Monday, August 25, 2008

How To Integrate HTB-tools with Squid + ZPH (ver. 2)

This section about howto integrate squid + zph + htb-tools on my slackware 12.0. What different ver.1 and ver.2 ?
User can't using q_show to monitoring cache hit from squid in ver.1
User will be seeing Cache_HIT as additional class in q_show result for ver.2

Here the steps:

Assumption : User already have squid + zph + htb-tools installed.
squid-2.7Stable4 (zph_local 0x30 included)

1. I've replace original /sbin/q_parser with my new q_parser
2. Inserting several lines inside eth1-qos.conf (interface for LAN)
#---this lines put on the top -----
class Cache_HIT {
bandwidth 10000;
limit 10000;
burst 2;
priority 1;

# --- LAN Rules ---
# make your own rule

3. Generate your config with q_parser and apply on system
root@dianseh# q_parser eth1 100000 100000 /etc/htb/eth1-qos.conf > /usr/local/bin/
root@dianseh# chmod +x /usr/local/bin/
root@dianseh# /usr/local/bin/


root@dianseh# /sbin/htb eth1 stop
root@dianseh# /sbin/htb eth1 start

5. Monitoring q_show
root@dianseh# /sbin/htb eth1 stats

the picture shown users who get HIT from squid have 6mbps of 10mbps guarantee.

Note :
Tested on Slackware 12.0 and working properly. What about you?

references :

Thanks to Mr'Ipung who asked me todo.

Thursday, August 14, 2008

How To Integrate HTB-tools with Squid + ZPH (ver. 1)

I'm goin to tell you my search result @ google that i've implemented on my friend's server. It begins when my friend has asked me to integrate Squid + zph with HTB-tools in same machine.
"3 In One, no need many servers for warnet laaaah" as he said.

This time it's about Linux Ubuntu not Slackware as usual.

Illustration :

1. Internet <> Linux <> Lan

2. Linux as gateway, Proxy and Shaper server.
O/s : Ubuntu
Proxy : squid-2.7.STABLE4 with ZPH included
Limiter : HTB-Tools
Kernel : 2.6.21

3. HTB has been installed on System.

My experience begins at HTB with Squid+zph integration.

Steps :

1. Extract and Install Squid 2.7. How to install for squid 2.6 can found at here. Edit squid.conf and insert these line below.
zph_mode tos
zph_local 0x30

2. Installing HTB-tools and make your own rule to shape LAN's ip.

3. Generate htb config eg. eth1-qos.conf
root@dianseh# q_parser eth1 100000 100000 /etc/htb/eth1-qos.conf > /usr/local/bin/
root@dianseh# chmod +x /usr/local/bin/

4. Edit
----find this line---
tc qdisc add dev eth0 parent 1;0x10 handle 0x10: pfifo limit 5
----insert these line----
tc class add dev eth0 parent 1;1 classid 1;0x15 htb rate 10Mbit
tc filter add dev eth0 parent 1;0 protocol ip prio 1 u32 match ip protocol 0x6 0xff match ip tos 0x30 0xff flowid 1;15

5. Excute to starting.
6. Put it into startup script
7. Done.

Please tell me if any additional information or missconfiguration.

Good Luck

References :

1. squid + zph

Wednesday, August 13, 2008

Missing Link on Detik dot Com

Today about 9:24 I've tried to open some link url on and got blank page. That page about "langkah jitu menghindari spam "

Don't know why, but still get blank page until now.

[update] resolve

Tuesday, August 12, 2008

Notes for Wireless Client Mode

The IEEE 802.11 standard limitation makes it impossible for wireless cards in station mode to work as expected when bridged. That means that if you need to create a bridge, you should not use station mode on that machine. In case you need a bridge on a wireless station, use station-wds mode (may only be used in the AP supports WDS). Bridging on the AP side works fine. (mikrotik docs).

Someone have different opinion ?

Monday, August 11, 2008

SSH Tunnel Using Putty

How to make a secure tunnel from your personal computer using SSH. It's compatible with your ssh client software like putty.

The step is :
1. Lauch your putty. We'll try insert code on cmd console.
"putty -D 3128 -C"

2. Set your proxy on Internet Explorer options using Socks proxy. "Localhost" for proxy address, and 3128 for Port number.

3. Done! Starting your browser using Sock Proxy and make your surf anonymously.

Note :
-D options will create dynamic port on your localhost / personal pc.
-C options requests compression of all data. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.

Let me know if you are done.

Good Luck.

Reference :
man ssh,, Putty document

Saturday, August 9, 2008

How To Limit New Incoming Connections With Iptables (Slackware)

Linux box with iptables installed can apply this scenario.

Someday i have to add rule on my iptables to controlling any new incoming connections on my Slackware. This is needed because my server starting recived many unused incoming connection from outside. Flooding on my telnet port every minutes made fullfill my log. I need a smart way to manage it. Search from Google for a while and get some resources that can resolve my situation.

Let me share for you all.

Tested on Slackware 12.0, iptables v1.3.8 and work properly.

That is:

1. Ilustration :
We need rule to manage only 2 new connections allowed in 60 second entering our Linux system from same source address for some security reasons.

2. Code :
# iptables -I INPUT -p tcp --dport 23 -i eth1 -m state --state NEW -m recent --set
# iptables -I INPUT -p tcp --dport 23 -i eth1 -m state --state NEW -m recent --update \
--seconds 60 --hitcount 2 -j DROP

3. Brief Explanation :
First line match for any new connection to port 23 from some source addresses and the rule will adding that source address into entry list Default variable.

- Line two will make linux box not available for new incoming connection on port 23 from source address who have make 2 new connections on port 23 in last 60seconds.

note :
Need more little work for some advanced rules. These iptables rule effective when applied to TCP Protocols. Other protocols has not been tested yet. I haven't found the right and effective method to test those rules other than tcp. When you did, please notify me about the results.

Good Luck, Selamat mencoba

Referensi ;, iptables howto, debian firewall howto, etc
Thanks to Indonesian's Linuxer Comunity. Bravo!

How to add Swap on Running system (Linux Slackware)

Swap needed by our system even not recomended for better runnings. Sometimes we have not enough our SWAP for some reason, so we need add more space SWAP for our Linux Box. The Question is "how to add swap on Running System without shutdown or restart?"

Tidak sedikit kita menemukan kasus dimana Linux Box kita yang sedang running kehabisan SWAP. Saya tidak akan menjelaskan kenapa itu terjadi, namun akan mencoba membagi informasi mengenai penambahan swap pada system linux yang sedang running (hasil pencarian dari

Tested on Slackware 12.0 and working properly.

That is :

1. Check your swap capacity

root@dianseh:~# free -m
total used free shared buffers cached
Mem: 2025 2021 4 0 158 453
-/+ buffers/cache: 1942 83
Swap: 3988 3988 0

2. Make sure the system have enough space Hardisk

root@dianseh:~# df -H
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 21G 2.1G 19G 10% /
/dev/hda3 56G 949M 55G 2% /home

3. We'll alocated 1GB for SWAP from directory /home

root@dianseh:/home# dd if=/dev/zero of=swapfile bs=1024 count=1048576
1048576+0 records in
1048576+0 records out
1073741824 bytes (1.1 GB) copied, 30.0159 s, 35.8 MB/s

4. Please check swapfile in directory /home

root@dianseh:/home# ls -l
total 1049600
drwxr-x--- 18 root root 464 2008-07-07 17:57 /master
-rw-r--r-- 1 root root 1073741824 2008-07-10 14:19 swapfile

5. You need change swapfile's
privilages for security reason

root@dianseh:/home# chmod 600 swapfile

6. Now, make swapfile active on your system

root@dianseh:/home# mkswap swapfile
Setting up swapspace version 1, size = 1073737 kB
no label, UUID=58de3638-3a1d-4a3d-a559-fcf40054367

7. This time how to get swapfile running on Linux Box.

root@dianseh:/home# swapon swapfile

8. We have 1GB added on system.

root@dianseh:~# free -m
total used free shared buffers cached
Mem: 2025 2021 4 0 158 453
-/+ buffers/cache: 1942 83
Swap: 3988 3988 1024

9. Finishing, need add one line entry to /etc/fstab :

/home/swapfile swap swap defaults 0 0

10. Done, Good Luck

What about your steps?

"Google search can help you find something"

reference :

1. Linux Howto