Can't exec "/usr/lib/shorewall/getparams": Permission denied at /usr/share/perl5/Shorewall/Config.pm line 4135

# rpm -qa|grep shorewall
shorewall-core-4.5.8-0base.noarch
shorewall-4.5.8-0base.noarch

# setenforce 1
[root@... Bk-D]# /etc/init.d/shorewall restart
Compiling...
Can't exec "/usr/lib/shorewall/getparams": Permission denied at
/usr/share/perl5/Shorewall/Config.pm line 4135.
    ERROR: Processing of /etc/shorewall/params failed

# setenforce 0
# /etc/init.d/shorewall restart
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
done.

Not tried using shorewall from epel as Elio say; simply fetched last rpm
from the official ftp.
Surely it only a simple question of selinux tuning, but I haven't done
great investigation (I'm not an selinux guru and not tried something
related in a quick Internet and docs search).
The CentOS 6.3 box is a simple "Basic Server" install with some additional
standard packages. No strange confs.

Read more

Shorewall YUM repository

Shorewal or Shoreline Firewall is is high-level tool for configuring Netfilter.

Even RPM packages are available from long time on most YUM repositories only older versions could be found.
That is the reason I’ve decided to create this repository.

What you will find:
- Shorewall RPMs (starting from version 4.5.21) – If there is public interest I can pull older ones.

How to setup?
Create new repo file in /etc/yum.repos.d

Copy and paste the code
cat shorewall.repo
### Name: Shorewall RPM Repository sysadminguide.net
### URL: http://sysadminguide.net/
[shorewall]
name = RHEL $releasever - Shorewall - sysadminguide.net
baseurl = http://mirror.sysadminguide.net/shorewall
enabled = 1
protect = 0
gpgcheck = 0

Alternatively to directly download the file you can execute:
cd /etc/yum.repos.d/;wget http://mirror.sysadminguide.net/shorewall/shorewall.repo

What distributions can use it?
I did test with CentOS 5 and 6

How to use it?
If you already have installed shorewall RPM
yum update will pick it.

For initial installation you need to put all modules you need.
For example
yum install shorewall shorewall-core

How Often it updates?
Daily (Version does not change so often)

Where I can find more information about Shorewall?
On the official Shorewall site you can find a ton of information.

Source

Read more

Linux Configure Firewall Using Shorewall Under RHEL / CentOS

aproperly configured firewall can greatly increase the security of RHEL / CentOS based system. How do I configure a shorewall based firewall for CentOS or Red Hat Enterprise Linux system with an Internet connection? How do I install and configure shorewall to protect the following small business network?

Tutorial details
Difficulty	Advanced (rss)
Root privileges	Yes
Requirements	CentOS/RHEL
Estimated completion time	N/A

The Shoreline Firewall (also known as "Shorewall"), is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system.

What is Shorewall?

Usually, you write a complicated set of firewall rules using /etc/sysconfig/iptables or shell scripts. However, with shorewall you describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall is not a simple and easy to use GUI tool.

Sample setup

Fig.01: CentOS+Shorewall

Where,

1. server1.cyberciti.biz (firewall) - CentOS / RHEL based server. You need to install shorewall on this system. This server has two network interfaces. eth0 is connected to the LAN, and eth1 is connected to the internet. You also need to install reverse proxy server such as lighttpd or nginx on this server so it can load balance traffic between three Apache backends.
2. Apache{1..3} - Apache web servers.
3. Mysqld - MySQL database server.
4. The default firewall policy is to drop all traffic. Allow all connection requests from your lan network (eth0) to the Internet (eth1) and/or to the other servers hosted on the lan. Drop all connection requests from the Internet (eth1) to your firewall (fw) or lan networks; these ignored connection requests will be logged using the info syslog priority (log level). Finally, open port 80 and 443 from the the Internet. The firewall reject all other connection requests; these rejected connection requests will be logged using the info syslog priority (log level).

Install shorewall on CentOS or RHEL

First, turn on EPEL repo and type the following yum command to install shorewall package ( Debian / Ubuntu Linux user read this faq for more information ) :
# yum install shorewall
Sample outputs:

 
Loaded plugins: protectbase, rhnplugin
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package shorewall.noarch 0:4.5.4-1.el6 will be installed
--> Processing Dependency: shorewall-core = 4.5.4-1.el6 for package: shorewall-4.5.4-1.el6.noarch
--> Processing Dependency: perl(Digest::SHA) for package: shorewall-4.5.4-1.el6.noarch
--> Running transaction check
---> Package perl-Digest-SHA.x86_64 1:5.47-127.el6 will be installed
---> Package shorewall-core.noarch 0:4.5.4-1.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package            Arch      Version             Repository               Size
================================================================================
Installing:
 shorewall          noarch    4.5.4-1.el6         epel                    517 k
Installing for dependencies:
 perl-Digest-SHA    x86_64    1:5.47-127.el6      rhel-x86_64-server-6     62 k
 shorewall-core     noarch    4.5.4-1.el6         epel                     64 k
 
Transaction Summary
================================================================================
Install       3 Package(s)
 
Total download size: 643 k
Installed size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): perl-Digest-SHA-5.47-127.el6.x86_64.rpm           |  62 kB     00:00
(2/3): shorewall-4.5.4-1.el6.noarch.rpm                  | 517 kB     00:00
(3/3): shorewall-core-4.5.4-1.el6.noarch.rpm             |  64 kB     00:00
--------------------------------------------------------------------------------
Total                                           1.0 MB/s | 643 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:perl-Digest-SHA-5.47-127.el6.x86_64                        1/3
  Installing : shorewall-core-4.5.4-1.el6.noarch                            2/3
  Installing : shorewall-4.5.4-1.el6.noarch                                 3/3
  Verifying  : shorewall-4.5.4-1.el6.noarch                                 1/3
  Verifying  : shorewall-core-4.5.4-1.el6.noarch                            2/3
  Verifying  : 1:perl-Digest-SHA-5.47-127.el6.x86_64                        3/3
 
Installed:
  shorewall.noarch 0:4.5.4-1.el6
 
Dependency Installed:
  perl-Digest-SHA.x86_64 1:5.47-127.el6   shorewall-core.noarch 0:4.5.4-1.el6
 
Complete!
 

A note about config files

1. The default configuration directory is located at /etc/shorewall/.
2. Shorewall global configuration file is located at /etc/shorewall/shorewall.conf. This file sets options that apply to Shorewall as a whole.
3. The /etc/shorewall/zones file declares your network zones. Rules about what traffic to allow and what traffic to deny are expressed in terms of zones.
4. The /etc/shorewall/interfaces file serves to define the firewall's network interfaces to Shorewall.
5. The /etc/shorewall/policy file defines the high-level policy for connections between zones defined in /etc/shorewall/zones.
6. To provide exceptions to policies, add rules to /etc/shorewall/rules. Use this file to open or close ports and so on.
7. To blacklist IPs, applications, MAC address, and subnets use the/etc/shorewall/blacklist file.

Rule status and ordering

The ordering of shorewall is very important as when a rule has been matched that action is performed and then no other action is performed.

1. For each connection request entering the firewall, the request is first checked against the/etc/shorewall/rules file.
2. If no rule in that file matches the connection request then the first policy in/etc/shorewall/policy that matches the request is applied.
3. If there is a default action defined for the policy in /etc/shorewall/shorewall.conf then that action is invoked before the policy is enforced.

Configuration

Shorewall uses the concept of zones. You need to define the network using a set of zones as follows for the two network-interface configuration:

#NAME                  DESCRIPTION
fw                     The firewall itself
wan                    The Internet
lan                    Your Local Network

Configure /etc/shorewall/zones

Edit the file /etc/shorewall/zones, enter:
# vi /etc/shorewall/zones
Update the file as follows:

fw      firewall
wan     ipv4
lan     ipv4

Shorewall recognizes the firewall system as its own zone. The name of the zone designating the firewall itself (usually 'fw' as shown in the above file) is stored in the shell variable $FW which may be used throughout the Shorewall configuration to refer to the firewall zone. The wan and lan are our standard IPv4 Shorewall zone type and is the default if you leave this column empty.

Configure /etc/shorewall/interfaces

Next, you need define the hosts in a zone. You can associate the zone with a network interface using the /etc/shorewall/interfaces file. In the two-interface sample, the two zones are defined using that file as follows. Edit the file /etc/shorewall/interfaces, enter:
# vi /etc/shorewall/interfaces
Append the following entires:

 
wan     eth1    -       routefilter,blacklist,tcpflags,logmartians,nosmurfs
lan     eth0
 

The above file defines the net zone as all IPv4 hosts interfacing to the firewall. The wan zone as all IPv4 hosts interfacing through eth1 and the lan as all IPv4 hosts interfacing through eth0. The wan interface eth1 has additional advanced protection from the common internet attacks:

1. routefilter - Turn on kernel route filtering for this interface i.e. turn on anti-spoofing measurements.
2. blacklist - Check packets arriving on this interface against the /etc/shorewall/blacklist file. The blacklist file is used to perform static blacklisting. You can blacklist by source address (IP or MAC), or by application.
3. tcpflags - Packets arriving on this interface are checked for certain illegal combinations of TCP flags such as x mas or null or invalid packets. Packets found to have such a combination of flags are dropped (see the settings of TCP_FLAGS_DISPOSITION option in shorewall.conf) after having been logged in /var/log/messages file (see the setting ofTCP_FLAGS_LOG_LEVEL in shorewall.conf).
4. logmartians - Turn on kernel martian logging (logging of packets with impossible source addresses). It is strongly suggested that if you set routefilter on an interface that you also set logmartians.
5. nosmurfs - Filter packets for smurfs (packets with a broadcast address as the source) i.e. turn on anti-smurf protection.

Configure /etc/shorewall/policy

You express your default policy for connections from one zone to another zone in the/etc/shorewall/policy. file. The basic choices for policy are:

1. ACCEPT - Accept the connection.
2. DROP - Ignore the connection request.
3. REJECT - Return an appropriate error to the connection request.
4. Connection request logging may be specified as part of a policy and it is conventional (and highly recommended) to log DROP and REJECT policies.

Edit the file /etc/shorewall/policy, enter:
# vi /etc/shorewall/policy
Append the policy:

## allow lan to all and firewall to all (outgoing to internet) but no traffic from wan/internet to lan or firewall itself
lan     all     ACCEPT
$FW     all     ACCEPT
wan     all     DROP    info
# this must be last rule
all     all     REJECT  info

Save and close the file.

Configure /etc/shorewall/rules

Entries in this file govern connection establishment by defining exceptions to the policies layed out in /etc/shorewall/policy file. Use this file to open or close TCP/UDP ports. You can allows access to applications server such as FTP, HTTP, HTTPS and many more as defined in /usr/share/shorewall/macro.* files. The syntax is as follows:

ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
                               PORT(S) PORT(S) LIMIT   GROUP

OR

ACTION    SOURCE        DEST      PROTO      DEST
                                             PORT(S)

For example, to open port 22 from wan (internet) to firewall, enter:

ACCEPT     wan           $FW       tcp        22

You have a policy of ignoring all connection attempts from the wan zone (from the Internet), the above exception to that policy allows you to connect to the SSH server running on your firewall. You can now open port 80 and 443 that allows to connect to the reverse proxy server running on firewall:

## open port 443 from the wan to the nginx running on 202.54.1.1:443 on your firewall.
HTTPS/ACCEPT    wan     $FW:202.54.1.1              -       443
## open port 80 from the wan to the nginx running on 202.54.1.1:80 and 202.54.1.2:80 on your firewall.
HTTP/ACCEPT     wan     $FW:202.54.1.1,202.54.1.2   -       80

The wan / internet interface should not receive any packets whose source is in one of the ranges reserved by RFC 1918 (i.e., private or "non-routable" addresses). If packet mangling or connection-tracking match is enabled in your kernel, packets whose destination addresses are reserved by RFC 1918 are also rejected. Add the following DROP rule:

Rfc1918/DROP    wan     $FW

The following exception allows you to ping your firewall from the wan/internet:

Ping/ACCEPT     wan     $FW

Save and close the file. Please note that both Ping and Rfc1918 are macros defined in/usr/share/shorewall/macro.Ping file. To view ping macro type:
# cat /usr/share/shorewall/macro.Ping
Sample outputs:

# Shorewall version 4 - Ping Macro
#
# /usr/share/shorewall/macro.Ping
#
#       This macro handles 'ping' requests.
#
###############################################################################
#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
#                               PORT(S) PORT(S) LIMIT   GROUP
PARAM   -       -       icmp    8

To see list of all supported macros, enter:
# ls /usr/share/shorewall/macro.*
Sample outputs:

Fig.02: Macro list (click to enlarge)

Configure /etc/shorewall/blacklist

Edit the file /etc/shorewall/blacklist, enter:
# vi /etc/shorewall/blacklist
Block 202.53.1.0/24 subnet and 190.1.2.3 IP address:

202.53.1.0/24
190.1.2.3

Save and close the file.

Check the firewall configuration for errors

Type the following command:
# vi /etc/shorewall/shorewall.conf
Find the line:
STARTUP_ENABLED=No
Replace with:
STARTUP_ENABLED=Yes
Save and close the file. Shorewall uses a "compile" then "execute" approach. The Shorewall configuration compiler reads the configuration files and generates a shell script. Errors in the compilation step cause the script to be discarded and the command to be aborted. If the compilation step doesn't find any errors then the shell script is executed. To check for errors, enter:
# shorewall check
Sample outputs:

Fig.03: Checking firewall configuration for error

Save existing firewall rules

Use iptables-save command to dump the contents of an IP Table in easily parseable format to screen or a file:
# iptables-save > /root/old.firewall.config
However, I recommend that you use the following commands to save and disable iptables service on CentOS/RHEL:
# service iptables save
# service iptables stop
# chkconfig iptables off

How do I start / stop / restart shorewall?

Type the following commands (warning poorly configured firewall rules may block out your remote access including ssh, so be careful when you type the following commands):
# service shorewall start
# service shorewall stop
# service shorewall restart
# service shorewall status
OR
# /etc/init.d/shorewall start
# /etc/init.d/shorewall stop
# /etc/init.d/shorewall restart
# /etc/init.d/shorewall status
To turn on shorewall at boot time, enter:
# chkconfig shorewall on

How do I list firewall rules?

Type the following command:
# shorewall show
# shorewall show | less

How do I see the IP connections currently being tracked by the firewall?

# shorewall show connections

How do I see firewall logs?

# shorewall show hits
# shorewall show hits|less

How do I displays my kernel/iptables capabilities?

# shorewall show capabilities
The shorewall command and firewall configurations allows many more options. I recommend that you read shorewall command man page for more information.

How do I list all macros?

# shorewall show macros
# shorewall show Web
Sample outputs:

Shorewall 4.5.4 Macro Web at server1.cyberciti.biz - Thu Dec 20 03:50:27 CST 2012
#
# Shorewall version 4 - Web Macro
#
# /usr/share/shorewall/macro.Web
#
# This macro handles WWW traffic (secure and insecure).  This
# macro is deprecated - use of macro.HTTP and macro.HTTPS instead
# is recommended.
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
#    PORT(S) PORT(S) LIMIT GROUP
PARAM - - tcp 80 # HTTP (plaintext)
PARAM - - tcp 443 # HTTPS (over SSL)

REFERENCES:

• Shorewall project.
• Cyberciti
• man pages shorewall and iptables

Read more

Membuat Home Server Sendiri FreeNAS

Spoiler : Setelah lama tidak menulis artikel yang “bermanfaat”, sekarang saya mencoba menuliskan artikel bersambung yang mudah-mudahan memberi manfaat buat pembaca. :D

Satu hal yang saya yakini jauh sebelum menuliskan artikel ini adalah, ketika kita bersinggungan dengan perangkat komputer (PC) dengan segala macam konten didalamnya maka kebutuhan akan ruang penyimpanan yang besar sangat sulit untuk diabaikan, apalagi bagi teman-teman penggila movie dengan kualitas BRRIP HD dengan ukuran minimum 1 Gigabyte per film atau maniak game yang hobi koleksi game PC. Hoho..bisa dibayangkan berapa besar storage (media simpan) yang dibutuhkan untuk menyimpannya. Inilah yang menjadi ide dasar untuk membangun sebuah Home Server sendiri dengan harga yang bisa diperkirakan dan komponen yang dapat kita tentukan sendiri.

Jika anda tidak ingin repot, anda dapat membeli storage server yang sudah jadi. Branded! Lebih stabil dengan komponen pilihan dari vendor. Tapi jika anda ingin server yang custom, setiap komponennya sesuai dengan keinginan anda sendiri, anda dapat membaca sisa artikel ini.

Yang perlu diperhatikan adalah anda mempunyai banyak opsi dalam menentukan Sistem Operasi apa yang akan ditanamkan ke dalam Home Server anda sendiri. Untuk Sistem Operasi yang akan saya gunakan dalam Home Server Saya akan saya bahas pada artikel terpisah.

Jenis Home Server

Sebelum membangun Home Server anda sendiri, lebih baik kita harus mempunyai tujuan yang jelas untuk tujuan apa Home Server kita dibangun.
Anda dapat mempertimbangkan pilihan home server yang akan anda bangun pada pilihan ini :

1. File server

File server lebih difokuskan pada satu tujuan yaitu penyimpanan data. Komponen yang digunakan juga dititik beratkan pada performa dan sedikit membutuhkan pengolah grafis. Karena tujuannya hanya untuk menyimpan data, sistem operasi yang sesuai adalah FreeNAS atau NAS4Free, kenapa bukan Windows client (XP/Vista/7) atau Distro Linux? Sebenarnya sah-sah saja anda menggunakan sistem operasi apapun karena itu bergantung pada kebiasaan anda, hanya saja fitur-fitur yang ada pada sistem operasi FreeNAS atau NAS4Free lebih banyak dan mendukung Pooling Disk Drive yang lebih baik.

*File server ini juga mendukung streaming

2. Home Entertainment System (Bahasan pada artikel ini)

Server ini berfungsi lebih banyak, dapat digunakan sebagai multimedia. Seperti memutar film di ruang keluarga, sinkronisasi/backup laptop atau PC, terhubung ke game konsol dsb. Karena tujuan ini lebih global, perangkat yang digunakan juga akan berbeda.

 Daftar Hardware Yang Kita Perlukan

1. Computer Case

Casing yang saya gunakan adalah FRACTAL DESIGN Middle Tower Arc Midi. Dengan pertimbangan sebagai berikut : Ruang internal yang cukup luas, dengan desain minimalis, mampu menampung 8 HDD ukuran 3.5″ yang juga kompatibel dengan SSD, 3 fan terpasang + 5 slot fan tambahan. Saya rasa akan cukup optimal untuk pergerakan udara didalam case. Supoort dengan motherboard Mini ITX, Micro ATX and ATX Support Water Cooling Bagian belakang motherboard tray dapat digunakan untuk cable management. Tidak ada lagi kabel berserakan di case yang dapat mengganggu aliran udara pendingin. Dust Filter. Pada bagian depan dan atas case terdapat dust filter untuk menyaring debu. Hal ini akan menghambat penumpukan debu di dalam case (tergantung metode airflow yang anda gunakan). Fan controler yang berfungsi untuk mengatur kecepatan fan. Up to 3 fan dalam satu controller.

2. Processor

Saya menggunakan AMD Llano [A6-3500] sebagai processornya. Berikut merupakan beberapa detail dari AMD Liano A6-3500 Triple core, 2.1 GHz, 3MB Cache Konsumsi daya : 65 Watt AMD Radeon HD 6530D tercakup didalamnya Socket FM1

3. RAM (Random Access Memory)

Karena keterbatasan operasi yang saya gunakan (akan dibahas pada artikel selanjutnya) makan dengan sangat terpaksa saya menggunakan memori CORSAIR Memory PC 2x 4GB DDR3 PC-12800 [Vengeance CML8GX3M2A1600C9] (DDR3). Apabila anda berencana menggunakan sistem operasi yang lain saya sarankan memaksimalkan kapasitas RAM sesuai dengan motherboard dan OS yang digunakan. Sebelum membeli RAM ada baiknya anda memperhatikan beberapa hal berikut ini : Sesuaikan besaran BUS yang ada pada module memory dengan motherboard anda. Lebih baik gunakan 1 module, tetapi jika terpaksa menggunakan 2 module, gunakan 2 module memory dengan merk, bus, dan kapasitas yang sama. Pilih module sesuai dengan QVL (Qualified Vendor List) yang disarankan oleh produsen motherboard. Pilih desain memory yang low profile, supaya tidak memakan tempat, dan menyesuaikan dengan posisi cooler. Support overclock (opsional)

4. Motherboard

Sebenarnya saya lebih prefer menggunakan motherboard F1A75-M tetapi karena susah bener barangnya, maka dengan sangat terpaksa menggunakan motherboard versi sebelumnya yaitu Asus F1A55-V. Kenapa motherboard ini? Untuk processor AMD socket FM1 Support 64bit OS 4x DIMM (max 64 MB) 1x LAN card Gigabyte 6x SATA III 3 Gb/s 1x DVI-D 2x USB 3.0 4x USB 2.0 1x HDMI

5. Power Supply (PSU)

Power Supply SILVERSTONE Strider Essential 600W [SST-ST60F-ES] ini dirasa cukup untuk memasok daya ke semua komponen yang ada di dalam case. Yang saya suka dari PSU ini adalah : Efisiensi daya listrik 80+ Output 600W 6x SATA connector Active PFC

6.  Cooler

Cooler utama di dalam case, untuk meng-handle panas processor. THERMALTAKE Frio Advanced [CLP0596] digunakan untuk pendingin utama sebagai pengganti COOLER MASTER CPU Air Cooler [V6 GT], apabila anda mendapatkan Cooler Master V6 GT akan lebih baik :) dan ingat, cooler yang anda beli perlu diperhatikan kesesuaiannya dengan socket processor yang anda gunakan. Dudukan / pangkon cooler yang saya gunakan support dengan socket AMD FM1.

Fan tambahan (FRACTAL DESIGN Silent Series [140]). Sesuaikan jumlah fan tambahan ini berdasarkan jumlah slot fan yang tersedia dan kebutuhan sirkulasi udara di dalam case. Pergerakan udara didalam case akan sangat berpengaruh pada penumpukan debu.

7. Disk Drive

	x1	SSD ini (INTEL Solid State 180GB [520 Series]) akan digunakan sebagai Disk Primer dalam artian dimana sistem operasi akan ditanam, SSD dipilih dengan pertimbangan kecepatan baca tulis yang lebih tinggi dibandingkan HDD.
	x2(min) x5(max)	SEAGATE Barracuda 2TB lebih cocok dijadikan storage disk karena ukuran ruang simpannya yang paling besar untuk saat ini. Apabila anda menggunakan disk dengan kapasitas 3TB akan lebih baik tentunya.

8. Sistem Operasi

	FreeNAS atau NAS4Free adalah sistem operasi yang hampir sama, yang ditujukan untuk kebutuhan file server. Sistem operasi ini juga mendukung RAID sebagai fitur backup, dimana apabila salah satu Storage HDD rusak, file anda masih ada, tinggal memasukkan HDD baru. Halaman resmi FreeNAS. Halaman resmi NAS4Free (http://nas4free.org, lagi down).
	Jika anda berniat membangun home entertainment system, saya sarankan menggunakan Windows Home Server 2011 dengan pertimbangan harganya yang jauh lebih murah jika dibandingkan denganWindows Server 2012 Essentials.

*Konfigurasi di atas tidak mutlak anda terapkan, sebaiknya hanya digunakan bahan referensi. Produk-produk di atas merupakan histori pembelian barang saya dari tiga web berikut :

1. Bhinneka.com (Jakarta)
2. eGrosir.com (Surabaya)
3. Amazon.com (Luar Negeri)

Jika anda memiliki saran konfigurasi perangkat keras yang lebih baik, anda dapat membaginya di halaman ini.

Fan Case, Dust, Airflow?

Apa hubungannya ya? Hehe.. Ketiga hal ini sangat berkaitan erat. Dimulai dari masalah utama yang harus ditanggulangi dari server anda yaitu : PANAS. Panas akan membuat kinerja server anda menurun, baik kinerja hardware maupun software, panas memang tidak bisa dihilangkan tetapi bisa dikurangi. Disinilah peran fan dibutuhkan, fan primer digunakan untuk mendinginkan processor dan fan tambahan yang digunakan sebagai pendingin perangkat lain seperti HDD / Optic Drive / VGA Card dll atau digunakan sebagai pengalir udara saja.

Semakin banyak fan, semakin baik? Jawabnya : Belum tentu. Banyaknya fan bukanlah jaminan temperatur di dalam case turun secara signifikan, benar, tak akan signifikan jika kita mengatur arah fannya asal-asalan. Kita butuh udara yang mengalir, baik itu mengalir masuk, dan mengalir keluar. Menurut artikel yang saya baca, airflow ada dua macam yaitu positive airflow dan negative airflow.

1. Positive airflow adalah udara yang dialirkan ke dalam case lebih banyak daripada udara yang keluar.
2. Negative airflow adalah udara yang dialirkan ke luar case lebih banyak daripada udara yang masuk.

Nah, disinilah metode airflow yang kita gunakan akan berpengaruh terhadap penumpukan debu di dalam case. Debu akan banyak didalam case apabila anda menggunakan metode negative airflow.

*Pembahasan airflow kita bahas di tulisan berikutnya saja ya.. Biar gak tercampur dengan tujuan utama artikel ini. :D Insya Allah.

Selanjutnya Apa?

Apabila semua komponen sudah terkumpul, kita dapat merakit server kita sendiri. :D Dengan tidak mengabaikan metode airflow tentunya, jadi kita harus benar-benar bijak menempatkan additional fan pada slot computer case.

Selamat bereksperimen.

source

Read more