Coder Social home page Coder Social logo

jarkom-modul-5-b08-2023's Introduction

Praktikum 5 Jaringan Komputer B08 2023

Nama NRP Kelas
Adrian Karuna Soetikno 5025211019 Jarkom B
Thariq Agfi Hermawan 5025211215 Jarkom B

Contents

Subnetting

Subnetting

IP Distribution

Tree

Pembagian IP - Tree

IP Table

Nama Subnet Rute Jumlah IP Netmask
A1 Fern - Switch1 - Revolte 2 /30
A2 Fern - Richter 2 /30
A3 Himmel - Switch1 - Fern - SchwerMountain 66 /25
A4 Himmel - LaubHills 256 /23
A5 Frieren - Himmel 2 /30
A6 Frieren - Stark 2 /30
A7 Aura - Frieren 2 /30
A8 Aura - Heiter 2 /30
A9 Heiter - TurkRegion 1023 /21
A10 Heiter - Switch3 - Sein - GrobeForest 514 /22
Total (10 Subnet) 1871 /20

Assigning IP from Subnet

Subnet Node IP Netmask Length NID Broadcast
A1 Fern 192.182.0.1 255.255.255.252 /30 192.182.0.0 192.182.0.3
Revolte 192.182.0.2 255.255.255.252 /30 192.182.0.0 192.182.0.3
A2 Fern 192.182.0.5 255.255.255.252 /30 192.182.0.4 192.182.0.7
Richter 192.182.0.6 255.255.255.252 /30 192.182.0.4 192.182.0.7
A4 Himmel 192.182.2.1 255.255.254.0 /23 192.182.2.0 192.182.3.255
LaubHills 192.182.2.2 - 192.182.3.255 255.255.254.0 /23 192.182.2.0 192.182.3.255
A5 Frieren 192.182.0.13 255.255.255.252 /30 192.182.0.12 192.182.0.15
Himmel 192.182.0.14 255.255.255.252 /30 192.182.0.12 192.182.0.15
A6 Frieren 192.182.0.17 255.255.255.252 /30 192.182.0.16 192.182.0.19
Stark 192.182.0.18 255.255.255.252 /30 192.182.0.16 192.182.0.19
A7 Aura 192.182.0.21 255.255.255.252 /30 192.182.0.20 192.182.0.23
Frieren 192.182.0.22 255.255.255.252 /30 192.182.0.20 192.182.0.23
A8 Aura 192.182.0.25 255.255.255.252 /30 192.182.0.24 192.182.0.27
Heiter 192.182.0.26 255.255.255.252 /30 192.182.0.24 192.182.0.27
A9 Heiter 192.182.8.1 255.255.248.0 /21 192.182.8.0 192.182.15.255
Turk Region 192.182.8.2 - 192.182.15.255 255.255.248.0 /21 192.182.8.0 192.182.15.255
A10 Heiter 192.182.4.1 255.255.252.0 /22 192.182.4.0 192.182.7.255
Sein 192.182.4.2 255.255.252.0 /22 192.182.4.0 192.182.7.255
Grobe Forest 192.182.4.3 - 192.182.7.255 255.255.252.0 /22 192.182.4.0 192.182.7.255
A3 Himmel 192.182.0.129 255.255.255.128 /25 192.182.0.128 192.182.0.255
Fern 192.182.0.130 255.255.255.128 /25 192.182.0.128 192.182.0.255
SchwerMountain 192.182.0.131 255.255.255.128 /25 192.182.0.128 192.182.0.255

Topology Setup

Topoloy

Node Configuration

Client Configuration

Revolte

auto eth0
iface eth0 inet static
address 192.182.0.2
netmask 255.255.255.252
gateway 192.182.0.1

Richter

auto eth0
iface eth0 inet static
address 192.182.0.6
netmask 255.255.255.252
gateway 192.182.0.5

SchwerMountain

auto eth0
iface eth0 inet dhcp
address 192.182.0.131
netmask 255.255.255.128
gateway 192.182.0.129

LaubHills

auto eth0
iface eth0 inet dhcp
address 192.182.2.2
netmask 255.255.254.0
gateway 192.182.2.1

Stark

auto eth0
iface eth0 inet static
address 192.182.0.18
netmask 255.255.255.252
gateway 192.182.0.17

TurkRegion

auto eth0
iface eth0 inet dhcp
address 192.182.8.2
netmask 255.255.248.0
gateway 192.182.8.1

Sein

auto eth0
iface eth0 inet static
address 192.182.4.2
netmask 255.255.252.0
gateway 192.182.4.1

GrobeForest

auto eth0
iface eth0 inet dhcp
address 192.182.4.3
netmask 255.255.252.0
gateway 192.182.4.1

Router Configuration

Fern

auto lo
iface lo inet loopback

auto eth2
iface eth2 inet static
address 192.182.0.1
netmask 255.255.255.252
gateway 192.182.0.129

auto eth1
iface eth1 inet static
address 192.182.0.5
netmask 255.255.255.252

auto eth0
iface eth0 inet static
address 192.182.0.130
netmask 255.255.255.128

Himmel

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.182.0.14
netmask 255.255.255.252
gateway 192.182.0.13

auto eth1
iface eth1 inet static
address 192.182.2.1
netmask 255.255.254.0

auto eth2
iface eth2 inet static
address 192.182.0.129
netmask 255.255.255.128

Frieren

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.182.0.22
netmask 255.255.255.252
gateway 192.182.0.21

auto eth1
iface eth1 inet static
address 192.182.0.17
netmask 255.255.255.252

auto eth2
iface eth2 inet static
address 192.182.0.13
netmask 255.255.255.252

Heiter

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.182.0.26
netmask 255.255.255.252
gateway 192.182.0.25

auto eth1
iface eth1 inet static
address 192.182.8.1
netmask 255.255.248.0

auto eth2
iface eth2 inet static
address 192.182.4.1
netmask 255.255.252.0

Aura

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.182.0.25
netmask 255.255.255.252


auto eth2
iface eth2 inet static
address 192.182.0.21
netmask 255.255.255.252

Node Routing

Fern

echo nameserver 192.168.122.1 > /etc/resolv.conf
route add -net 192.182.0.0 netmask 255.255.255.252 gw 192.182.0.1
route add -net 192.182.0.4 netmask 255.255.255.252 gw 192.182.0.5

Himmel

echo nameserver 192.168.122.1 > /etc/resolv.conf
route add -net 192.182.2.0 netmask 255.255.254.0 gw 192.182.2.1
route add -net 192.182.0.128 netmask 255.255.255.128 gw 192.182.0.129
route add -net 192.182.0.0 netmask 255.255.255.252 gw 192.182.0.130
route add -net 192.182.0.4 netmask 255.255.255.252 gw 192.182.0.130

Frieren

echo nameserver 192.168.122.1 > /etc/resolv.conf
route add -net 192.182.0.16 netmask 255.255.255.252 gw 192.182.0.17
route add -net 192.182.0.12netmask 255.255.255.252 gw 192.182.0.14
route add -net 192.182.2.0 netmask 255.255.254.0 gw 192.182.0.14
route add -net 192.182.0.128 netmask 255.255.255.128 gw 192.182.0.14
route add -net 192.182.0.0 netmask 255.255.255.252 gw 192.182.0.14
route add -net 192.182.0.4 netmask 255.255.255.252 gw 192.182.0.14

Heiter

echo nameserver 192.168.122.1 > /etc/resolv.conf
route add -net 192.182.4.0  netmask 255.255.252.0 gw 192.182.4.1
route add -net 192.182.8.0  netmask 255.255.248.0  gw 192.182.8.1

Aura

# Heiter
route add -net 192.182.4.0  netmask 255.255.252.0 gw 192.182.0.26
route add -net 192.182.8.0  netmask 255.255.248.0  gw 192.182.0.26
route add -net 192.182.0.24  netmask 255.255.255.252 gw 192.182.0.26

# Frieren
route add -net 192.182.0.20 netmask 255.255.255.252 gw 192.182.0.22
route add -net 192.182.0.16 netmask 255.255.255.252 gw 192.182.0.22
route add -net 192.182.0.12netmask 255.255.255.252 gw 192.182.0.22
route add -net 192.182.2.0 netmask 255.255.254.0 gw 192.182.0.22
route add -net 192.182.0.128 netmask 255.255.255.128 gw 192.182.0.22
route add -net 192.182.0.0 netmask 255.255.255.252 gw 192.182.0.22
route add -net 192.182.0.4 netmask 255.255.255.252 gw 192.182.0.22

Soal

  1. Agar topologi yang kalian buat dapat mengakses keluar, kalian diminta untuk mengkonfigurasi Aura menggunakan iptables, tetapi tidak ingin menggunakan MASQUERADE.
  • Aura
ETH0_IP=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $ETH0_IP

Karena kita menggunakan IP DHCP sebagai sebagai jalur keluar ke internet, maka kita harus mengambil IP dari eth0 aura sebagai jalur keluar. ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' akan mereturn IP dari eth0 Aura

Selanjutnya, untuk menyambungkan ke nat, maka kita masukkan ke NAT Table dengan POSTROUTING chain : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $ETH0_IP

Hasil

IP Aura

  1. Kalian diminta untuk melakukan drop semua TCP dan UDP kecuali port 8080 pada TCP.
  • GrobeForest, Stark, and Sein
echo 'nameserver 192.168.122.1' > /etc/resolv.conf

apt-get update
apt-get install netcat -y

# Menolak semua koneksi TCP kecuali port 8080
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -j DROP

# Menolak semua koneksi UDP
iptables -A INPUT -p udp -j DROP

Hasil

ketika membuka Port 8080 :

no-2-8080.mp4

Membuka port lain :

no-2-40.mp4
  1. Kepala Suku North Area meminta kalian untuk membatasi DHCP dan DNS Server hanya dapat dilakukan ping oleh maksimal 3 device secara bersamaan, selebihnya akan di drop.
  • Revolte & Richter (DHCP server & DNS Server)
# Allow established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Limit ICMP connections to 3 per second
iptables -A INPUT -p icmp -m connlimit --connlimit-above 3 --connlimit-mask 0 -j DROP
  • --connlimit-above 3 adalah parameter menentukan batas koneksi yang terhubung
  • --connlimit-mask 0 adalah parameter menentukan mask

Hasil

no-3.mp4
  1. Lakukan pembatasan sehingga koneksi SSH pada Web Server hanya dapat dilakukan oleh masyarakat yang berada pada GrobeForest.
  • Sein & Stark (Web Server)
iptables -A INPUT -p tcp --dport 22 -s 192.182.4.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Hasil

no-4.mp4
  1. Selain itu, akses menuju WebServer hanya diperbolehkan saat jam kerja yaitu Senin-Jumat pada pukul 08.00-16.00.
  • Sein & Stark (Web Server)
# Izinkan akses ke Web Server pada senin-jumat pukul 08:00-16:00
iptables -A INPUT -p tcp --dport 80 -m time --timestart 08:00 --timestop 16:00 --weekdays Mon,Tue,Wed,Thu,Fri -j ACCEPT

Hasil

no-5-6.mp4
  1. Lalu, karena ternyata terdapat beberapa waktu di mana network administrator dari WebServer tidak bisa stand by, sehingga perlu ditambahkan rule bahwa akses pada hari Senin - Kamis pada jam 12.00 - 13.00 dilarang (istirahat maksi cuy) dan akses di hari Jumat pada jam 11.00 - 13.00 juga dilarang (maklum, Jumatan rek).
  • Konfigurasi Sein & Stark (Web Server)
# Larangan Akses pada hari Senin-Kamis jam 12:00 - 13:00
iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00 --timestop 13:00 --weekdays Mon,Tue,Wed,Thu -j DROP

# Larangan akses pada hari jumat pada 11:00 - 13:00
iptables -A INPUT -p tcp --dport 80 -m time --timestart 11:00 --timestop 13:00 --weekdays Fri -j DROP

Hasil

no-5-6.mp4
  1. Karena terdapat 2 WebServer, kalian diminta agar setiap client yang mengakses Sein dengan Port 80 akan didistribusikan secara bergantian pada Sein dan Stark secara berurutan dan request dari client yang mengakses Stark dengan port 443 akan didistribusikan secara bergantian pada Sein dan Stark secara berurutan.
  • Sein
# Soal 7
iptables -A PREROUTING -t nat -p tcp -d 192.182.4.2 --dport 80 -m statistics --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.182.4.2:80

iptables -A PREROUTING -t nat -p tcp -d 192.182.4.2 --dport 80 -j DNAT --to-destination 192.182.0.14:80
  • Stark
# Soal 7
iptables -A PREROUTING -t nat -p tcp -d 192.182.0.4 --dport 443 -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.182.4.2:443

iptables -A PREROUTING -t nat tcp -d 192.182.0.4 --dport 443 -j DNAT --to-destination 192.182.0.14:443
  1. Karena berbeda koalisi politik, maka subnet dengan masyarakat yang berada pada Revolte dilarang keras mengakses WebServer hingga masa pencoblosan pemilu kepala suku 2024 berakhir. Masa pemilu (hingga pemungutan dan penghitungan suara selesai) kepala suku bersamaan dengan masa pemilu Presiden dan Wakil Presiden Indonesia 2024.
  • Sein
### apabila ingin meng-drop TCP 
iptables -A INPUT -p tcp -s 192.182.0.2 --dport 80 -m time --datestart 2023-10-19T00:00 --datestop 2024-02-15T00:00 -j DROP

### namun ingin drop semua, bisa digunakan :
iptables -A INPUT -s 192.182.0.2 -m time --datestart 2023-10-19T00:00 --datestop 2024-02-15T00:00 -j DROP
Screenshot 2023-12-16 at 01 27 30
  1. Sadar akan adanya potensial saling serang antar kubu politik, maka WebServer harus dapat secara otomatis memblokir alamat IP yang melakukan scanning port dalam jumlah banyak (maksimal 20 scan port) di dalam selang waktu 10 menit. (clue: test dengan nmap)
  • Sein
# Soal No 9
iptables -A INPUT -p tcp --syn -m recent --name portscan --set
iptables -A INPUT -p tcp --syn -m recent --name portscan --rcheck --seconds 600 --hitcount  20  -j  DROP
  • Stark
# Soal No 9
iptables -N PORTSCAN
iptables -A PORTSCAN -m recent --set --name portscan
iptables -A PORTSCAN -m recent --update --seconds 600 --hitcount 20 --name portscan -j LOG --log-prefix "Portscan Detected: " --log-level 4
iptables -A PORTSCAN -m recent --update --seconds 600 --hitcount 20 --name portscan -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 2/s -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j PORTSCAN
  1. Karena kepala suku ingin tau paket apa saja yang di-drop, maka di setiap node server dan router ditambahkan logging paket yang di-drop dengan standard syslog level.

logging dapat ditambahkan dengan syntax iptables berikut yang dijalankan di semua node server dan router

iptables -A INPUT -j LOG --log-level debug --log-prefix "Dropped Packet: " -m limit --limit 1/second --limit-burst 10
Screenshot 2023-12-16 at 01 41 57

dapat dilihat, pada server sein, telah ditambahkan rules tentang log dengan prefix "paket didrop:"

jarkom-modul-5-b08-2023's People

Contributors

thoriqagfi avatar adrian0429 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.