Monday, February 02, 2009

Firewall Mikrotik Hotspot Gateway

Catatan :

1. Lan card ada 2
2. Alokasi IP address pada Mikrotik Hotspot Gateway :
- to_hotspot ip public
- to_hotspot 10.10.0.1/16

/ip firewall filter add chain=block-forward action=accept protocol=icmp icmp-options=8:0 limit=1,0 comment=”Allow ICMP”

/ip firewall filter add chain=block-forward action=log tcp-flags=syn protocol=tcp limit=5/1m,0 log-prefix=”Firewalled packet:” comment=”# Log Forward”

/ip firewall filter add chain=block-forward action=log protocol=icmp icmp-options=8:0 limit=10/1h,0 log-prefix=”PING of Death ???” comment=”# Log PING of Death”

/ip firewall filter add chain=block-forward action=drop src-address=169.254.0.0/16 comment=”# Block bad IP address”

/ip firewall filter add chain=block-forward action=drop src-address=224.0.0.0/3

/ip firewall filter add chain=block-forward action=drop src-address=224.0.0.0/4

/ip firewall filter add chain=block-forward action=drop src-address=240.0.0.0/5

/ip firewall filter add chain=block-forward action=drop src-address=248.0.0.0/5

/ip firewall filter add chain=block-forward action=drop src-address=255.255.255.255

/ip firewall filter add chain=block-forward action=drop connection-state=invalid comment=”# Drop invalid connections”

/ip firewall filter add chain=block-input action=accept protocol=icmp icmp-options=8:0 limit=5,0 comment=”# Allow ICMP”

/ip firewall filter add chain=block-input action=log protocol=icmp icmp-options=8:0 limit=10/1h,0 log-prefix=”PING of Death ???” comment=”# Log PING of Death”

/ip firewall filter add chain=block-input action=log tcp-flags=syn protocol=tcp limit=5/1m,0 log-prefix=”Firewalled packet:” comment=”# Log input”

/ip firewall filter add chain=block-input action=drop protocol=icmp comment=”# Block PING of Death”

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=10.0.0.0/8 comment=”# Interface facing Public Internet Inbound Section RFC 1918″

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=202.91.11.6

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=192.168.0.0/16

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=202.91.8.160/29

/ip firewall filter add chain=block-input action=drop src-address=0.0.0.0/8

/ip firewall filter add chain=input action=jump jump-target=block-input comment=”# Jump to block-input”

/ip firewall filter add chain=forward action=jump jump-target=block-forward comment=”# Jump to block-forward”

/ip firewall filter add chain=forward action=jump jump-target=block-ddos protocol=udp comment=”# Jump to block-ddos”

/ip firewall filter add chain=forward action=jump jump-target=block-service comment=”# Jump to block-service”

/ip firewall filter add chain=block-service action=drop p2p=all-p2p comment=”# Block ports you don’t want it insert here ..:: drop p2p ::..”

/ip firewall filter add chain=block-service action=drop out-interface=to_internet dst-port=5050 protocol=tcp comment=”..:: drop yahoo messenger ::..”

/ip firewall filter add chain=block-service action=drop out-interface=to_internet dst-port=6666-7000 protocol=tcp comment=”..:: drop irc ::..”

/ip firewall filter add chain=block-input action=drop src-address=127.0.0.0/8

/ip firewall filter add chain=block-input action=drop src-address=169.254.0.0/16

/ip firewall filter add chain=block-input action=drop src-address=172.16.0.0/12

/ip firewall filter add chain=block-input action=drop src-address=192.0.2.0/24

/ip firewall filter add chain=block-input action=drop src-address=204.152.64.0/23

/ip firewall filter add chain=block-input action=drop src-address=224.0.0.0/3

/ip firewall filter add chain=block-input action=drop src-address=224.0.0.0/4

/ip firewall filter add chain=block-input action=drop src-address=240.0.0.0/5

/ip firewall filter add chain=block-input action=drop src-address=248.0.0.0/5

/ip firewall filter add chain=block-input action=drop src-address=255.255.255.255

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=202.91.8.167 comment=”# Block Smurf Attack on all interface”

/ip firewall filter add chain=block-input action=drop in-interface=to_internet src-address=202.91.11.7

/ip firewall filter add chain=block-input action=drop in-interface=to_hotspot src-address=10.10.255.255

/ip firewall filter add chain=block-input action=drop in-interface=to_proxy src-address=192.168.100.255

/ip firewall filter add chain=block-input action=drop dst-port=113 protocol=tcp comment=”# Block Ident”

/ip firewall filter add chain=block-input action=drop fragment=yes comment=”# Block IP Frags”

/ip firewall filter add chain=block-input action=drop ipv4-options=loose-source-routing comment=”# Blocked source routed packets lsrr and ssrr”

/ip firewall filter add chain=block-input action=drop ipv4-options=strict-source-routing

/ip firewall filter add chain=block-input action=reject reject-with=tcp-reset in-interface=to_internet dst-port=80 protocol=tcp comment=”# Reject connection from internet to port 80”

/ip firewall filter add chain=block-forward action=reject reject-with=tcp-reset tcp-flags=syn,ack connection-state=new protocol=tcp comment=”# Reject Bad TCP”

/ip firewall filter add chain=block-forward action=drop protocol=icmp comment=”# Block PING of Death”

/ip firewall filter add chain=block-input action=drop in-interface=to_internet dst-port=23 protocol=tcp comment=”# Block Telnet come from Internet”

/ip firewall filter add chain=block-input action=drop in-interface=to_hotspot dst-port=23 protocol=tcp comment=”# Block Telnet come from Hotspot”

/ip firewall filter add chain=block-forward action=drop dst-port=137-139 protocol=tcp comment=”# Block Netbios Sessions tcp”

/ip firewall filter add chain=block-input action=drop dst-port=137-139 protocol=tcp comment=”# Block Netbios Sessions tcp”

/ip firewall filter add chain=block-input action=drop dst-port=137-139 protocol=udp comment=”# Block Netbios Sessions udp”

/ip firewall filter add chain=block-forward action=drop dst-port=135-139 protocol=udp comment=”# Block Netbios Sessions udp”

/ip firewall filter add chain=block-ddos action=return limit=16,32

/ip firewall filter add chain=block-ddos action=log log-prefix=”DDOS ATTACK:”

/ip firewall filter add chain=block-ddos action=drop limit=16,32

/ip firewall filter add chain=input action=jump jump-target=block-ddos protocol=udp comment=”# Jump to block-ddos”

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,!ack protocol=tcp comment=”# tcp-flags jumpt to bad-flags”

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=psh,!ack protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=urg,!ack protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,rst protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,syn protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=syn,rst protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,syn,rst,psh,ack,urg,ece,cwr protocol=tcp

/ip firewall filter add chain=tcp-flags protocol=tcp action=jump jump-target=bad-flags tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg,!ece,!cwr

/ip firewall filter add chain=tcp-flags protocol=tcp action=jump jump-target=bad-flags tcp-flags=fin,psh,urg,!syn,!rst,!ack,!ece,!cwr

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,syn,psh,urg,!rst,!ack,!ece,!cwr protocol=tcp

/ip firewall filter add chain=tcp-flags action=jump jump-target=bad-flags tcp-flags=fin,syn,rst,ack,urg,!psh,!ece,!cwr protocol=tcp

/ip firewall filter add chain=input action=jump jump-target=tcp-flags protocol=tcp comment=”# Jump to tcp-flags”

/ip firewall filter add chain=bad-flags action=log log-prefix=”TCP BAD FLAGS:”

/ip firewall filter add chain=bad-flags action=drop

/ip firewall filter add chain=syn-flood action=return tcp-flags=syn,!fin,!rst,!ack protocol=tcp limit=5,10

/ip firewall filter add chain=syn-flood action=return protocol=!tcp

/ip firewall filter add chain=syn-flood action=return tcp-flags=!,syn,!fin,!rst,!ack protocol=tcp

/ip firewall filter add chain=syn-flood action=log log-prefix=”SYN FLOOD:”

/ip firewall filter add chain=syn-flood action=drop

/ip firewall filter add chain=input action=jump jump-target=syn-flood tcp-flags=syn,!fin,!rst,!ack protocol=tcp comment=”# Jump to syn-flood”

/ip firewall filter add chain=block-forward action=drop dst-port=445 protocol=tcp comment=”# Block CIFS tcp”

/ip firewall filter add chain=block-forward action=drop dst-port=135 protocol=tcp comment=”# Block RPC Portmapper”

/ip firewall filter add chain=block-forward action=drop dst-port=135 protocol=udp

/ip firewall filter add chain=block-forward action=drop dst-port=111 protocol=tcp

/ip firewall filter add chain=block-input action=drop dst-port=135 protocol=tcp comment=”# Block RPC Portmapper”

/ip firewall filter add chain=block-input action=drop dst-port=135 protocol=udp

/ip firewall filter add chain=block-input action=drop dst-port=111 protocol=tcp

/ip firewall filter add chain=block-input action=drop dst-port=111 protocol=udp

/ip firewall filter add chain=block-input action=drop dst-port=445 protocol=tcp comment=”# Block CIFS tcp”

/ip firewall filter add chain=block-forward action=drop dst-port=111 protocol=udp

/ip firewall filter add chain=block-forward action=drop dst-port=69 protocol=tcp comment=”# Block TFTP”

/ip firewall filter add chain=block-input action=drop dst-port=69 protocol=tcp comment=”# Block TFTP”

/ip firewall filter add chain=block-input action=drop dst-port=69 protocol=udp

/ip firewall filter add chain=block-input action=drop dst-port=20034 protocol=tcp comment=”# Block Netbus”

/ip firewall filter add chain=block-input action=drop dst-port=20034 protocol=udp

/ip firewall filter add chain=block-input action=drop dst-port=3133 protocol=tcp comment=”# Block Back0riffice”

/ip firewall filter add chain=block-input action=drop dst-port=3133 protocol=udp

/ip firewall filter add chain=block-forward action=drop dst-port=69 protocol=udp

/ip firewall filter add chain=block-forward action=drop dst-port=20034 protocol=tcp comment=”# Block Netbus”

/ip firewall filter add chain=block-forward action=drop dst-port=20034 protocol=udp

/ip firewall filter add chain=block-forward action=drop dst-port=3133 protocol=tcp comment=”# Block Back0riffice”

/ip firewall filter add chain=block-forward action=drop dst-port=3133 protocol=udp

/ip firewall filter add chain=block-input action=drop dst-port=2049 protocol=udp comment=”# Block NFS”

/ip firewall filter add chain=block-input action=drop dst-port=2049 protocol=tcp

/ip firewall filter add chain=block-forward action=drop dst-port=2049 protocol=udp comment=”# Block NFS”

/ip firewall filter add chain=block-forward action=drop dst-port=2049 protocol=tcp

/ip firewall filter add chain=block-service action=drop out-interface=to_internet dst-port=1818 protocol=tcp comment=”# Block Game online”

/ip firewall filter add chain=block-service action=drop out-interface=to_internet dst-port=6112 protocol=tcp

Setting Mikrotik Untuk Router

KONFIGURASI FIREWALL DAN NETWORK

#/ip firewall nat add action=masquerade chain=srcnat

#/ip firewall filter add chain=input connection-state=invalid action=drop

#/ip firewall filter add chain=input protocol=udp action=accept

#/ip firewall filter add chain=input protocol=icmp action=accept

#/ip firewall filter add chain=input in-interface=(ethernet card yg ke lan) action=accept

#/ip firewall filter add chain=input in-interface=(ethernet card yg ke internet) action=accept

#/ip firewall filter add chain=input action=drop

Jika Anda menggunakan Web Proxy :

#/ip web-proxy set enabled=yes src-address=0.0.0.0. port=8080 hostname=”” parent-proxy=0.0.0.0:0 cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited

#/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128
#/ip firewall nat add in-interface=modem dst-port=80 protocol=tcp action=redirect
to-ports=3128 chain=dstnat dst-address=!192.168.0.1/24

Yang 3128 semuanya di ganti 8080 : caranya :

#/ip web-proxy set enable=yes

#/ip web-proxy set port=3128

#/ip web-proxy set max-cache-size=3145728 ( 3 kali total ram )

#/ip web-proxy set hostname=”proxy.saya”

#/ip web-proxy set allow-remote-requests=yes

#/ip web-proxy set cache-administrator: “emailku@yahoo.com”

FILTERING :

#/ ip firewall filter

#add chain=input connection-state=invalid action=drop comment=”Drop Invalid connections”

#add chain=input connection-state=established action=accept comment=”Allow Established connections”

#add chain=input protocol=udp action=accept comment=”Allow UDP”

#add chain=input protocol=icmp action=accept comment=”Allow ICMP”

#add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access to router from known network”

#add chain=input action=drop comment=”Drop anything else”


ANTI VIRUS UNTUK MIKROTIK :

#add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”

#add chain=forward protocol=icmp comment=”allow ping”add chain=forward protocol=udp comment=”allow udp”add chain=forward action=drop comment=”drop everything else“

SECURITY ROUTER MIKROTIK ANDA :

/ ip firewall filter

#add chain=input connection-state=established comment=”Accept established connections”

#add chain=input connection-state=related comment=”Accept related connections”

#add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”

#add chain=input protocol=udp action=accept comment=”UDP” disabled=no

#add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings”

#add chain=input protocol=icmp action=drop comment=”Drop excess pings”

#add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”

#add chain=input protocol=tcp dst-port=8291 comment=”winbox”

# End of Edit #

#add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else”

#add chain=input action=drop comment=”Drop everything else”

SETTING KEAMANAN JARINGAN HANYA UNTUK LOKAL AREA ANDA :

/ip firewall filter

#add chain=forward connection-state=established comment=”allow established connections”

#add chain=forward connection-state=related comment=”allow related connections”

#add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”

#add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”

#add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”

#add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”

#add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”

#add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”

#add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”

#add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”

#add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”

#add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”

#add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”

#add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”

#add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”

#add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”

#add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”

#add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”

#add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”

#add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”

#add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”

#add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”

#add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”

#add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”

#add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”

#add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”

#add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”

#add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”

#add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”

#add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″

#add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”

#add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

#MatikanPort yang Biasa di pakai Spam :

#/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop

#/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop

#/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop

#/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop

#/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

Friday, September 08, 2006

Install Apache, PHP dan MySQL pada Windows

Install Apache, MySQL dan PHP pada Windows

1. Download Apache 2.x
Download Apache 2.x.x di situs http://httpd.apache.org/download.cgi pilih versi untuk Win32 Binary (MSI Installer):apache_2.x.x-win32-x86-no_ssl.msi
2. Install apache 2.x
Cari file yang telah di download, klik dua kali lalu klik Next pada screen install :
Server Information
Isi dengan “localhost” klik Next
Destination Folder
Klik Change dengan folder defaultnya “C:\Program Files\Apache Group\” ganti dengan “C:\” tanpa quota. Klik OK dan lanjutkan proses installasi hingga selesai.
3. Jalankan Apache
Untuk menjalankan Apache pada Windows, yaitu dengan cara klik Start=>Programs=>Apache HTTP Server 2.x.x=>Control Apache Server=>Start.
Buat file dengan nama index.html seperti berikut :
//
//
Apache sudah jalan……
//
//

Simpan file tersebut di folder “C:\Apache2\htdocs”
Buka browser lalu ketikan http://localhost/ atau http://127.0.01/, jika muncul tulisan “Apache sudah jalan……” berarti Apache sudah jalan.
4. Downlaod dan Install PHP
Download PHP versi 4.3.10 atau yang terbaru di situs http://www.php.net/downloads.php, dan cari versi Windows Binaries. Download paket zip, not installer.
Ekstrak file tersebut dan simpan di “C:\”. Rename nama fodernya menjadi php sehinga seperti ini “C:\php”. Buka file “php.ini-dist” cari :
Kode :
doc_root=
Ganti menjadi :
doc_root=”c:\apache2\htdocs”
Kode:
extension_dir=”./”
Ganti menjadi:
extension_dir=”c:\php\extensions”
Simpan file tersebut di “C:\Windows” dengan nama “php.ini”
Salin file “php4ts.dll” ke direktori “C:\Windows”
5. Konfigurasi Apache
Buka file httpd.conf pada direktori “C:\Apache2\conf\httpd.conf” cari kode :
#LoadModule ssl_module modules/mod_ssl.so
Tambahkan dibawahnya dengan :
LoadModule php4_module "c:/php/sapi/php4apache2.dll"
dan
AddType application/x-httpd-php .php

Simpan dan Restart Apache. Untuk mengetes apakah php sudah jalan, buat file dengan nama info.php dengan listing program :

Simpan pada direktori “C:\Apache2\htdocs\info.php”. Buka pada browser dan ketikan http:\\localhost\info.php, jika muncul tampilan tentang informasi php, berarti php sudah jalan.
6. Download MySQL
Untuk mendapatkan software MySQL download pada situs http://www.mysql.com/downloads/index.html dan pilih MySQL database server and standartd clients: klik pada Production release. Disini penulis memakai versi 4.0.26.
7. Install MySQL
Double klik file hasil download untuk memulai Install MySQL. Klik Next kemudian pilih Custom dan Developer Componentsnya jangan diinstall dan klik next untuk melanjutkan proses installasi.
Pada pilihan Look in pilih “C:\mysql” lalu klik OK. Pada jendela berikutnya klik Install dan tunggu sampai Prosesnya selesai.
Pilih Skip Sign Up dan klik next, pada jendela berikutnya klik Finish. Tampilan berikutnya akan ditampilkan jendela Konfigurasi, klik Next, pada jendela berikutnya pilih Standard Configuration. Dan pada jendela berikutnya pilih “Install As Windows Service” dan cecklist “Launch the MySQL Server automatically” klik Next. Jendela berikutnya akan ditampilkan jendela Scurity. Isi password sesuai dengan keinginan kita dan jangan sampai lupa, klik Next.
8. Tes MySQL
Buat file dengan nama "connect.php" :

////$con = mysql_connect("localhost","peter","abc123");
//if (!$con)
//{
//die('Could not connect: ' . mysql_error());
//}

// some code

//?>

Wednesday, June 07, 2006

Istall DHCP Server di FreeBSD

1. Apa itu DHCP?
Dynamic Host Configuration Protocol (DHCP) adalah suatu protokol untuk mengotomatiskan tugas IP menunjuk ke suatu jaringan. Masing-Masing komputer yang dihubungkan ke suatu jaringan harus mempunyai suatu IP unik, dan tanpa DHCP TCP/IP informasi harus ditugaskan dengan cara manual pada masing-masing komputer.
2. Installing ISC DHCP
ISC DHCP Server adalah suatu implementasi gratis untuk DHCP protokol. Software tersebut dapat kita download di situs www.isc.org/products/DHCP.
Sebelum kita mulai installasi, pastikan bpf device sudah di-compile kedalam kernel. Jika kita sedang menggunakan kernel default (GENERIC), maka kita harus konfigur kedalam kernel secara default.
Langkah-langkahnya adalah :
Anda harus login sebagai root, download terlebih dahulu software untuk DHCPnya.
#wget http://ftp.isc.org/isc/dhcp/dhcp-3.0.4.tar.gz
Kemudian extract file tersebut dengan cara :
#tar -zxvf dhcp-3.0.4.tar.gz
Ok... selesai extract langkah selanjutnya adalah proses installasi.
# cd /usr/ports/net/isc-dhcp3-server
# make install clean
Satu langkah sudah selesai menginstall, kita pindah ke konfigurasi server. sebagai contoh konfigurasi pada file usr/local/etc/dhcpd.conf.sample anda dapat menyalin atau mengganti nama menjadi dhcpd.conf.
3. Konfigurasi
Kita dapat menggunakan editor teks favorit kita untuk mengedit dhcpd configuration file.
option domain-name "example.com";
# the domain-name option specifies the domain provided to clients as the default search domain.
option domain-name-servers dns1.example.com, dns2.example.com;

# the domain-name-servers provide clients with the DNS server.Replace this with your DNS server.
default-lease-time 86400;
max-lease-time 86400;

# The default lease expiry time in seconds
# This is the maximum length of time that the server will lease for.
authoritative;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
ddns-update-style none;
# Use this to send dhcp log messages to a different log file (you also have to hack syslog.conf to complete the redirection).log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.5 192.168.0.25;
option routers 192.168.0.1;
}
host pingpong {
hardware ethernet 00:00:00:00:00:00; [1]
fixed-address pingpong; [2]
default-lease-time 604800;
max-lease-time 604800;
}
# [1] You should change this to the hardware MAC address of the client
# [2] You should provide this with a valid hostname, and dhcp server will resolve the hostname before returning the lease to the client. I edited /etc/hosts and specify pingpong with my IP address.
4. Menjalankan DHCP pada starup
Edit file pada direktori /etc/rc.conf, isinya :
dhcpd_enable="YES"
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_withumask="022"
dhcpd_chuser_enable="YES"
dhcpd_withuser="dhcpd"
dhcpd_withgroup="dhcpd"
dhcpd_ifaces=”rl1”

Start DHCP dengan perintah berikut :
# /usr/local/etc/rc.d/isc-dhcpd.sh start

Ok... sekarang installasi sudah selesai. Semoga bermanfaat buat kita semua.
Selamat mencoba.