Saturday, September 27, 2008

Install ipp2p di Ubuntu Hardy (8.04) Server

Traffik p2p yang berada pada layer 7 TCP/IP tidak dapat di blok begitu saja menggunakan iptables yang terinstall di ubuntu dapper. Untuk mem-filter paket-paket p2p diperlukan plugin tambahan pada netfilter diantaranya ipp2p yang dapat diperoleh dari http://www.ipp2p.org/

Setelah coba cari-cari kesana kemari barangkali sudah ada paket deb dari ipp2p ternyata hasilnya nihil. Jadi untuk menginstall ipp2p mau tidak mau harus di compile sendiri.

# apt-get install build-essential

# apt-get install linux-headers

# apt-get install iptables-dev

ambil source dari kernel dan iptables

# apt-get install linux-source

# apt-get source iptables

silakan sesuaikan versi kernel dengan yang Anda gunakan. source kernel hasil apt-get ada di /usr/src/linux-source-2.6.24.tar.bz2 silakan di ekstrak

# cd /usr/src $sudo tar xvjf linux-source-2.6.24.tar.bz2

dan buat symbolic link /usr/src/linux ke hasil ekstract tadi

# sudo ln -s /usr/src/linux-source-2.6.24 /usr/src/linux

Source iptables hasil apt-get ada di folder yang aktif. copy dan ekstrak ke /usr/src sehingga didapat folder /usr/src/iptables-1.3.8.0debian1 persiapan sudah selesai, silakan unduh source ipp2p dari http://ipp2p.org/downloads/ipp2p-0.8.2.tar.gz  dan juga file patchnya! (ini penting untuk menghindari error seperti ini) 

make -C /lib/modules/2.6.24-19-server/build SUBDIRS=/usr/src/ipp2p-0.8.2 modules

make[1]: Entering directory `/usr/src/linux-headers-2.6.24-19-server'

  CC [M]  /usr/src/ipp2p-0.8.2/ipt_ipp2p.o

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c: In function âmatchâ:

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c:751: error: âconst struct sk_buffâ has no member named ânhâ

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c: At top level:

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c:871: warning: initialization from incompatible pointer type

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c:874: warning: initialization from incompatible pointer type

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c: In function âinitâ:

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c:883: error: implicit declaration of function âipt_register_matchâ

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c: In function âfiniâ:

/usr/src/ipp2p-0.8.2/ipt_ipp2p.c:888: error: implicit declaration of function âipt_unregister_matchâ

make[2]: *** [/usr/src/ipp2p-0.8.2/ipt_ipp2p.o] Error 1

make[1]: *** [_module_/usr/src/ipp2p-0.8.2] Error 2

make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-19-server'

make: *** [ipt_ipp2p.ko] Error 2

Pertama download file ipp2p

# wget http://ipp2p.org/downloads/ipp2p-0.8.2.tar.gz

Selanjutnya download file patch

# wget http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-firewall/ipp2p/files/ipp2p-0.8.2-kernel-2.6.22.patch

# tar xvzf ipp2p-0.8.2.tar.gz

# cd ipp2p-0.8.2

Sebelum dicompile, harus ada baris yang diedit terlebih dahulu di makefilenya

# vi Makefile 

Cari baris ini: ld -shared -o libipt_ipp2p.so libipt_ipp2p.o
Kemudian ganti dengan ini: $(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o

# patch -p1 <../ipp2p-0.8.2-kernel-2.6.22.patch

patching file ipt_ipp2p.c

Selanjutnya kompile ipp2p

# make

make -C /lib/modules/2.6.24-19-server/build SUBDIRS=/usr/src/ipp2p-0.8.2 modules

make[1]: Entering directory `/usr/src/linux-headers-2.6.24-19-server'

  CC [M]  /usr/src/ipp2p-0.8.2/ipt_ipp2p.o

  Building modules, stage 2.

  MODPOST 1 modules

  CC      /usr/src/ipp2p-0.8.2/ipt_ipp2p.mod.o

  LD [M]  /usr/src/ipp2p-0.8.2/ipt_ipp2p.ko

make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-19-server'

gcc -O3 -Wall -DIPTABLES_VERSION=\"1.3.8\" -I/usr/src/iptables-1.3.8/include -fPIC -c libipt_ipp2p.c

gcc -shared -o libipt_ipp2p.so libipt_ipp2p.o


Setelah selesai, ini adalah isi dari direktori ipp2p

# ls

COPYING      ipt_ipp2p.ko     ipt_ipp2p.o     libipt_ipp2p.so  README

ipt_ipp2p.c  ipt_ipp2p.mod.c  libipt_ipp2p.c  Makefile

ipt_ipp2p.h  ipt_ipp2p.mod.o  libipt_ipp2p.o  Module.symvers

Copy file tersebut ke library iptables

# cp libipt_ipp2p.so /lib/iptables
# cp ipt_ipp2p.ko /lib/modules/`uname -r`/kernel/net/ipv4/netfilter

lalu jalankan depmod

# depmod -a

silakan test apakah sudah bisa digunakan

$ sudo iptables -m ipp2p –-help

kalo udah ada, silakan baca manual untuk menggunakannya ^_^ untuk mengucapkan selamat tinggal pada paket2 p2p silakan ketikkan:

$sudo iptables -A FORWARD -m ipp2p –ipp2p -j DROP

referensi:




6 comments:

rei said...

hi andrew..im inviting you to promote you blog in new social blog directory, please visit http://www.bloggerunited.com, cheers

kombes.com said...

Wah master linux semua nich disini, bantuin dunk temen2 lainnya di Forum : http://forum.kombes.com/forumdisplay.php?f=62 (Linux Forum) Thanks yach

Cristian said...

SUPERB!!!
Your post is excelent!
It should be on the Ubuntu forums.
I looked for a how to for ipp2p for the last week and nothing.

Excelent post again.
You should translate it in English too.
If all works as it should with ipp2p, I promise I'll post again to confirm. ;)
Thank you!

Cristian said...

It is working.
Although ipp2p does not completley block today's p2p aplications.
It can be used to block and log all packets.
Then you can check from time to time who's using p2p.

Anyway, thank you.

Andrew Pakpahan said...

Thanx for the compliment. You can read my Indonesian's writed blogs using google language tools though.

I'm not really using this ipp2p thing currently. Cause mikrotik system could handle this more easily. Then I could combine it with the traffic shaper. You should try it.

pujo_85 said...

ijin nampilin di blog saya ya mas