industry standards for cable instalation and labeling. Well organized cabling will make your life easier for future troubleshooting. UTP cable maximum range is 100m, if the server location is far, Fiber-optic cable is a good solution.

4.Network Equipment Installation
Installation and configure the network equipments. Using Mikrotik or Cisco will make easier to remote the device. I give example for these 2 brands because I only familiar with it.

5.Network Configuration
Setting IP address, subnet masks, routing protocols, VLAN’s, security, DHCP (Dynami Host Configuration Protocol) servers, Firewall rules and network monitoring tools.

6.Wireless Network Configuration
Optimize the location to ensure reliable coverage and minimize interference. Use appropriate SSIDs (SErvice Set Identifiers) and latest security setting (WPA2/WPA3 Encryption).

7.Testing and Troubleshooting
In this step, you have to verify cable integrity, measure signal strength, and test network throughput. You have to ensure proper connectivity, data transmission, and performance.

8.Security Implementation
Configure access controls, user authentication, and network segmentation as needed. Implement security measures such as firewalls, intrusion detection systems, and encryption protocols to protect the network from unauthorized access and potential threats.

9.Documentation and Labeling
Network cabling infrastructure is the backbone of any network, connecting devices, servers, switches, routers, etc. Without proper documentation and lebeling, network cabling can become a mess. Proper documentation and labeling will save your time and help you maintain consistency and standards across your network, ensuring compatibility and performance.

10.Network monitoring and maintenance
Set up network monitoring tools to monitor the network performance, security incidents, and potential faults. Regular update firmware or security patches for network devices. Regular inspection for all equipments. Periodic cable testing.

Read Full Post »

Penetration tools – etherape

Etherape is graphical network traffic browser. It uses gnome library for displaying graphical network activity. Node and link color shows the most used protocol. The more busy a node is, the bigger its representation. For packet capture and filtering, it uses libpcap.

The etherape webpage is at http://etherape.sourceforge.net/.

Etherape only can see the traffic physically passing on the net card.

The display will be different if you use a Switched network and if you use a Hub network in the same network.

If you use a Switch network, you will only see every packet data that go in and go out through your net card.

If you use a Hub network, you will see every packets data that are transmitted to every net card.

Developers

• Juan Toledo (toledo <at> users.sourceforge.net) Original Author

• Vincent van Adrighem (vincent <at> dirck.mine.nu)

• Riccardo Ghetta (bchiara <at> users.sourceforge.net)

• Eran Mann (eran <at> nbase.co.il)

• Frederic Peters (fpeter <at> debian.org)

Contributors

• Ben Allen

• Bill Barth (bbarth <at> users.source.forge.net

• Fabrice Bellet (Fabrice.Bellet <at> creatis.insa-lyon.fr

• Gorkem Cetin (gorkem <at> gelecek.com.tr

• Laurent Deniel (deniel <at> worldnet.fr

• Lars Eggert

• Simon Kirby (sim <at> neato.org)

• Eric Stewart

• Jasper Wallace (jasper <at> pointless.net

• Ted Wright (ted.wright <at> grc.nasa.gov

• Dave Yearke (yearke <at> eng.buffalo.edu)

 

Installation

Inside Ubuntu terminal, type:

taufanlubis@toshiba:~$ sudo apt-get install etherape

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following NEW packages will be installed:

etherape

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 380kB of archives.

After unpacking 950kB of additional disk space will be used.

WARNING: The following packages cannot be authenticated!

etherape

Install these packages without verification [y/N]? y

Get:1 http://archive.ubuntu.com gutsy/universe etherape 0.9.7-1 [380kB]

Fetched 380kB in 12s (31.0kB/s)

Selecting previously deselected package etherape.

(Reading database … 125666 files and directories currently installed.)

Unpacking etherape (from …/etherape_0.9.7-1_i386.deb) …

Setting up etherape (0.9.7-1) …

taufanlubis@toshiba:~$

How to run?

taufanlubis@toshiba:~$ sudo etherape

Read Full Post »

IP and Port scanning using ‘nmap (Network Mapper)’ in Ubuntu

nmap is a powerfull scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine againts single hosts.

It’s very easy to install nmap in Ubuntu, just download from the internet.

taufanlubis@zyrex:~$ sudo apt-get install nmap

 

In this practice, I used 2 computer.

PC-01, IP = 192.168.0.3 (OpenSuse 10.1) with Kernel 2.6.16.13-4-default

PC-02, IP = 192.168.0.2 (Ubuntu Feisty)

I run nmap from Ubuntu to scan PC-01.

 

IP Scanning with range 192.168.0.0 – 192.168.0.255

taufanlubis@zyrex:~$ sudo nmap -sP 192.168.0.0/24

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:51 WIT

Host 192.168.0.2 appears to be up.

caught SIGINT signal, cleaning up

taufanlubis@zyrex:~$

 

IP Scanning with range 192.168.0.1 – 192.168.0.254

taufanlubis@zyrex:~$ sudo nmap -sP 192.168.0.1-254

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 21:53 WIT

Host 192.168.0.2 appears to be up.

Host 192.168.0.3 appears to be up.

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds

taufanlubis@zyrex:~$

 

Port Scanning with range port 100 – port 139

taufanlubis@zyrex:~$ nmap 192.168.0.3 -p100-139

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:06 WIT

Interesting ports on 192.168.0.3:

Not shown: 38 filtered ports

PORT STATE SERVICE

113/tcp closed auth

139/tcp open netbios-ssn

Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds

taufanlubis@zyrex:~$

For 40 ports, it took almost 25 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).

 

Scanning Operating system on target IP

taufanlubis@zyrex:~$ sudo nmap -O 192.168.0.3

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:20 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE

80/tcp open http

113/tcp closed auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|specialized|WAP|storage-misc

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

 

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 94.942 seconds

taufanlubis@zyrex:~$

 

nmap Faster Execution

If you want to make faster scan, use -T4 option on nmap command..

taufanlubis@zyrex:~$ sudo nmap -A -T4 192.168.0.3

Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-16 22:42 WIT

Interesting ports on 192.168.0.3:

Not shown: 1693 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))

113/tcp closed auth

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|WAP|specialized|storage-misc|broadband router

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux 2.6.17.9 (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

 

OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds

taufanlubis@zyrex:~$

Now, you only need 58,83 seconds compare to 94.94 seconds (without -T4 option).

 

For more details, just open the nmap manual.

taufanlubis@zyrex:~$ man nmap

Read Full Post »

FTP Server

What is FTP?

FTP (File Transfer Protocol) is a program to exchange files between two computers or to other computers in a local network or over inter networks (internet). May be you don’t know that you’ve already used it before when you download something from the internet. Most often, a computer with a FTP address is dedicated to receive a FTP connection.

What is ftp sites?

Ftp site is the like old Filling cabinets where you put your datas in it. Organized and labeled so it will easier next time you or any one who need the files can take it back next time.

That concept is applied in ftp sites. You can take any files that you want to download based access level provided. The Administrator can set which files to keep locked and which open to public.

What is ftp Server?

Ftp server is a machine that serves the authorized users to get the requested files. The FTP file sharing protocol is an old protocol which was created when internet was still a secure place. That’s why the default FTP protocol is not that secure. Mean that your username and password for login are transmitted in plain text, well… which is not secure for sure.

 

There are several configurations that you can set for your proftpd server.

• as chrooted at /home directory

• as anonymous proftpd user to read only

• as anonymous proftpd user to read/write

• as anonymous proftpd user to directory outsite /home/ftp

 

In this article, I want to show you how you can create a ftp server in a short time. In this practice, I use ‘proftpd’ as our ftp server. The file is not too big and it’s not difficult to install.

 

Step 1. Download and Installing ‘proftpd’ program for FTP server

taufanlubis@zyrex:~$ sudo apt-get install proftpd

Reading package lists… Done

Building dependency tree

Reading state information… Done

Suggested packages:

proftpd-doc

The following NEW packages will be installed:

proftpd

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 784kB of archives.

After unpacking 2331kB of additional disk space will be used.

Get:1 http://archive.ubuntu.com feisty/universe proftpd 1.3.0-21ubuntu1 [784kB]

Fetched 784kB in 14s (54.1kB/s)

Preconfiguring packages …

Selecting previously deselected package proftpd.

(Reading database … 155004 files and directories currently installed.)

Unpacking proftpd (from …/proftpd_1.3.0-21ubuntu1_i386.deb) …

Setting up proftpd (1.3.0-21ubuntu1) …

——— IMPORTANT INFORMATION FOR XINETD USERS ———-

The following line will be added to your /etc/inetd.conf file:

ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/proftpd

 

If you are indeed using xinetd, you will have to convert the

above into /etc/xinetd.conf format, and add it manually. See

/usr/share/doc/xinetd/README.Debian for more information.

———————————————————–

Adding system user `proftpd’ (UID 118) …

Adding new user `proftpd’ (UID 118) with group `nogroup’ …

Not creating home directory `/var/run/proftpd’.

Adding system user `ftp’ (UID 119) …

Adding new user `ftp’ (UID 119) with group `nogroup’ …

Creating home directory `/home/ftp’ …

`/usr/share/proftpd/templates/welcome.msg’ -> `/home/ftp/welcome.msg.proftpd-new’

ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.

taufanlubis@zyrex:~$

 

Step 2. Test it to run

taufanlubis@zyrex:~$ sudo /etc/init.d/proftpd start

Password:

ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.

taufanlubis@zyrex:~$

This error occurs because we haven’t set the configuration file yet.

 

Step 3. Create your proftpd directory

For this practice, I create ftp_shared directory at home/ directory.

taufanlubis@zyrex:/home$ sudo mkdir ftp_shared/

Then I create 2 more directories inside ftp_shared directory.

taufanlubis@zyrex:/home$ cd ftp_shared/

taufanlubis@zyrex:/home/ftp_shared$ sudo mkdir download

taufanlubis@zyrex:/home/ftp_shared$ sudo mkdir upload

 

Set security permission

taufanlubis@zyrex:/home/ftp_shared$ cd ..

taufanlubis@zyrex:/home$ sudo chmod 755 ftp_shared/

taufanlubis@zyrex:/home$ cd ftp_shared/

taufanlubis@zyrex:/home/ftp_shared$ sudo chmod 755 download/

taufanlubis@zyrex:/home/ftp_shared$ sudo chmod 777 upload/

taufanlubis@zyrex:/home/ftp_shared$ ls -l

total 8

drwxr-xr-x 2 root root 4096 2007-10-17 19:31 download

drwxrwxrwx 2 root root 4096 2007-10-17 19:31 upload

taufanlubis@zyrex:/home/ftp_shared$

Step 4. Create your proftpd user

Just add a user from ‘Users and Groups’ Ubuntu menu.

System > Administration > Users and Groups then just click Add user.

or you can do this job through linux console

taufanlubis@zyrex:/home$ sudo useradd userftp -p 123456 -d /home/ftp_shared

 

Step 5. Configuring proftpd server

The final preparation is configure your proftpd server.

The proftpd configuration file is located at /etc/proftpd/proftpd.conf.

taufanlubis@zyrex:~$ cd /etc/proftpd/

taufanlubis@zyrex:/etc/proftpd$ ls -l

total 12

-rw-r–r– 1 root root 738 2007-10-08 07:20 modules.conf

-rw-r–r– 1 root root 4491 2007-10-08 07:20 proftpd.conf

taufanlubis@zyrex:/etc/proftpd$

Create a backup file

Always create a back before you change any configuration files.

taufanlubis@zyrex:/etc/proftpd$ sudo cp proftpd.conf proftpd.conf.original

taufanlubis@zyrex:/etc/proftpd$ ls -l

total 20

-rw-r–r– 1 root root 738 2007-10-08 07:20 modules.conf

-rw-r–r– 1 root root 4491 2007-10-08 07:20 proftpd.conf

-rw-r–r– 1 root root 4491 2007-10-09 04:26 proftpd.conf.original

taufanlubis@zyrex:/etc/proftpd$

 

Edit proftpd configuration file

Replace the content with our new configuration data.

taufanlubis@zyrex:/etc/proftpd$ sudo gedit proftpd.conf

Include /etc/proftpd/modules.conf

 

# ———————————————–

UseIPv6 off

ServerName “UbuntuFtp”

ServerType standalone

DeferWelcome on

 

MultilineRFC2228 on

DefaultServer on

ShowSymlinks off

 

TimeoutNoTransfer 600

TimeoutStalled 600

TimeoutIdle 1200

 

DisplayLogin welcome.msg

DisplayFirstChdir .message

ListOptions “-l”

 

RequireValidShell off

Timeoutlogin 20

RootLogin off

DenyFilter \*.*/

 

# ———————————————–

#Port 21 is the standard FTP port, just change

#to another port for security reason

Port 2007

 

MaxInstances 9

User userftp

Group nogroup

Umask 022 022

 

MaxClients 8

MaxClientsPerHost 8

MaxClientsPerUser 8

MaxHostsPerUser 8

 

AllowOverwrite on

PersistentPasswd off

 

UseSendFile off

 

#Display a message after login

AccessGrantMsg “Welcome to Ubuntu ftp Server!!!”

 

ServerIdent on “you’re at home”

DefaultRoot /home/ftp_shared

 

MaxLoginAttempts 5

 

#Create your log file

ExtendedLog /var/log/ftp.log

TransferLog /var/log/proftpd/xferlog

SystemLog /var/log/proftpd/proftpd.log

 

# ———————————————–

<Limit LOGIN>

AllowUser userftp

Deny All

</Limit>

 

<Directory /home/ftp_shared>

Umask 022 022

AllowOverwrite off

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

 

<Directory /home/ftp_shared/download/*>

Umask 022 022

AllowOverwrite off

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

 

<Directory /home/ftp_shared/upload/>

Umask 022 022

AllowOverwrite on

<Limit READ RMD DELE>

DenyAll

</Limit>

</Directory>

# ———————————————–

Save the edited file and restart the FTP server.

taufanlubis@zyrex:~$ cd /etc/init.d/

taufanlubis@zyrex:/etc/init.d$ sudo ./proftpd start

* Starting ftp server proftpd [ OK ]

 

or

 

taufanlubis@zyrex:~$ sudo /etc/init.d/proftpd start

* Starting ftp server proftpd [ OK ]

taufanlubis@zyrex:~$

 

Now, you have your own ftp server already.
You can test it using FileZilla or Firefox (any web browsers).

Access ftp server using FileZilla
Enter Host: 192.168.0.2 (my ip address), username: userftp, password: 123456, port: 2007

Access ftp server using Firefox

Type: ftp://192.168.0.2:2007 in your firefox Url box.
Enter user name: userftp
Enter password: 123456

Read Full Post »

IP address

Every house or office is recognized by postal address. When you send a postcard to someone, just write down the address and it will delivered by postman. It is the same with a machine. It has a unique address called IP address (Internet Protocol) address. When your machine send data to other machine, it will set the ip address as the destination.

 

My IP address is 192.168.0

If you see the number on above, there are four parts of number which are separated by 3 dots. Actually, each part of those number are Bytes that is is written into decimal number.

 

Is that what all we need to make our computer talk to the other computer?

If we do that, then it will bet not enough ip addresses for all computers in the world.

Then how is the trick?

All this connected computers are grouped. This group we know as LAN (Local Area Network). Then all these LANs are connected into a big network called Internet. We may say a minimum Internet is a connected two LANs and we are only part of small sub set of the entire network (internet).

 

Communicate to other computer in a different LAN.

When you send data to the other computer, it will check, “Am I in the same local network?” (or group as I said before)? The computer can not do this unless it has another parameter named ‘netmask‘.

Your computer will say:

“If I am in the same network with the destination computer that I want to send my data to, then I can continue the process.”

Mean, “netmask” will be used to set the range of IP address that can be reached.

 

How combination of IP address and Netmask set the range of IP address?

Netmask consist of 4 bytes and written as decimal number, same like ip address.

Netmask: 255.255.255.0

Number 255 will say that your first byte, second byte and third byte of your ip address are the same with other computer.

 

So, the range will be:

Your IP: 192.168.0.1

Netmask: 255.255.255.0

Your range: 192.168.0.0 – 192.168.0.255 (see, that the 3 bytes from left to right are the same).

 

You IP: 192.168.45.125

Netmask: 255.255.0.0

Your range: 192.168.0.0 – 192.168.255.255 (see, that the 2 bytes from left to right are the same).

In a stand alone network, the netmask must be the same and all IP address must be in the same range.

PC-A IP: 192.168.0.10 Netmask: 255.255.255.0

PC-B IP: 192.168.0.2 Netmask: 255.255.255.0

PC-C IP: 192.168.0.200 Netmask: 255.255.255.0

 

If PC-A is not in the same netmask and IP range with PC-B and PC-C then PC-A will see the network in a different way.

PC-A IP: 192.168.2.10 Netmask: 255.255.0.0

PC-B IP: 192.168.0.2 Netmask: 255.255.255.0

PC-C IP: 192.168.0.200 Netmask: 255.255.255.0

PC-A can see PC-B and PC-C but PC-B and PC-C can’t see PC-A.

Mean PC-A can not communicate with PC-B and PC-C.

 

The error message will be:

taufanlubis@zyrex:~$ ping 192.168.0.2

connect: Network is unreachable

 

 

Read Full Post »

Configure Ubuntu for Networking

Setup ip address and gateway via console

You can setup the ip address and ip gateway through Ubuntu Console. But, this is for temporary. If you unplug your LAN cable then you have to configure it out again. Although, it’s easy if you setup via System > Administration > Network menu, I always do this step. First, I always remember my ip address in my network and second I always remember the command lines.

 

taufanlubis@zyrex:~$ sudo ifconfig eth0 192.168.0.10 netmask 255.255.255.0

taufanlubis@zyrex:~$ sudo route add default gw 192.168.0.1

taufanlubis@zyrex:~$ ifconfig

eth0 Link encap:Ethernet HWaddr 00:90:F5:36:9A:EB

inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Interrupt:11 Base address:0xa000

 

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:78 errors:0 dropped:0 overruns:0 frame:0

TX packets:78 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:5976 (5.8 KiB) TX bytes:5976 (5.8 KiB)

taufanlubis@zyrex:~$ route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

 

After you setup the networking through System > Administration > Network menu, will Ubuntu stores the network configuration at file /etc/network/interfaces.

taufanlubis@zyrex:~$ sudo gedit /etc/network/interfaces

auto lo
iface lo inet loopback

iface eth0 inet dhcp

auto eth1

iface eth1 inet dhcp

auto eth2

iface eth2 inet dhcp

auto ath0

iface ath0 inet dhcp

auto wlan0

iface wlan0 inet dhcp

auto eth0

Because, I set a temporary configuration, it will not written to this file.

Now, I will setup the configuration through System > Administration > Network menu then open the interfaces file at /etc/network again.

taufanlubis@zyrex:~$ sudo gedit /etc/network/interfaces

auto lo

iface lo inet loopback

iface eth0 inet static

address 192.168.0.10

netmask 255.255.255.0

gateway 192.168.0.1

auto eth1

iface eth1 inet dhcp

auto eth2

iface eth2 inet dhcp

auto ath0

iface ath0 inet dhcp

auto wlan0

iface wlan0 inet dhcp

auto eth0

Now, it’s already there….

Read Full Post »

Firestarter in Ubuntu

Forget about typing firewall commands in linux bash.
Firestarter is a modern linux firewall. You can have a firewall and running it in minutes.

A firestarter 1.0 package is now available for Debian mean you can download it for Ubuntu.

Before you start to install it, make sure to enable the ‘universe’ respository in the /etc/apt/sources.list file or in synaptic under Setting>Repositories.

Then type: sudo apt-get install firestarter in your console.

 

Key Features

• Open Source software, available free of charge

• Easy to use graphical interface

• Suitable for use on desktops, servers and gateways

• Enables Internet connection sharing

• Allows you to define both inbound and outbound access policy

• Option to whitelist or blacklist traffic

• Sets up DHCP for a local network

• Real time firewall events view

• View active network connections, including any traffic routed through the firewall

• Advanced Linux kernel tuning features

source: http://www.fs-security.com/

 

Internet connection sharing setup

Internet connection sharing allows several machines to access the Internet through a single network connection. This method called NAT (Network Address Translation).

If you want to use NAT, you need at least two or more network devices in your machine. If you only have one device you can’t enable the internet connection sharing from Firewall > Run Wizard.

You can enable both the NAT and DHCP via Run Wizard without configure anything.

For outsider, they will see your PCs as a single machine with a single IP address.

 

Firestarter Policy

Inbound traffic Policy -> control incoming traffic from the internet and LAN to the firewall.

Outbound traffic Policy -> control outgoing traffic to the internet from the firewall and any LAN clients.

 

Enabling the DHCP Service

Firestarter does not itself include a DHCP server, it depends on the underlying system to provide this feature. If a DHCP binary is not detected on the system, the DHCP controls will remain inactive. You can install using command: taufanlubis@zyrex:~$ sudo apt-get install dhcp

 

Launching Firestarter minimized to the tray on login

Open session screen:

System > Preferences > Sessions

click Startup Program tab

click New button.

Type in Name textbox firestarter and at command type sudo firestarter –start-hidden, then press Enter.

 

Read Full Post »