Friday, December 24, 2010
Thursday, December 9, 2010
Sunday, December 5, 2010
kx-tda200 user mannual EPABX system
Table of Contents
1 Before Installation ..................................................................................3
1.1 System Connection Diagram...........................................................................................4
1.2 Unpacking..........................................................................................................................5
2 Installation...............................................................................................7
2.1 Opening/Closing the Front Cover....................................................................................8
2.2 Inserting the SD Memory Card to the MPR Card............................................................9
2.3 Installing the Option Units ...............................................................................................9
2.4 Installing the Trunk Cards ..............................................................................................11
2.5 Installing the Extension Cards (DLC8/DLC16/DHLC8/MSLC16/SLC8/SLC16) ...........14
2.6 Connecting Extensions ..................................................................................................14
2.7 Frame Earth Connection ................................................................................................15
3 Starting the Hybrid IP-PBX ..................................................................17
3.1 Starting the Hybrid IP-PBX.............................................................................................18
4 Customising the Hybrid IP-PBX..........................................................19
4.1 Connecting the PC..........................................................................................................20
4.2 Installing the KX-TDA Maintenance Console ...............................................................20
4.3 Programming the Hybrid IP-PBX...................................................................................21
5 Confirming the Connection .................................................................27
5.1 Making Calls ....................................................................................................................28
1 Before Installation ..................................................................................3
1.1 System Connection Diagram...........................................................................................4
1.2 Unpacking..........................................................................................................................5
2 Installation...............................................................................................7
2.1 Opening/Closing the Front Cover....................................................................................8
2.2 Inserting the SD Memory Card to the MPR Card............................................................9
2.3 Installing the Option Units ...............................................................................................9
2.4 Installing the Trunk Cards ..............................................................................................11
2.5 Installing the Extension Cards (DLC8/DLC16/DHLC8/MSLC16/SLC8/SLC16) ...........14
2.6 Connecting Extensions ..................................................................................................14
2.7 Frame Earth Connection ................................................................................................15
3 Starting the Hybrid IP-PBX ..................................................................17
3.1 Starting the Hybrid IP-PBX.............................................................................................18
4 Customising the Hybrid IP-PBX..........................................................19
4.1 Connecting the PC..........................................................................................................20
4.2 Installing the KX-TDA Maintenance Console ...............................................................20
4.3 Programming the Hybrid IP-PBX...................................................................................21
5 Confirming the Connection .................................................................27
5.1 Making Calls ....................................................................................................................28
Tuesday, November 30, 2010
information about devices
NOTES:
Physical layer Hubs, Repeaters, Cables, NIC
Data Link Layer Bridges, Switches, NICs
access point connects computers with wireless adapters to a network
16550 UART chip
needed to provide a modem connection of 115200 bps
most computers today have 16550 UART chips for both of their serial ports
these serial ports can run as fast as 256 Kbps
transceivers can convert media types(?)
gateway translates protocols
HUBS
hub connects multiple computers to create a single logical network segment
active hub boosts signal strength
a passive hub is limited to supporting distances of less than 30 meters (100 feet)
Ethernet hub directs the data packet to all hosts on the LAN segment
Token Ring hub (MAU) will only regenerate the signal to the next device in line
NICS
NICs work at both the physical and datalink layer
You have replaced a NIC in a workstation connected to a Token Ring network, but the workstation cannot communicate with the server. What is the most likely cause of this problem?
The NIC is set for the wrong speed.** (?)
SWITCHES
switches and bridges and maybe NICs work at the data link layer
a switch can replace a hub, not a mau, or transciever, or repeater
a switch must be able to read the MAC address of each frame it receives.
This information allows switches to repeat incoming data frames
only to the computer or computers to which a frame is addressed.
This speeds up the network and reduces congestion.
BRIDGES
used to join two network segments together
allows computers on either segment to access resources on the other.
can also be used to divide large networks into smaller segments.
can also connect networks that run at different speeds, different topologies, or different protocols
cannot, join an Ethernet segment with a Token Ring segment, because these use different networking standards.
operate at MAC sublayer of the Data Link layer
Bridges read the MAC header of each frame to determine on which side of the bridge the destination device is located,
the bridge then repeats the transmission to the segment where the device is located.
ROUTER
used to connect networks of different types, such as those using different topologies and protocols
operates at the netwok layer
can switch and route packets across multiple networks
determine the best path for sending data.
can be used to segment a large network,
and to connect local area segments to a single network backbone that uses a different physical layer and data link layer standard
can also be used to connect LAN's to a WAN's.
BROUTERS
operates in the Network layer and the Data Link layer
act like a BRidge for non-routable protocols (NetBEUI) and as Routers for routable protocols (TCP/IP)
can be used to connect 2 netbeiu nets and a tcp/ip+netbeiu net, and keep net segmented
connects network segments and allows full bandwidth on all ports
combination bridge, and router in one device.
more cost effective as both the bridge and router are combined together
GATEWAYS
used to connect networks using different protocols
operate at the network(?) layer of the OSI model.
In order to communicate with a host on another network, an IP host must be configured with a route to the destination network.
If a configuration route is not found, the host uses the gateway (default IP router) to transmit the traffic to the destination host.
default t gateway is where the IP sends packets that are destined for remote networks.
If no default gateway is specified, communication is limited to the local network.
Gateways receive data from a network using one type of protocol stack,
removes that protocol stack
and repackages it with the protocol stack that the other network can use
configure default gateway to allow nodes on one local network to communicate with nodes on another network
the default gateway for a computer is usually the address of the router
functions provided by a default gateway
Provides a route for packets with destinations outside the local subnet.
"Your default gateway does not belong to one of the configured interfaces."
run ipconfig
The default gateway has been misconfigured. The default gateway setting is an IP configuration setting.
if a client needs to send a packet that is not on the client's subnet, the packet goes to the default gateway
CSU/DSUs
combines the functionality of a channel service unit (CSU) and a data service unit (DSU)
used to connect a LAN to a WAN,
and they take care of all the translation required to convert a data stream between these two methods of communication.
DSU provides all the handshaking and error correction required to maintain a connection across a wide area link, similar to a modem
DSU will accept a serial data stream from a device on the LAN and translate this into a useable data stream for the digital WAN network.
It will also take care of converting any inbound data streams from the WAN back to a serial communication.
CSU is similar to a DSU except it does not have the ability to provide handshaking or error correction.
It is strictly an interface between the LAN and the WAN and relies on some other device to provide handshaking and error correction.
MAUs
Q. users connected to the new MAU can communicate with each other but not with users on the original MAU:
A. Connect the ring in port to the ring out port on each MAU.
if using two MAUs, the ring in port of one MAU should be connected to the ring out port of the other MAU.
Q. new MAU. Users are not able to connect to the LAN. The network analyzer shows connectivity from the NICs to the RJ-45 plugged into the MAU. The most likely cause?
A. The ring in and ring out are misconfigured between MAUs.
1.5.0 Network Devices-Data Link Layer
Data Link devices work with MAC addresses
A NIC works at both physical and data link layer
Bridge/Switch Modes
store-and-forward
1. packet is first gathered and stored in its entirety
2. switch then begins to transmit it on the outbound link
cut-through
1. switch starts to transmit the front of the packet
2. back of the packet continues to arrive
Bridges
Help prevent broadcast storms
STP (Spanning Tree Protocol)
designates the state of each interface on a bridge
Forwarding - all packages recieved and forwarded
Blocking - only status of other bridge messages pass
1.5.0 Network Devices-Network Layer
Routers: 3 methodologies
1. static routing
static routing info table
does not exchange info with other routers
2. distance vector routing
dynamic routing info table
uses RIP (Routing Information Protocol)
routing path based on distance, number of hops
maxium hops = 15
3. link state routing
dynamic routing info table
maintains a copy of every other routers LSP
LSP (Link State Protocol)
OSPF (Open Shortest Path First)
routhing algorithm, successor to RIP
Physical layer Hubs, Repeaters, Cables, NIC
Data Link Layer Bridges, Switches, NICs
access point connects computers with wireless adapters to a network
16550 UART chip
needed to provide a modem connection of 115200 bps
most computers today have 16550 UART chips for both of their serial ports
these serial ports can run as fast as 256 Kbps
transceivers can convert media types(?)
gateway translates protocols
HUBS
hub connects multiple computers to create a single logical network segment
active hub boosts signal strength
a passive hub is limited to supporting distances of less than 30 meters (100 feet)
Ethernet hub directs the data packet to all hosts on the LAN segment
Token Ring hub (MAU) will only regenerate the signal to the next device in line
NICS
NICs work at both the physical and datalink layer
You have replaced a NIC in a workstation connected to a Token Ring network, but the workstation cannot communicate with the server. What is the most likely cause of this problem?
The NIC is set for the wrong speed.** (?)
SWITCHES
switches and bridges and maybe NICs work at the data link layer
a switch can replace a hub, not a mau, or transciever, or repeater
a switch must be able to read the MAC address of each frame it receives.
This information allows switches to repeat incoming data frames
only to the computer or computers to which a frame is addressed.
This speeds up the network and reduces congestion.
BRIDGES
used to join two network segments together
allows computers on either segment to access resources on the other.
can also be used to divide large networks into smaller segments.
can also connect networks that run at different speeds, different topologies, or different protocols
cannot, join an Ethernet segment with a Token Ring segment, because these use different networking standards.
operate at MAC sublayer of the Data Link layer
Bridges read the MAC header of each frame to determine on which side of the bridge the destination device is located,
the bridge then repeats the transmission to the segment where the device is located.
ROUTER
used to connect networks of different types, such as those using different topologies and protocols
operates at the netwok layer
can switch and route packets across multiple networks
determine the best path for sending data.
can be used to segment a large network,
and to connect local area segments to a single network backbone that uses a different physical layer and data link layer standard
can also be used to connect LAN's to a WAN's.
BROUTERS
operates in the Network layer and the Data Link layer
act like a BRidge for non-routable protocols (NetBEUI) and as Routers for routable protocols (TCP/IP)
can be used to connect 2 netbeiu nets and a tcp/ip+netbeiu net, and keep net segmented
connects network segments and allows full bandwidth on all ports
combination bridge, and router in one device.
more cost effective as both the bridge and router are combined together
GATEWAYS
used to connect networks using different protocols
operate at the network(?) layer of the OSI model.
In order to communicate with a host on another network, an IP host must be configured with a route to the destination network.
If a configuration route is not found, the host uses the gateway (default IP router) to transmit the traffic to the destination host.
default t gateway is where the IP sends packets that are destined for remote networks.
If no default gateway is specified, communication is limited to the local network.
Gateways receive data from a network using one type of protocol stack,
removes that protocol stack
and repackages it with the protocol stack that the other network can use
configure default gateway to allow nodes on one local network to communicate with nodes on another network
the default gateway for a computer is usually the address of the router
functions provided by a default gateway
Provides a route for packets with destinations outside the local subnet.
"Your default gateway does not belong to one of the configured interfaces."
run ipconfig
The default gateway has been misconfigured. The default gateway setting is an IP configuration setting.
if a client needs to send a packet that is not on the client's subnet, the packet goes to the default gateway
CSU/DSUs
combines the functionality of a channel service unit (CSU) and a data service unit (DSU)
used to connect a LAN to a WAN,
and they take care of all the translation required to convert a data stream between these two methods of communication.
DSU provides all the handshaking and error correction required to maintain a connection across a wide area link, similar to a modem
DSU will accept a serial data stream from a device on the LAN and translate this into a useable data stream for the digital WAN network.
It will also take care of converting any inbound data streams from the WAN back to a serial communication.
CSU is similar to a DSU except it does not have the ability to provide handshaking or error correction.
It is strictly an interface between the LAN and the WAN and relies on some other device to provide handshaking and error correction.
MAUs
Q. users connected to the new MAU can communicate with each other but not with users on the original MAU:
A. Connect the ring in port to the ring out port on each MAU.
if using two MAUs, the ring in port of one MAU should be connected to the ring out port of the other MAU.
Q. new MAU. Users are not able to connect to the LAN. The network analyzer shows connectivity from the NICs to the RJ-45 plugged into the MAU. The most likely cause?
A. The ring in and ring out are misconfigured between MAUs.
1.5.0 Network Devices-Data Link Layer
Data Link devices work with MAC addresses
A NIC works at both physical and data link layer
Bridge/Switch Modes
store-and-forward
1. packet is first gathered and stored in its entirety
2. switch then begins to transmit it on the outbound link
cut-through
1. switch starts to transmit the front of the packet
2. back of the packet continues to arrive
Bridges
Help prevent broadcast storms
STP (Spanning Tree Protocol)
designates the state of each interface on a bridge
Forwarding - all packages recieved and forwarded
Blocking - only status of other bridge messages pass
1.5.0 Network Devices-Network Layer
Routers: 3 methodologies
1. static routing
static routing info table
does not exchange info with other routers
2. distance vector routing
dynamic routing info table
uses RIP (Routing Information Protocol)
routing path based on distance, number of hops
maxium hops = 15
3. link state routing
dynamic routing info table
maintains a copy of every other routers LSP
LSP (Link State Protocol)
OSPF (Open Shortest Path First)
routhing algorithm, successor to RIP
Saturday, November 27, 2010
difference between outlook express and Microsoft outlook
How to Decide Which Client Best Suits Your Needs
When choosing between Outlook Express and Outlook, users and organizations should base their usage decision on the following criteria:
Outlook Express
Choose Outlook Express if:
You require only Internet e-mail and newsgroup functionality (for versions of Windows later than Microsoft Windows 95, versions of Windows earlier than Microsoft Windows 95, Macintosh, and UNIX platforms).
You use or plan to use Office 98 for Macintosh, and you want to take advantage of the integration of Outlook Express with this version of the Office suite.
Outlook
Choose Outlook if:
You require advanced Internet standards-based e-mail and discussion group functionality.
You require integrated personal calendars, group scheduling, task, and contact management.
You require integrated e-mail and calendaring, cross-platform clients for versions of Windows later than Microsoft Windows 95, versions of Windows earlier than Microsoft Windows 95, and Macintosh platforms.
You use, or plan to use Office 97, Office 2000, Office XP or Exchange Server and want to take advantage of the integration of Outlook with this version of the Office suite, and the integration with Exchange Server.
You require robust, integrated run-time and design-time collaboration capabilities
When choosing between Outlook Express and Outlook, users and organizations should base their usage decision on the following criteria:
Outlook Express
Choose Outlook Express if:
You require only Internet e-mail and newsgroup functionality (for versions of Windows later than Microsoft Windows 95, versions of Windows earlier than Microsoft Windows 95, Macintosh, and UNIX platforms).
You use or plan to use Office 98 for Macintosh, and you want to take advantage of the integration of Outlook Express with this version of the Office suite.
Outlook
Choose Outlook if:
You require advanced Internet standards-based e-mail and discussion group functionality.
You require integrated personal calendars, group scheduling, task, and contact management.
You require integrated e-mail and calendaring, cross-platform clients for versions of Windows later than Microsoft Windows 95, versions of Windows earlier than Microsoft Windows 95, and Macintosh platforms.
You use, or plan to use Office 97, Office 2000, Office XP or Exchange Server and want to take advantage of the integration of Outlook with this version of the Office suite, and the integration with Exchange Server.
You require robust, integrated run-time and design-time collaboration capabilities
Monday, November 22, 2010
how to configure pix firwall
How to Configure Cisco PIX Firewall Part I
Cisco
How to Configure PIX Firewall.
Abstract:
Please find below a step by step process to configure the PIX Firewall from scratch. A simple scenario is given here where you have a corporate network with a PIX Firewall connected to the Internet through the Outside Interface, Internal Network through the Inside interface and DMZ through the DMZ Network. This paper would assist you in a simple step by step, near complete configuration for a PIX Firewall running a midsized corporate network
Cisco
How to Configure PIX Firewall.
Abstract:
Please find below a step by step process to configure the PIX Firewall from scratch. A simple scenario is given here where you have a corporate network with a PIX Firewall connected to the Internet through the Outside Interface, Internal Network through the Inside interface and DMZ through the DMZ Network. This paper would assist you in a simple step by step, near complete configuration for a PIX Firewall running a midsized corporate network
Thursday, October 14, 2010
Acess Control List
Prerequisites
Requirements
There are no specific prerequisites for this document. The concepts discussed are present in Cisco IOS® Software Releases 8.3 or later. This is noted under each access list feature.
Components Used
This document discusses various types of ACLs. Some of these are present since Cisco IOS Software Releases 8.3 and others were introduced in later software releases. This is noted in the discussion of each type.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
ACL Concepts
This section describes ACL concepts.
Masks
Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255 and have the large values on the left side, for example, IP address 209.165.202.129 with a 255.255.255.224 mask. Masks for IP ACLs are the reverse, for example, mask 0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask is a "don't care". This table further explains the concept.
Mask Example
network address (traffic that is to be processed) 10.1.1.0
mask 0.0.0.255
network address (binary) 00001010.00000001.00000001.00000000
mask (binary) 00000000.00000000.00000000.11111111
Based on the binary mask, you can see that the first three sets (octets) must match the given binary network address exactly (00001010.00000001.00000001). The last set of numbers are "don't cares" (.11111111). Therefore, all traffic that begins with 10.1.1. matches since the last octet is "don't care". Therefore, with this mask, network addresses 10.1.1.1 through 10.1.1.255 (10.1.1.x) are processed.
Subtract the normal mask from 255.255.255.255 in order to determine the ACL inverse mask. In this example, the inverse mask is determined for network address 172.16.1.0 with a normal mask of 255.255.255.0.
255.255.255.255 - 255.255.255.0 (normal mask) = 0.0.0.255 (inverse mask)
Note these ACL equivalents.
The source/source-wildcard of 0.0.0.0/255.255.255.255 means "any".
The source/wildcard of 10.1.1.2/0.0.0.0 is the same as "host 10.1.1.2".
ACL Summarization
Note: Subnet masks can also be represented as a fixed length notation. For example, 192.168.10.0/24 represents 192.168.10.0 255.255.255.0.
This list describes how to summarize a range of networks into a single network for ACL optimization. Consider these networks.
192.168.32.0/24
192.168.33.0/24
192.168.34.0/24
192.168.35.0/24
192.168.36.0/24
192.168.37.0/24
192.168.38.0/24
192.168.39.0/24
The first two octets and the last octet are the same for each network. This table is an explanation of how to summarize these into a single network.
The third octet for the previous networks can be written as seen in this table, according to the octet bit position and address value for each bit.
Decimal 128 64 32 16 8 4 2 1
32 0 0 1
33 0 0 1 1
34 0 0 1 1
35 0 0 1 1 1
36 1 1
37 1 1 1
38
39 1 1 1 1
Since the first five bits match, the previous eight networks can be summarized into one network (192.168.32.0/21 or 192.168.32.0 255.255.248.0). All eight possible combinations of the three low-order bits are relevant for the network ranges in question. This command defines an ACL that permits this network. If you subtract 255.255.248.0 (normal mask) from 255.255.255.255, it yields 0.0.7.255.
access-list acl_permit permit ip 192.168.32.0 0.0.7.255
Consider this set of networks for further explanation.
192.168.146.0/24
192.168.147.0/24
192.168.148.0/24
192.168.149.0/24
The first two octets and the last octet are the same for each network. This table is an explanation of how to summarize these.
The third octet for the previous networks can be written as seen in this table, according to the octet bit position and address value for each bit.
Decimal
128
64
32
16
8
4
2
1
146
1
0
0
1
0
0
1
0
147
1
0
0
1
0
0
1
1
148
1
0
0
1
0
1
0
0
149
1
0
0
1
0
1
0
1
M
M
M
M
M
?
?
?
Unlike the previous example, you cannot summarize these networks into a single network. If they are summarized to a single network, they become 192.168.144.0/21 because there are five bits similar in the third octet. This summarized network 192.168.144.0/21 covers a range of networks from 192.168.144.0 to 192.168.151.0. Among these, 192.168.144.0, 192.168.145.0, 192.168.150.0, and 192.168.151.0 networks are not in the given list of four networks. In order to cover the specific networks in question, you need a minimum of two summarized networks. The given four networks can be summarized into these two networks:
For networks 192.168.146.x and 192.168.147.x, all bits match except for the last one, which is a "don't care." This can be written as 192.168.146.0/23 (or 192.168.146.0 255.255.254.0).
For networks 192.168.148.x and 192.168.149.x, all bits match except for the last one, which is a "don't care." This can be written as 192.168.148.0/23 (or 192.168.148.0 255.255.254.0).
This output defines a summarized ACL for the above networks.
!--- This command is used to allow access access for devices with IP
!--- addresses in the range from 192.168.146.0 to 192.168.147.254.
access-list 10 permit 192.168.146.0 0.0.1.255
!--- This command is used to allow access access for devices with IP
!--- addresses in the range from 192.168.148.0 to 192.168.149.254
access-list 10 permit 192.168.148.0 0.0.1.255
Process ACLs
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. A single-entry ACL with only one deny entry has the effect of denying all traffic. You must have at least one permit statement in an ACL or all traffic is blocked. These two ACLs (101 and 102) have the same effect.
!--- This command is used to permit IP traffic from 10.1.1.0
!--- network to 172.16.1.0 network. All packets with a source
!--- address not in this range will be rejected.
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
!--- This command is used to permit IP traffic from 10.1.1.0
!--- network to 172.16.1.0 network. All packets with a source
!--- address not in this range will be rejected.
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 deny ip any any
In this example, the last entry is sufficient. You do not need the first three entries because TCP includes Telnet, and IP includes TCP, User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
!--- This command is used to permit Telnet traffic
!--- from machine 10.1.1.2 to machine 172.16.1.1.
access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
!--- This command is used to permit tcp traffic from
!--- 10.1.1.2 host machine to 172.16.1.1 host machine.
access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1
!--- This command is used to permit udp traffic from
!--- 10.1.1.2 host machine to 172.16.1.1 host machine.
access-list 101 permit udp host 10.1.1.2 host 172.16.1.1
!--- This command is used to permit ip traffic from
!--- 10.1.1.0 network to 172.16.1.10 network.
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Define Ports and Message Types
In addition to defining ACL source and destination, it is possible to define ports, ICMP message types, and other parameters. A good source of information for well-known ports is RFC 1700 . ICMP message types are explained in RFC 792 .
The router can display descriptive text on some of the well-known ports. Use a ? for help.
access-list 102 permit tcp host 10.1.1.1 host 172.16.1.1 eq ?
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
During configuration, the router also converts numeric values to more user-friendly values. This is an example where you type the ICMP message type number and it causes the router to convert the number to a name.
access-list 102 permit icmp host 10.1.1.1 host 172.16.1.1 14
becomes
access-list 102 permit icmp host 10.1.1.1 host 172.16.1.1 timestamp-reply
Apply ACLs
You can define ACLs without applying them. But, the ACLs have no effect until they are applied to the interface of the router. It is a good practice to apply the ACL on the interface closest to the source of the traffic. As shown in this example, when you try to block traffic from source to destination, you can apply an inbound ACL to E0 on router A instead of an outbound list to E1 on router C. An access-list has a deny ip any any implicitly at the end of any access-list. If traffic is related to a DHCP request and if it is not explicity permitted, the traffic is dropped because when you look at DHCP request in IP, the source address is s=0.0.0.0 (Ethernet1/0), d=255.255.255.255, len 604, rcvd 2 UDP src=68, dst=67. Note that the source IP address is 0.0.0.0 and destination address is 255.255.255.255. Source port is 68 and destination 67. Hence, you should permit this kind of traffic in your access-list else the traffic is dropped due to implicit deny at the end of the statement.
Note: For UDP traffic to pass through, UDP traffic must also be permited explicitly by the ACL
Tuesday, October 12, 2010
redistribution of eigrp into ospf
In this example, Router B has two Fast Ethernet interfaces. FastEthernet 0/0 is in network 10.1.1.0/24 and FastEthernet 0/1 is in network 20.1.1.0/24. Router B is running EIGRP with Router A, and OSPF with Router C. Router B is mutually redistributing between the EIGRP and OSPF processes. This is the pertinent configuration information for Router B:
Router B
interface FastEthernet0/0
ip address 10.1.1.4 255.255.255.0
interface FastEthernet0/1
ip address 20.1.1.4 255.255.255.0
router eigrp 7
redistribute ospf 7 metric 10000 100 255 1 1500
network 10.1.1.0 0.0.0.255
auto-summary
no eigrp log-neighbor-changes
!
router ospf 7
log-adjacency-changes
redistribute eigrp 7 subnets
network 20.1.1.0 0.0.0.255 area 0
If you look at the routing table for Router B, you see the following:
routerB#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.1.1.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/0
From the configuration and the routing table above there are three things to notice:
The networks in question are in Router B routing table as directly connected networks.
Network 10.1.1.0/24 is part of the EIGRP process and network 20.1.1.0/24 is part of the OSPF process.
Router B is mutually redistributing between EIGRP and OSPF.
Below are the routing tables for Routers A and C.
routerA#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0
20.0.0.0/24 is subnetted, 1 subnets
D EX 20.1.1.0 [170/284160] via 10.1.1.4, 00:07:26, FastEthernet0
routerC#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.1.1.0 is directly connected, FastEthernet1
O E2 10.1.1.0 [110/20] via 20.1.1.4, 00:07:32, FastEthernet1
Router A has learned about network 20.1.1.0/24 via EIGRP, which is shown as an external route, because it was redistributed from OSPF into EIGRP. Router C has learned about network 10.1.1.0/24 via OSPF as an external route, because it was redistributed from EIGRP into OSPF. Although Router B is not redistributing connected networks, it does advertise the network 10.1.1.0/24, which is part of the EIGRP process redistributed into OSPF. Similarly, Router B advertises network 20.1.1.0/24, which is part of the OSPF process redistributed into EIGRP.
Refer to Redistributing Connected Networks into OSPF for more information about connected routes being redistributed into OSPF.
Note: By default, only EBGP-learned information is candidate to be redistributed into IGP when the redistibute bgp command is issued. The IBGP routes is not redistributed into IGP until the bgp redistribute-internal command is configured under the router bgp command. But precautions must be taken in order to avoid loops within the Autonomous System when IBGP routes are redistirbuted into IGP.
Avoiding Problems Due to Redistribution
redistribution of rip into ospf
OSPF route redistribution is an important topic on the BSCI exam, and its a topic full of details and defaults that you need to know for the exam room and the job.
To help you pass the BSCI exam, heres a quick review of some of the OSPF route redistribution basics.
To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border and autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
rip, includes subnets in redistribution
When redistributing RIP into OSPF, the "subnets" option is needed to include subnets in redistribution. When redistributing OSPF into RIP, a seed metric must be specified. (OSPF gives redistributed routes a default metric of 20 - this can be changed, but a seed metric does not have to be set.)
R1(config)#router ospf 1
R1(config-router)#redistribute connected
% Only classful networks will be redistributed
R1(config-router)#redistribute connected subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#router rip
R1(config-router)#redistribute connected metric 1
R1(config-router)#redistribute ospf 1 metric 1
By default, routes redistributed into OSPF are marked as E2 routes. The metric for these routes reflects only the cost of the path from the ASBR to the destination network and does not include the cost of the path from the local router to the ASBR. By contrast, E1 routes include the cost of the entire path from the local router to the destination network.
O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
15.0.0.0/24 is subnetted, 1 subnets
O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
To redistribute routes into OSPF and mark them as E1 upon redistribution, use the metric-type option with the redistribution command.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R1(config-router)#redistribute rip subnets metric-type 1
Look at the same two routes in R4s routing table, which are now displayed as E1 routes:
O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0
To help you pass the BSCI exam, heres a quick review of some of the OSPF route redistribution basics.
To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.
R1#show ip ospf
Routing Process "ospf 1" with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border and autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
rip, includes subnets in redistribution
When redistributing RIP into OSPF, the "subnets" option is needed to include subnets in redistribution. When redistributing OSPF into RIP, a seed metric must be specified. (OSPF gives redistributed routes a default metric of 20 - this can be changed, but a seed metric does not have to be set.)
R1(config)#router ospf 1
R1(config-router)#redistribute connected
% Only classful networks will be redistributed
R1(config-router)#redistribute connected subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#router rip
R1(config-router)#redistribute connected metric 1
R1(config-router)#redistribute ospf 1 metric 1
By default, routes redistributed into OSPF are marked as E2 routes. The metric for these routes reflects only the cost of the path from the ASBR to the destination network and does not include the cost of the path from the local router to the ASBR. By contrast, E1 routes include the cost of the entire path from the local router to the destination network.
O E2 5.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
172.12.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.12.21.0/30 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
O E2 7.1.1.1 [110/20] via 172.34.34.3, 00:33:21, Ethernet0
15.0.0.0/24 is subnetted, 1 subnets
O E2 15.1.1.0 [110/20] via 172.34.34.3, 00:33:32, Ethernet0
To redistribute routes into OSPF and mark them as E1 upon redistribution, use the metric-type option with the redistribution command.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R1(config-router)#redistribute rip subnets metric-type 1
Look at the same two routes in R4s routing table, which are now displayed as E1 routes:
O E1 5.1.1.1 [110/94] via 172.34.34.3, 00:04:13, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E1 6.1.1.1 [110/94] via 172.34.34.3, 00:04:14, Ethernet0
Sunday, August 8, 2010
Thursday, July 22, 2010
Monday, July 12, 2010
configuring webmin proxy on ubuntu
Configuring the Squid Proxy Server
Introduction to proxying and Squid
The Squid Proxy Server module
Changing the proxy ports and addresses
Adding cache directories
Editing caching and proxy options
Introduction to access control lists
Creating and editing ACLs
Creating and editing proxy restrictions
Setting up proxy authentication
Configuring logging
Connecting to other proxies
Clearing the cache
Setting up a transparent proxy
Viewing cache manager statistics
Analyzing the Squid logs
Module access control
Configuring the Squid Proxy Server module
Configuring the Squid Proxy Server
This page explains what an HTTP or FTP proxy server is, then explains how Webmin can be used to configure the popular Squid proxy program.
Introduction to proxying and Squid
An HTTP proxy server is basically a program that accepts requests from clients for URLs, fetches them, and returns the results to the client. Proxies are used on networks where clients do not have direct access to the Internet but still need to be able to view web pages, and for caching commonly requested pages so that if more than one client wants to view the same page it only has to be downloaded once.
Many companies and organizations have their firewalls set up to block all incoming and outgoing traffic by systems on internal LANs. This may be done for security reasons, or to limit what employees can access on the Internet. Because being able to view web pages is extremely useful, a proxy is often set up so that websites can be accessed through it.
Large organizations and ISPs with many client PCs accessing the web may also want to run a proxy server to reduce the load on their networks. Because one of the main tasks of a proxy is caching pages requested by clients, any page asked for more than once will be returned from the cache instead of being fetched from the originating server. For this reason clients systems are often recommended or forced to use a caching proxy to access the web.
A proxy is only useful if client browsers are configured to use it instead of connecting to web sites directly. Fortunately, every browser in existence and almost all programs that download files via HTTP for various purposes can be configured to use a proxy. This tells them to make a special proxy HTTP connection to the proxy server instead, specifying the complete URL to download.
Proxies are not just for HTTP - they can also support FTP and Gopher protocol requests from clients, which they service by making a FTP or Gopher connection to the actual requested server. Even encrypted SSL connections can be handled by a proxy, even though it cannot de-crypt the request. Instead the proxy simply forwards all data from the client to the destination server and back again.
Squid is the most popular proxy server for Unix systems. It is freely available for download from www.squid-cache.org, and is included as a standard package with all Linux distributions and many other operating systems. Squid supports both proxying, caching and HTTP acceleration, and has a large number of configuration options to control the behavior of these features.
Squid reads its configuration from the text file squid.conf, usually found in or under the /etc directory. This file consists of a series of directives, one per line, each of which has a name and value. Each directive sets some option, such as the TCP port to listen on or a directory to store cached files in. Webmin's Squid module edits this file directly, ignoring any comments or directives that it does not understand.
Many versions of Squid have been released over the years, each of which has supported different configuration directives or assigned different meanings to the same directives. This means that a squid.conf file from version 2.0 may not be compatible with Squid 2.5 - and one from Squid 2.5 certainly will not work with version 2.0. Fortunately, Webmin knows which directives each release supports and only allows editing of those that are known to the running version of Squid.
Cached web pages are stored in files in a multi-level directory structure for increased filesystem performance. Squid can be configured to use multiple separate cache directories, so that you can spread files over different disks to improve performance. Every time a cacheable page is requested it is stored in a file, so that when a subsequent request for the same page arrives the file can be read and the data served from it. Because some web pages change over time (or are even dynamically generated), Squid keeps track of the last-modified and expiry dates of web pages so that it can clear data from the cache when it is out of date.
The actual program that handles client requests is a permanently running server process called squid. It may also start several other sub-processes for tasks such as DNS lookups or client authentication, but all the actual HTTP protocol processing is done in the single master process. Unlike other similar servers such as Apache or Sendmail, Squid does not start or use sub-processes to handle client requests.
Squid can be compiled on all the flavors of Unix that Webmin supports, and works almost identically on all of them. This means that the Webmin module's user interface is the same across operating systems as well, with the exception of the default paths that it uses for the Squid programs and configuration files.
The Squid Proxy Server module
If you want to set up or configure Squid from within Webmin, you will need to use the Squid Proxy Server module, found under the Servers category. When its icon is clicked on, the page shown in the screenshot below will appear, assuming that Squid is installed and configured correctly. As you can see, the main page consists only of a table of icons, each of which can be clicked on to bring up a form for editing settings in that category
Introduction to proxying and Squid
The Squid Proxy Server module
Changing the proxy ports and addresses
Adding cache directories
Editing caching and proxy options
Introduction to access control lists
Creating and editing ACLs
Creating and editing proxy restrictions
Setting up proxy authentication
Configuring logging
Connecting to other proxies
Clearing the cache
Setting up a transparent proxy
Viewing cache manager statistics
Analyzing the Squid logs
Module access control
Configuring the Squid Proxy Server module
Configuring the Squid Proxy Server
This page explains what an HTTP or FTP proxy server is, then explains how Webmin can be used to configure the popular Squid proxy program.
Introduction to proxying and Squid
An HTTP proxy server is basically a program that accepts requests from clients for URLs, fetches them, and returns the results to the client. Proxies are used on networks where clients do not have direct access to the Internet but still need to be able to view web pages, and for caching commonly requested pages so that if more than one client wants to view the same page it only has to be downloaded once.
Many companies and organizations have their firewalls set up to block all incoming and outgoing traffic by systems on internal LANs. This may be done for security reasons, or to limit what employees can access on the Internet. Because being able to view web pages is extremely useful, a proxy is often set up so that websites can be accessed through it.
Large organizations and ISPs with many client PCs accessing the web may also want to run a proxy server to reduce the load on their networks. Because one of the main tasks of a proxy is caching pages requested by clients, any page asked for more than once will be returned from the cache instead of being fetched from the originating server. For this reason clients systems are often recommended or forced to use a caching proxy to access the web.
A proxy is only useful if client browsers are configured to use it instead of connecting to web sites directly. Fortunately, every browser in existence and almost all programs that download files via HTTP for various purposes can be configured to use a proxy. This tells them to make a special proxy HTTP connection to the proxy server instead, specifying the complete URL to download.
Proxies are not just for HTTP - they can also support FTP and Gopher protocol requests from clients, which they service by making a FTP or Gopher connection to the actual requested server. Even encrypted SSL connections can be handled by a proxy, even though it cannot de-crypt the request. Instead the proxy simply forwards all data from the client to the destination server and back again.
Squid is the most popular proxy server for Unix systems. It is freely available for download from www.squid-cache.org, and is included as a standard package with all Linux distributions and many other operating systems. Squid supports both proxying, caching and HTTP acceleration, and has a large number of configuration options to control the behavior of these features.
Squid reads its configuration from the text file squid.conf, usually found in or under the /etc directory. This file consists of a series of directives, one per line, each of which has a name and value. Each directive sets some option, such as the TCP port to listen on or a directory to store cached files in. Webmin's Squid module edits this file directly, ignoring any comments or directives that it does not understand.
Many versions of Squid have been released over the years, each of which has supported different configuration directives or assigned different meanings to the same directives. This means that a squid.conf file from version 2.0 may not be compatible with Squid 2.5 - and one from Squid 2.5 certainly will not work with version 2.0. Fortunately, Webmin knows which directives each release supports and only allows editing of those that are known to the running version of Squid.
Cached web pages are stored in files in a multi-level directory structure for increased filesystem performance. Squid can be configured to use multiple separate cache directories, so that you can spread files over different disks to improve performance. Every time a cacheable page is requested it is stored in a file, so that when a subsequent request for the same page arrives the file can be read and the data served from it. Because some web pages change over time (or are even dynamically generated), Squid keeps track of the last-modified and expiry dates of web pages so that it can clear data from the cache when it is out of date.
The actual program that handles client requests is a permanently running server process called squid. It may also start several other sub-processes for tasks such as DNS lookups or client authentication, but all the actual HTTP protocol processing is done in the single master process. Unlike other similar servers such as Apache or Sendmail, Squid does not start or use sub-processes to handle client requests.
Squid can be compiled on all the flavors of Unix that Webmin supports, and works almost identically on all of them. This means that the Webmin module's user interface is the same across operating systems as well, with the exception of the default paths that it uses for the Squid programs and configuration files.
The Squid Proxy Server module
If you want to set up or configure Squid from within Webmin, you will need to use the Squid Proxy Server module, found under the Servers category. When its icon is clicked on, the page shown in the screenshot below will appear, assuming that Squid is installed and configured correctly. As you can see, the main page consists only of a table of icons, each of which can be clicked on to bring up a form for editing settings in that category
Friday, June 25, 2010
Intel DG31PR Intel G31 Chipset 1333 FSB — Rs.2875
Intel DG41RQ Intel G41 Chipset 1333 FSB — Rs.3000
Intel DG35EC Intel G35 Chipset 1333 FSB — Rs.4250
Intel DG33FB Intel G33 Chipset 1333 FSB — Rs.4950
Intel DG43GT Intel G43 Chipset 1333 FSB — Rs.4750
Intel Q9450 Core 2 Quad Processor – 15490/- Indian Rupee
Intel Q9400 Core 2 Quad Processor – 10000/- Indian Rupee
Intel Q8200 Core 2 Quad Processor – 8290/- Indian Rupee
Intel Q8400 Core 2 Quad Processor – 8590/- Indian Rupee
Intel Q9550 Core 2 Quad Processor – 11490/- Indian Rupee
Intel Q9650 Core 2 Quad Processor – 16500/- Indian Rupee
Intel Quad Core Q9505 (2.83 GHz,6MB L2 cache,1333MHz FSB) – Rs.11,400
Intel Core 2 Duo Processor Price List India
Intel E8400 Core 2 Duo Processor – 8800/- Indian Rupee
Intel E8500 Core 2 Duo Processor – 8200/- Indian Rupee
Intel E7500 Core 2 Duo Processor – 5800/- Indian Rupee
Intel E7400 Core 2 Duo Processor – 6100/- Indian Rupee
Intel DG45ID Intel P45 Chipset 1333 FSB — Rs.5750
Intel DQ45CB Intel Q45 Chipset 1333 FSB — Rs.7750
Intel DG41TY Intel G41 Chipset 1333 FSB — Rs.3475
Intel DG43NB Intel G43 Chipset 1333 FSB — Rs.4650
Intel DX58SO Intel X58 Express Chipset — Rs.14800
Intel WX58BP Intel X58 Express Chipset — Rs.10850
Transcend 2 GB 800 Mhz DDR2 RAM Price – 2400/-
Kingston 2 GB 800 Mhz DDR2 RAM Price – 2400/-
Corsair 2 GB DDR2 RAM Price – 2500/-
Corsair 2 GB Dominator 1066 Mhz RAM Price – 4000/-
OCZ 2 GB DDR2 RAM Price – 2600/-
OCZ 2 GB DDR2 SLI Ready Dual Channel RAM Price – 3000/-
Transcend 1 GB DDR2 RAM Price – 650/-
Transcend 1 GB 800 Mhz DDR2 RAM Price – 750/-
Kingston 1 GB DDR2 RAM Price – 700/-
Kingston 1 GB 800 Mhz DDR2 RAM Price – 850/-
Corsair 1 GB DDR2 RAM Price – 950/-
OCZ 1 GB DDR2 RAM Price – 750/
Transcend 512 MB DDR RAM Price – 1250/-
Kingston 512 MB DDR RAM Price – 1275/-
Transcend 512 MB DDR2 RAM Price – 400/-
Kingston 512 MB DDR2 RAM Price – 400/-
OCZ 512 MB DDR2 RAM Price – 500/-
Intel DG41RQ Intel G41 Chipset 1333 FSB — Rs.3000
Intel DG35EC Intel G35 Chipset 1333 FSB — Rs.4250
Intel DG33FB Intel G33 Chipset 1333 FSB — Rs.4950
Intel DG43GT Intel G43 Chipset 1333 FSB — Rs.4750
Intel Q9450 Core 2 Quad Processor – 15490/- Indian Rupee
Intel Q9400 Core 2 Quad Processor – 10000/- Indian Rupee
Intel Q8200 Core 2 Quad Processor – 8290/- Indian Rupee
Intel Q8400 Core 2 Quad Processor – 8590/- Indian Rupee
Intel Q9550 Core 2 Quad Processor – 11490/- Indian Rupee
Intel Q9650 Core 2 Quad Processor – 16500/- Indian Rupee
Intel Quad Core Q9505 (2.83 GHz,6MB L2 cache,1333MHz FSB) – Rs.11,400
Intel Core 2 Duo Processor Price List India
Intel E8400 Core 2 Duo Processor – 8800/- Indian Rupee
Intel E8500 Core 2 Duo Processor – 8200/- Indian Rupee
Intel E7500 Core 2 Duo Processor – 5800/- Indian Rupee
Intel E7400 Core 2 Duo Processor – 6100/- Indian Rupee
Intel DG45ID Intel P45 Chipset 1333 FSB — Rs.5750
Intel DQ45CB Intel Q45 Chipset 1333 FSB — Rs.7750
Intel DG41TY Intel G41 Chipset 1333 FSB — Rs.3475
Intel DG43NB Intel G43 Chipset 1333 FSB — Rs.4650
Intel DX58SO Intel X58 Express Chipset — Rs.14800
Intel WX58BP Intel X58 Express Chipset — Rs.10850
Transcend 2 GB 800 Mhz DDR2 RAM Price – 2400/-
Kingston 2 GB 800 Mhz DDR2 RAM Price – 2400/-
Corsair 2 GB DDR2 RAM Price – 2500/-
Corsair 2 GB Dominator 1066 Mhz RAM Price – 4000/-
OCZ 2 GB DDR2 RAM Price – 2600/-
OCZ 2 GB DDR2 SLI Ready Dual Channel RAM Price – 3000/-
Transcend 1 GB DDR2 RAM Price – 650/-
Transcend 1 GB 800 Mhz DDR2 RAM Price – 750/-
Kingston 1 GB DDR2 RAM Price – 700/-
Kingston 1 GB 800 Mhz DDR2 RAM Price – 850/-
Corsair 1 GB DDR2 RAM Price – 950/-
OCZ 1 GB DDR2 RAM Price – 750/
Transcend 512 MB DDR RAM Price – 1250/-
Kingston 512 MB DDR RAM Price – 1275/-
Transcend 512 MB DDR2 RAM Price – 400/-
Kingston 512 MB DDR2 RAM Price – 400/-
OCZ 512 MB DDR2 RAM Price – 500/-
Thursday, June 24, 2010
how to install tinyproxy on your linux system
1. From your home Linux system, type:
sudo gedit /etc/apt/sources.list &
2. Uncomment the universe options (temporarily) and save and quit editor.
3. Type:
sudo apt-get update
(WARNING: Ignore if Ubuntu pops open a window asking you to update your system -- if you update, you might end up pulling from the universe source and it could make your system more unstable. We'll undo this in a moment.)
sudo apt-get install tinyproxy
sudo gedit /etc/apt/sources.list &
4. Comment the universe options and save and quit the editor.
5. Type:
sudo apt-get update
sudo gedit /etc/tiny*/*.conf &
6. Uncomment these lines:
Filter "/etc/tinyproxy/filter"
FilterURLs On
7. Don't close your editor just yet. Think about your home subnet. Is it "192.168.0.x"? (In many cases this is the case if you are using Windows or are behind a Cable\DSL router. See what IP addresses your home PCs use and that should help you define your subnet. If you don't have a subnet, then that's beyond the discussion here about how to set up your own home subnet. Look elsewhere in Ubuntu Forums for that.)
8. In your tinyproxy.conf file that you're still editing, add a line like this for your current subnet, assuming it's "192.168.0.x":
Allow 192.168.0.0/24
9. The /24 stands for the "netmask". The short of it is that it allows 0-255 on the last part of the IP address, meaning, usually, your entire home subnet. I've got you going with a shortcut. If you want more help on netmasks, that's beyond the discussion here. I had to Google for it with keywords "squid and netmask" because tinyproxy and Squid use the same kind of "Allow" statement.
10. Now save your tinyproxy.conf file.
11. Type:
sudo cp /usr/share/tinyproxy/default.html /usr/share/tinyproxy/default.html.ORIGINAL
sudo gedit /usr/share/tinyproxy/default.html &
12. Now you see an HTML page. The reason I took you here is because this is the template page one sees when they have violated the proxy and gone somewhere they should not have. By default, this page is fairly ugly, and, frankly, confusing for young eyes to see. If you know a little HTML, edit this file to make it less confusing for children. Just note that this HTML is special in that it cannot load images -- it's just text you can put in here. Also watch out for the {} statements -- these are fillers that get filled in by the proxy. Now save the file when done.
13. Type:
sudo gedit /etc/tiny*/filter &
14. Now you're editing the filter file. In this part, it's actually pretty hillarious. I don't recommend you let anyone see you type this. You have to think up all the vile keywords on the planet that are not part of another word. For instance, if you look closely at the word "grapes", there's a vile word in there. The same with "advertisement" if you look close enough. So you can't filter on those kinds of vile words (that are inside "advertisement" and "grapes".) However, you can filter on other vile words. So, you can only use keywords that are not part of some other word. That discussion is beyond the discussion of this forum. And hey, if you don't have to type this vile list, but can find it on the Internet and download it, then that's your choice and will probably save you the hassle. You can also put in stuff like "http://www.dontgohere.com" for sites like "dontgohere.com" when you don't want users going there. When done, save the file.
15. Now we bounce the tinyproxy by doing:
sudo /etc/init.d/tinyproxy restart
sudo gedit /etc/crontab &
(Note it's a space after "tinyproxy" and before "restart".)
16. In crontab, add this line to bounce the tinyproxy at night so that you can kill any chance of a memory leak and make it run faster:
0 22 * * * root /etc/init.d/tinyproxy restart
Note that I did a after 22 and after the last * and after "root". Also, make certain there's a line wrap at the end of the line after "restart" or it probably won't "take". Note also I have a space between "tinyproxy" and "restart". Now save this file.
17. Now go to your kid's home PCs and change the settings in them so that they use this proxy. In my firefox, that's under a button in the Preferences dialog called "Connection Settings". Just point it to your IP address of the Linux proxy and set the port to 8888. I wouldn't bother with anything except HTTP proxy. Don't bother with SSL, FTP, all SOCKS, etc. Test this with yourself, first, of course, and see how it works. Note that your spouse might not like this proxy with amazon.com, ebay.com, or her banking sites, so you might want to put exceptions in the browser settings to not use the proxy when visiting these sites.
18. Note when you have to change your filter file, you have to restart the tinyproxy by doing:
sudo /etc/init.d/tinyproxy restart
19. When you want to debug what's going on, or simply to check up on your kids browsing habits, look in:
sudo /var/log/tinyproxy.log
20. Note that you can edit the log level to make it less verbose -- just read the info on that in your tinyproxy.conf file.
sudo gedit /etc/apt/sources.list &
2. Uncomment the universe options (temporarily) and save and quit editor.
3. Type:
sudo apt-get update
(WARNING: Ignore if Ubuntu pops open a window asking you to update your system -- if you update, you might end up pulling from the universe source and it could make your system more unstable. We'll undo this in a moment.)
sudo apt-get install tinyproxy
sudo gedit /etc/apt/sources.list &
4. Comment the universe options and save and quit the editor.
5. Type:
sudo apt-get update
sudo gedit /etc/tiny*/*.conf &
6. Uncomment these lines:
Filter "/etc/tinyproxy/filter"
FilterURLs On
7. Don't close your editor just yet. Think about your home subnet. Is it "192.168.0.x"? (In many cases this is the case if you are using Windows or are behind a Cable\DSL router. See what IP addresses your home PCs use and that should help you define your subnet. If you don't have a subnet, then that's beyond the discussion here about how to set up your own home subnet. Look elsewhere in Ubuntu Forums for that.)
8. In your tinyproxy.conf file that you're still editing, add a line like this for your current subnet, assuming it's "192.168.0.x":
Allow 192.168.0.0/24
9. The /24 stands for the "netmask". The short of it is that it allows 0-255 on the last part of the IP address, meaning, usually, your entire home subnet. I've got you going with a shortcut. If you want more help on netmasks, that's beyond the discussion here. I had to Google for it with keywords "squid and netmask" because tinyproxy and Squid use the same kind of "Allow" statement.
10. Now save your tinyproxy.conf file.
11. Type:
sudo cp /usr/share/tinyproxy/default.html /usr/share/tinyproxy/default.html.ORIGINAL
sudo gedit /usr/share/tinyproxy/default.html &
12. Now you see an HTML page. The reason I took you here is because this is the template page one sees when they have violated the proxy and gone somewhere they should not have. By default, this page is fairly ugly, and, frankly, confusing for young eyes to see. If you know a little HTML, edit this file to make it less confusing for children. Just note that this HTML is special in that it cannot load images -- it's just text you can put in here. Also watch out for the {} statements -- these are fillers that get filled in by the proxy. Now save the file when done.
13. Type:
sudo gedit /etc/tiny*/filter &
14. Now you're editing the filter file. In this part, it's actually pretty hillarious. I don't recommend you let anyone see you type this. You have to think up all the vile keywords on the planet that are not part of another word. For instance, if you look closely at the word "grapes", there's a vile word in there. The same with "advertisement" if you look close enough. So you can't filter on those kinds of vile words (that are inside "advertisement" and "grapes".) However, you can filter on other vile words. So, you can only use keywords that are not part of some other word. That discussion is beyond the discussion of this forum. And hey, if you don't have to type this vile list, but can find it on the Internet and download it, then that's your choice and will probably save you the hassle. You can also put in stuff like "http://www.dontgohere.com" for sites like "dontgohere.com" when you don't want users going there. When done, save the file.
15. Now we bounce the tinyproxy by doing:
sudo /etc/init.d/tinyproxy restart
sudo gedit /etc/crontab &
(Note it's a space after "tinyproxy" and before "restart".)
16. In crontab, add this line to bounce the tinyproxy at night so that you can kill any chance of a memory leak and make it run faster:
0 22 * * * root /etc/init.d/tinyproxy restart
Note that I did a
17. Now go to your kid's home PCs and change the settings in them so that they use this proxy. In my firefox, that's under a button in the Preferences dialog called "Connection Settings". Just point it to your IP address of the Linux proxy and set the port to 8888. I wouldn't bother with anything except HTTP proxy. Don't bother with SSL, FTP, all SOCKS, etc. Test this with yourself, first, of course, and see how it works. Note that your spouse might not like this proxy with amazon.com, ebay.com, or her banking sites, so you might want to put exceptions in the browser settings to not use the proxy when visiting these sites.
18. Note when you have to change your filter file, you have to restart the tinyproxy by doing:
sudo /etc/init.d/tinyproxy restart
19. When you want to debug what's going on, or simply to check up on your kids browsing habits, look in:
sudo /var/log/tinyproxy.log
20. Note that you can edit the log level to make it less verbose -- just read the info on that in your tinyproxy.conf file.
how to install squid proxy on ubuntu server
apt-get install squid3
edit the squid 3 configuration file in your favorite editor
sudo vi /etc/squid3/squid.conf
and set the transparency and the allowed hosts
http_port 3128 transparent
acl our_networks src 192.168.0.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet
where 192.168.0.0/24 is the IP range of local network. Probably you need adjust the swap size
cache_dir ufs /var/spool/squid3 7000 16 256
where the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by
sudo /etc/init.d/squid3 restart
For more detailed configuration read the manual of Squid or check the configuration examples on Squid wiki page.
Remember, the memory and processor usage of squid is a function of swap size.
Last but not the least we need to redirect the HTTP traffic to your new shiny proxy
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
where eth1, eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
After all, probably you feel the need to monitor the performance of your proxy. Unfortunately, most of the squid log parsers in the Ubuntu repository are configured for Squid 2.x. Nevertheless, squid 3 uses the same log format, so you can change the log file path in your parser config file (sarg, calamaris, etd.) or simply link the log directory of squid 3 to the correct path
ln -s /var/log/squid3 /var/log/squid
edit the squid 3 configuration file in your favorite editor
sudo vi /etc/squid3/squid.conf
and set the transparency and the allowed hosts
http_port 3128 transparent
acl our_networks src 192.168.0.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet
where 192.168.0.0/24 is the IP range of local network. Probably you need adjust the swap size
cache_dir ufs /var/spool/squid3 7000 16 256
where the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by
sudo /etc/init.d/squid3 restart
For more detailed configuration read the manual of Squid or check the configuration examples on Squid wiki page.
Remember, the memory and processor usage of squid is a function of swap size.
Last but not the least we need to redirect the HTTP traffic to your new shiny proxy
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
where eth1, eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
After all, probably you feel the need to monitor the performance of your proxy. Unfortunately, most of the squid log parsers in the Ubuntu repository are configured for Squid 2.x. Nevertheless, squid 3 uses the same log format, so you can change the log file path in your parser config file (sarg, calamaris, etd.) or simply link the log directory of squid 3 to the correct path
ln -s /var/log/squid3 /var/log/squid
Saturday, June 5, 2010
HOW TO INSTALL IPCOP FIREWALL
Perform the installation
Once you have your IPCop installation CD made, pop it in the CD drive of the target system and restart. The system should automatically boot into the CD (if it doesn’t, then you probably need to change the boot order in the system's BIOS so that the CD is the first device that the system tries to boot from). If you have successfully booted from the IPCop CD, you'll see the welcome screen in Figure A.
Figure A
At the welcome screen, press [Enter] to start the installation. After the installer loads, the first thing you will be prompted to do will be to select a language (Figure B).
Figure B
The next selection you will have to make involves the installation media. Choose CDROM (Figure C). You may get a message that tells you to insert the CD into the computer. It should already be there, but if not then insert it and click OK.
Figure C
The next message you get on the screen will tell you that IPCop is about to repartition the target hard drive and will tell you which drive it is going to format (e.g. /dev/hda1), as shown in Figure D. Once this operation is completed all the data on the selected disk will be wiped out, so make sure you have the correct hard disk installed in your system and that IPCop has selected it correctly.
Figure D
Once the partitioning is complete, you'll get a message asking if you would like to restore an IPCop system configuration (from a past installation), as you can see in Figure E. I assume you don't have a backup from a previous IPCop installation, but if you do, put the floppy disk in the system and select Restore. Otherwise, select Skip.
Figure E
Next, it's time to start the preliminary network configuration. You will be prompted to configure the GREEN (internal network) interface (Figure F). Click Probe.
Figure F
IPCop shouldn’t have any trouble identifying your network adapters (especially if you’re using 3Com NICs, as I recommended). You'll get a message telling you the vendor name of the NIC that IPCop identified as the GREEN interface, and then you will be prompted to enter a static IP address (Figure G).
Figure G
After you set the IP address and subnet mask of IPCop's GREEN interface, the installation will spit out the IPCop CD and you will get a message telling you that the installation was successful, but that there are a few more steps to complete (Figure H). Remove the CD and select OK.
Figure H
You'll then be prompted to select the keyboard type that you are using and select your time zone. Then you select a hostname for the IPCop machine (Figure I). The default is "ipcop" (which I would recommend changing so that you don't simply give away its identity to potential attackers).
Figure I
The ISDN Configuration Menu pops up next (Figure J). This is only needed if you have an internal ISDN card. If you do want to use ISDN, I would recommend using a separate ISDN router and then connecting its network interface to the RED interface of IPCop. On this menu, simply select Disable ISDN.
Figure J
You are now prompted with the Network Configuration Menu (Figure K). Highlight Network Configuration Type, then press [Tab] to select OK and press [Enter].
Figure K
In the Network Configuration Type Menu (Figure L), select GREEN+RED to set up a standard firewall in which one network adapter goes to the internal network (GREEN) and the other adapter connects to the Internet (RED).
Figure L
After you select GREEN+RED, you'll go back to the Network Configuration Menu in Figure K. This time you should select Drivers And Card Assignments, then tab over to OK and press [Enter]. You'll receive a screen that shows the current card assignments and asks if you want to make changes (Figure M). Click OK and IPCop will probe for your NICs and attempt to allocate the second NIC to the RED interface.
Figure M
Once that's complete, you'll return to the Network Configuration Menu (Figure K) again. This time you should select Address Settings, and then you'll be prompted to select the appropriate interface (Figure N). You should select RED.
Figure N
This will lead you to the RED interface configuration screen. It looks similar to the GREEN interface configuration screen back in Figure F, except that you have four selections at the top: Static, DHCP, PPPOE, and PPTP. In most cases, this basically comes down to a choice between Static and DHCP, and it simply depends on whether your ISP has assigned you a static IP address or if the address is assigned automatically via DHCP. If the answer is DHCP, highlight that option and press the spacebar to select it. If it is Static, you'll also need to enter the IP address and subnet mask.
When you're finished and you select OK, you'll return to the Network Configuration Menu. If you are using DHCP on the RED interface, you can select Done. However, if you have a static IP address, you need to select DNS And Gateway Settings, which will provide a screen for you to enter two DNS servers and a default gateway (Figure O).
Figure O
Select Done, and you will then be prompted with the DHCP Server Configuration (Figure P) dialog box. IPCop can act as a DHCP server for the internal network (via the GREEN interface). If you would like to use IPCop as a DHCP server, simply press the spacebar to select Enabled, then enter the range of addresses you would like to allocate and fill in other DHCP settings.
Figure P
After you're done with the DHCP server configuration, you will be prompted to enter passwords (Figure Q) for three users: root, setup, and admin. The root account is for console access, the setup account is for getting back into the installation menus, and the admin account is for logging into the Web administration interface.
Figure Q
Once you have entered the passwords, you will receive a message that says Setup is complete (Figure R). Click OK to reboot the IPCop server.
Figure R
Confirm that it works
After the IPCop firewall restarts and is ready to go, you'll hear a unique series of three beeps that tells you IPCop is now live. The first test you should run is to open up a command prompt from a machine on the same internal network as the GREEN interface of IPCop and try to ping the IP address of IPCop's GREEN interface.
If that works, then you can open up a Web browser and connect to IPCop's Web administration module. You can connect via HTTP or HTTPS and you can use either the IP address or the hostname of the GREEN interface, but you have to append specific port numbers (81 for HTTP and 445 for HTTPS). For example, these four URLs demonstrate the format:
http://ipcop:81
https://ipcop:445
http://192.168.1.1:81
https://192.168.1.1:445
Obviously, you should replace ipcop and 192.168.1.1 with the hostname or IP address that you assigned for your firewall. When you successfully connect to the Web interface, you see the screen in Figure S. When you click the menu items on the left navigation bar (e.g. Information, Logs, System) you'll be prompted for a username and password. You should use the "admin" username along with the password you assigned to it.
how to install advanced-proxy
go to below links
http://www.advproxy.net/download.html
how to install urlfilter tab
go to below links
http://www.urlfilter.net/download.html
some installation commands the below line:-
http://www.advproxy.net/faq.html
Once you have your IPCop installation CD made, pop it in the CD drive of the target system and restart. The system should automatically boot into the CD (if it doesn’t, then you probably need to change the boot order in the system's BIOS so that the CD is the first device that the system tries to boot from). If you have successfully booted from the IPCop CD, you'll see the welcome screen in Figure A.
Figure A
At the welcome screen, press [Enter] to start the installation. After the installer loads, the first thing you will be prompted to do will be to select a language (Figure B).
Figure B
The next selection you will have to make involves the installation media. Choose CDROM (Figure C). You may get a message that tells you to insert the CD into the computer. It should already be there, but if not then insert it and click OK.
Figure C
The next message you get on the screen will tell you that IPCop is about to repartition the target hard drive and will tell you which drive it is going to format (e.g. /dev/hda1), as shown in Figure D. Once this operation is completed all the data on the selected disk will be wiped out, so make sure you have the correct hard disk installed in your system and that IPCop has selected it correctly.
Figure D
Once the partitioning is complete, you'll get a message asking if you would like to restore an IPCop system configuration (from a past installation), as you can see in Figure E. I assume you don't have a backup from a previous IPCop installation, but if you do, put the floppy disk in the system and select Restore. Otherwise, select Skip.
Figure E
Next, it's time to start the preliminary network configuration. You will be prompted to configure the GREEN (internal network) interface (Figure F). Click Probe.
Figure F
IPCop shouldn’t have any trouble identifying your network adapters (especially if you’re using 3Com NICs, as I recommended). You'll get a message telling you the vendor name of the NIC that IPCop identified as the GREEN interface, and then you will be prompted to enter a static IP address (Figure G).
Figure G
After you set the IP address and subnet mask of IPCop's GREEN interface, the installation will spit out the IPCop CD and you will get a message telling you that the installation was successful, but that there are a few more steps to complete (Figure H). Remove the CD and select OK.
Figure H
You'll then be prompted to select the keyboard type that you are using and select your time zone. Then you select a hostname for the IPCop machine (Figure I). The default is "ipcop" (which I would recommend changing so that you don't simply give away its identity to potential attackers).
Figure I
The ISDN Configuration Menu pops up next (Figure J). This is only needed if you have an internal ISDN card. If you do want to use ISDN, I would recommend using a separate ISDN router and then connecting its network interface to the RED interface of IPCop. On this menu, simply select Disable ISDN.
Figure J
You are now prompted with the Network Configuration Menu (Figure K). Highlight Network Configuration Type, then press [Tab] to select OK and press [Enter].
Figure K
In the Network Configuration Type Menu (Figure L), select GREEN+RED to set up a standard firewall in which one network adapter goes to the internal network (GREEN) and the other adapter connects to the Internet (RED).
Figure L
After you select GREEN+RED, you'll go back to the Network Configuration Menu in Figure K. This time you should select Drivers And Card Assignments, then tab over to OK and press [Enter]. You'll receive a screen that shows the current card assignments and asks if you want to make changes (Figure M). Click OK and IPCop will probe for your NICs and attempt to allocate the second NIC to the RED interface.
Figure M
Once that's complete, you'll return to the Network Configuration Menu (Figure K) again. This time you should select Address Settings, and then you'll be prompted to select the appropriate interface (Figure N). You should select RED.
Figure N
This will lead you to the RED interface configuration screen. It looks similar to the GREEN interface configuration screen back in Figure F, except that you have four selections at the top: Static, DHCP, PPPOE, and PPTP. In most cases, this basically comes down to a choice between Static and DHCP, and it simply depends on whether your ISP has assigned you a static IP address or if the address is assigned automatically via DHCP. If the answer is DHCP, highlight that option and press the spacebar to select it. If it is Static, you'll also need to enter the IP address and subnet mask.
When you're finished and you select OK, you'll return to the Network Configuration Menu. If you are using DHCP on the RED interface, you can select Done. However, if you have a static IP address, you need to select DNS And Gateway Settings, which will provide a screen for you to enter two DNS servers and a default gateway (Figure O).
Figure O
Select Done, and you will then be prompted with the DHCP Server Configuration (Figure P) dialog box. IPCop can act as a DHCP server for the internal network (via the GREEN interface). If you would like to use IPCop as a DHCP server, simply press the spacebar to select Enabled, then enter the range of addresses you would like to allocate and fill in other DHCP settings.
Figure P
After you're done with the DHCP server configuration, you will be prompted to enter passwords (Figure Q) for three users: root, setup, and admin. The root account is for console access, the setup account is for getting back into the installation menus, and the admin account is for logging into the Web administration interface.
Figure Q
Once you have entered the passwords, you will receive a message that says Setup is complete (Figure R). Click OK to reboot the IPCop server.
Figure R
Confirm that it works
After the IPCop firewall restarts and is ready to go, you'll hear a unique series of three beeps that tells you IPCop is now live. The first test you should run is to open up a command prompt from a machine on the same internal network as the GREEN interface of IPCop and try to ping the IP address of IPCop's GREEN interface.
If that works, then you can open up a Web browser and connect to IPCop's Web administration module. You can connect via HTTP or HTTPS and you can use either the IP address or the hostname of the GREEN interface, but you have to append specific port numbers (81 for HTTP and 445 for HTTPS). For example, these four URLs demonstrate the format:
http://ipcop:81
https://ipcop:445
http://192.168.1.1:81
https://192.168.1.1:445
Obviously, you should replace ipcop and 192.168.1.1 with the hostname or IP address that you assigned for your firewall. When you successfully connect to the Web interface, you see the screen in Figure S. When you click the menu items on the left navigation bar (e.g. Information, Logs, System) you'll be prompted for a username and password. You should use the "admin" username along with the password you assigned to it.
how to install advanced-proxy
go to below links
http://www.advproxy.net/download.html
how to install urlfilter tab
go to below links
http://www.urlfilter.net/download.html
some installation commands the below line:-
http://www.advproxy.net/faq.html
INFORMATTION OF NAKSHATRA TECHNOLOGY
Hi I am PRASHANT, created this blog in 2010 specially for IT information. Some information about NAKSHATRA TECHNOLOGY is, this is group of friend who is working in IT field. They are decided and open a firm that is name is NAKHATRA TECHNOLOGY. This firm doing works like implement network, Assembling and troubleshot of PC, maintain the PC.
Subscribe to:
Posts (Atom)