Archive for December, 2008

Dear All,

Just simply change like this :

First, capture the hardware address / mac-address before changing

# ifconfig eth0 | grep HWaddr

After that, do this command :

# ifconfig eth0 down
# ifconfig eth0 hw ether 80:00:27:88:F6:AF
# ifconfig eth0 up

And then, capture again after changing the mac-address

# ifconfig eth0 | grep HWaddr

be aware, this command will be disconnect you LAN/WAN connection, do after connection idle or you know no active connection.

If you use the DHCP server, usually DHCP server will be re-flush the IP client when eth0 up after down or re-forcing from client or the TTL of IP lease is expired.

For forcing new ip before TTL expired, do like this :

# sudo dhclient -r


# sudo dhclient

or just more simple

# init.d/rc.d/network restart

That’s all falks ..


tested on virtual ubuntu

Read Full Post »

Dear all of my friends,

After long week end and no time to write this blog, here we are, now we give you tutor for mixing between Mikrotik + IPCop + Juniper Netscreen as we use at my Network Infrastructures.

Some of resource from chatting with the geek, read the resource, trying on multiple virtual machine to create the multiple subnet. Looks like this mixed things is goods enough for me.

Why already use the JunNet still need the Mikrotik and IPCop as router and Web-Proxy. Our network infrastructure cannot be change due to WAN condition that has already built up using JunNet, in this case, i never ever think to remove this JunNet to prevent bad situations. So, we try to mixed it up together to make stronger and better the network infrastructure even some of network admin not recommended it, why ? too cost-inefficients ๐Ÿ˜€ but ? why think too hard the costs ? just management thinked it, that the one of managers rules and duty hehehehehe … ๐Ÿ˜€

Based on this reason, we mixed it up.

Figure that i configure :


Now …

1. go get the Mikrotik free for 24 hours to test, click here
2. get the IPCop, click here

After downloading the ISO format, you can boot-up your PC’s or your Virtual Machine. In this blog we use the VirtualBox, go get here
Why virtualbox ?, need to running in multiple guest os including *nix and running with small memory consumptions and last one is very fast running.

1. Ether1 is LAN side
2. Ether2 is WAN side or Point to GREEN IP IPCop

Now, this configuration for Mikrotik :

—- ย Mikrotik Configuration —-

ip address add address= netmask= interface=ether1 comment=”IP LAN”
ip address add address= netmask= interface=ether2 comment=”IP Internet”
ip route add dst-address= gateway= scope=255 target-scope=10 comment=”MT Gateway IPCop” disabled=no
ip dns set primary-dns=x.x.x.x secondary-dns=y.y.y.y allow-remote-requests=yes cache-size=2048Kib cache-max-ttl=1w

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses= to-ports=80 comment=”IPCop”
ip firewall nat add chain=dstnat protocol=tcp dst-port=445 action=dst-nat to-addresses=192.1683.2 to-ports=80 comment=”Https IPCop”
ip firewall nat add chain=dstnat src-address=! protocol=tcp dst-ports=80 action=dst-nat to-addresses= to-ports=878
ip firewall nat add chain=dstnat src-address=!192.168.0/24 protocol=tcp dst-ports=443 action=dst-nat to-addresses= to-ports=878
ip firewall nat add chain=srcnat src-address= action=masquerade
ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

ip firewall mangle add chain=forward content=”X-Cache: HIT” action=mark-connection new-connection-mark=squid_con passthrough=yes
ip firewall mangle add chain=forward connection-mark=squid_con action=mark-packet new-packet-mark=squid_pkt passthrough=no
ip firewall mangle add chain=forward connection-mark=!squid_con action=mark-connection new-connection-mark=all_con passthrough=yes
ip firewall mangle add chain=forward protocol=tcp src-port=80 connection-mark=all_con action=mark-packet new-packet-mark=http_pkt passthrough=no
ip firewall mangle add chain=forward protocol=icmp connection-mark=all_con action=mark-packet new-packet-mark=icmp_pkt passthrough=no
ip firewall mangle add chain=forward connection-mark=all_con action=mark-packet new-packet-mark=test_pkt passthrough=no
ip firewall mangle add chain=forward dst-address= action=mark-connection new-connection-mark=ipcop

ip firewall filter add chain=input
dst-port=20,21,22,25,80,88,110,119,137-139,443,445 protocol=tcp src-mac=<mac-address> action=accept

ip firewall filter add chain=input dst-port=993,995,989,990,1723,8080,8291,3128 protocol=tcp src-mac=<mac-address> action=accept

queue simple add name=”IPCop” packet-mark=ipcop-pkt
queue simple add name=”Squid_HIT” dst-address= interface=all parent=none packet-marks=squid_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
queue simple add name=”Main_Link” dst-address= interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=35000/256000 total-queue=default-small
queue simple add name=”Ping_queue” dst-address= interface=all parent=none packet-marks=icmp_pkt direction=both priority=2 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total=queue=default-small
queue simple add name=”Other_Port” target-adresses= dst-address= interface=all parent=Main_Link packet-marks=http_pkt direction=both priority=8 queue=default-smal/default-small limit-at=5000/5000 max-limit=50000/256000 total-queue=default-small
queue simple add name=”Another_Port” target-addresses= dst-address= interface=all parent=Main_Link packet-marks=test_pkt direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/256000 total-queue=default-small

—- Mikrotik Configuration Finish —-

src-mac=<mac-address> you can change with src-address-list
Above scripts is mixing have i read, links … i’m forgot … sorry.

Now, you install the IPCop, and configure using the GREEN + RED network configurations.
The GREEN IP means your LAN side, the RED IP means your WAN side (connect to internet / modem )
In this example: Fill-up the GREEN IP with : and RED IP with :

Don’t forget to set the Primary and Secondary DNS ย same with Mikrotik DNS set, that we already mention above in command ip dns set primary-dns=x.x.x.x secondary-dns=y.y.y.y

And then, set the Gateway pointed to IP JunNet, for this example is:

Go to the JunNet configuration and put this line for the IPCop GREEN IP allowed in JunNet :

—- Juniper Netscreen Configuration —-

set address “Trust” “IPCop”
set policy id 16 from “Trust” to “Untrust” “IPCop” “Any” “MAIL” permit log
set policy id 17 from “Trust” to “Untrust” “IPCop” “Any” “HTTP” permit log
set policy id 18 from “Trust” to “Untrust” “IPCop” “Any” “HTTPS” permit log
set policy id 19 from “Trust” to “Untrust” “IPCop” “Any” “FTP” permit log
set policy id 20 from “Trust” to “Untrust” “IPCop” “Any” “DNS” permit log
set policy id 21 from “Trust” to “Untrust” “IPCop” “Any” “NTP” permit log
set policy id 22 from “Trust” to “Untrust” “IPCop” “Any” “ANY” drop log

—- Juniper Netscren Configuration Finish —-

After that, clear the proxy option on client-browsers, and set the clients computer with :

IP: ~ => one subnet with Mikrotik
Gateway: => Mikrotik ether1 or LAN Connection
Primary DNS:
Secondary DNS: / => GREEN IP IPCop or JunNet IP

For another future like IPCop user-auth, URL Filtering and other goto the http://www.advproxy.net/ for general web.
Advance Proxy download at : http://www.advproxy.net/download.html
URL Filtering download at : http://www.urlfilter.net/download.html

… done.

Surf with it, filter with it and shapping with it … with Mikrotik + IPCop + JunNet .. ๐Ÿ˜€

Oh ya … forgot something, you may use your IP to suitable with your network, this blog only for example.

See ya …


Read Full Post »