Topologi Jaringan:
Modem DSL------------Mikrotik------------Hub-----------Client
|
|
Proxy Ubuntu (harddisk-nya minimal 80GB)
Langkah2:
1. Download Ubuntu Server 10.04 (untuk intel download disini!!!, untuk AMD download disini!!!)
2. Booting lewat CD-ROM
3. Pilih language english (enter)
4. Pilih install ubuntu server (enter)
5. Tekan enter pada choose langguage english
6. Pilih united states
7. Klik no pada detect keyboard layout?
8. Klik USA pada ubuntu installer main menu
9. Klik USA pada keyboard layout
10. Klik continue pada configure the network
11. Pilih configure network manually isi ip address dengan 192.168.7.2 pilih continue enter
12. Netmask 255.255.255.0 pilih continue enter
13. Gateway 192.168.7.1 terus klik continue
14. Name server addresses 192.168.7.1 8.8.8.8 pilih continue enter
15. Hotsname : isi dg fanizar terus pilih continue enter
16. Domain name: di kosongin saja, pilih continue enter
17. Pada configure the clok pilih select from worldwide list terus cari jakarta terus enter
18. Pada menu partition disk pilih manual
19. Hapus partisi lama dulu (pilih delete the partion)
20. Pilih partisi baru terus (arahkan pada FREE SPACE kemudian enter)
21. Pilih manual
22. Pilih Create new partition (enter)
- isi 1gb enter
- Primary enter
- Begining enter
- use as = Ext4
- Mount point = /boot
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition
23. Pilih Create new partition (enter)
- isi 16gb
- Secondary
- Begining
- use as = Ext4
- Mount point = /
- Mount options = noatime
- Pilih Done setting up the partition
24. Pilih Create new partition (enter)
- isi 2gb (2x besaran RAM)
- Secondary
- Begining
- use as = swap area
- Pilih Done setting up the partition
25. Pilih Create new partition (enter)
- isi berdasarkan sisa hasil partisi dikurangi 2gb untuk direktori home continue
- Secondary
- use as = ReiserFS
- Mount point = Enter manually dan rubah menjadi /cache
- Mount options = notail dan noatime
- Pilih Done setting up the partition
26. Pilih Create new partition (enter)
- isi 2gb (atau sisa dari direktori cache) enter
- Secondary enter
- Begining enter
- use as = Ext4
- Mount point = /home
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition
27. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
28. pada full name for the new user isi dg fanizar, terus continue & enter
29. pada Username for your account isi dg fanizar, terus continue & enter
30. pada a password for the new user isi dg fanizar, terus continue & enter
31. pada re-enter password to verify isi dg fanizar, terus continue & enter
32. pada use weak password pilih yes
33. pada encrypt your home directory pilih no
34. pada HTTP proxy information KOSONGIN SAJA
35. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
36.pada choose software to install pilih OpenSSH server pilih continus pd finis the installation dan
restart
37. Remote pake putty, setelah berhasil login ketik perintah:
- sudo su kemudian isikan password yang tadi dibuat waktu ngistall
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
- passwd (isikan password untuk root)
- squid stop
Siapkan Softwre Winscp kemudian install. Masuk ke proxy dengan username root dan password yang dibuat tadi.
masuk ke direktori /etc/squid dan backup dulu suid.conf ke flashdisk kemudian buka squid.conf tersebut. Hapus semua isinya dan ganti dengan konfigurasi di bawah ini:
ketik perintah lagi di putty
- chown -R proxy.proxy /cache
- chown -R proxy.proxy /var/log/squid/access.log
- squid -f /etc/squid/squid.conf -z
- restart squid
reboot cpu nya.
Konfigurasi mikrotik agar bisa sinkron dengan ubuntu
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.7.2 to-ports=3128 protocol=tcp \
dst-port=80,8080.3128 src-address==!192.168.7.0/24
/ip firewall mangle
add chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12
/queue tree
add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
Coba browsing ke http://www.whatismyip.com/
di webpage harus terdeteksi squid stable 2.7
good luck semoga membantu.
Modem DSL------------Mikrotik------------Hub-----------Client
|
|
Proxy Ubuntu (harddisk-nya minimal 80GB)
Langkah2:
1. Download Ubuntu Server 10.04 (untuk intel download disini!!!, untuk AMD download disini!!!)
2. Booting lewat CD-ROM
3. Pilih language english (enter)
4. Pilih install ubuntu server (enter)
5. Tekan enter pada choose langguage english
6. Pilih united states
7. Klik no pada detect keyboard layout?
8. Klik USA pada ubuntu installer main menu
9. Klik USA pada keyboard layout
10. Klik continue pada configure the network
11. Pilih configure network manually isi ip address dengan 192.168.7.2 pilih continue enter
12. Netmask 255.255.255.0 pilih continue enter
13. Gateway 192.168.7.1 terus klik continue
14. Name server addresses 192.168.7.1 8.8.8.8 pilih continue enter
15. Hotsname : isi dg fanizar terus pilih continue enter
16. Domain name: di kosongin saja, pilih continue enter
17. Pada configure the clok pilih select from worldwide list terus cari jakarta terus enter
18. Pada menu partition disk pilih manual
19. Hapus partisi lama dulu (pilih delete the partion)
20. Pilih partisi baru terus (arahkan pada FREE SPACE kemudian enter)
21. Pilih manual
22. Pilih Create new partition (enter)
- isi 1gb enter
- Primary enter
- Begining enter
- use as = Ext4
- Mount point = /boot
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition
23. Pilih Create new partition (enter)
- isi 16gb
- Secondary
- Begining
- use as = Ext4
- Mount point = /
- Mount options = noatime
- Pilih Done setting up the partition
24. Pilih Create new partition (enter)
- isi 2gb (2x besaran RAM)
- Secondary
- Begining
- use as = swap area
- Pilih Done setting up the partition
25. Pilih Create new partition (enter)
- isi berdasarkan sisa hasil partisi dikurangi 2gb untuk direktori home continue
- Secondary
- use as = ReiserFS
- Mount point = Enter manually dan rubah menjadi /cache
- Mount options = notail dan noatime
- Pilih Done setting up the partition
26. Pilih Create new partition (enter)
- isi 2gb (atau sisa dari direktori cache) enter
- Secondary enter
- Begining enter
- use as = Ext4
- Mount point = /home
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition
27. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
28. pada full name for the new user isi dg fanizar, terus continue & enter
29. pada Username for your account isi dg fanizar, terus continue & enter
30. pada a password for the new user isi dg fanizar, terus continue & enter
31. pada re-enter password to verify isi dg fanizar, terus continue & enter
32. pada use weak password pilih yes
33. pada encrypt your home directory pilih no
34. pada HTTP proxy information KOSONGIN SAJA
35. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
36.pada choose software to install pilih OpenSSH server pilih continus pd finis the installation dan
restart
37. Remote pake putty, setelah berhasil login ketik perintah:
- sudo su kemudian isikan password yang tadi dibuat waktu ngistall
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
- passwd (isikan password untuk root)
- squid stop
Siapkan Softwre Winscp kemudian install. Masuk ke proxy dengan username root dan password yang dibuat tadi.
masuk ke direktori /etc/squid dan backup dulu suid.conf ke flashdisk kemudian buka squid.conf tersebut. Hapus semua isinya dan ganti dengan konfigurasi di bawah ini:
simpan dan tutup.# Proxy Server Versi 2.7.Stable7# by fanizar# Porthttp_port 3128 transparentserver_http11 onacl speedtest dstdomain .speedtest.cbn.netacl speedtest dstdomain .speedtest.netcache allow speedtest#icp_port 3130#prefer_direct off#tambahanhierarchy_stoplist cgi-bin ?acl QUERY urlpath_regex cgi-bin \?no_cache deny QUERY# Cache & Objectcache_mem 8 MBcache_swap_low 98cache_swap_high 99max_filedesc 8192maximum_object_size 512 MBminimum_object_size 0 KBmaximum_object_size_in_memory 125 KBipcache_size 4096ipcache_low 98ipcache_high 99fqdncache_size 4096cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSFmime_table /usr/share/squid/mime.conf# cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options>cache_dir aufs /cache 49000 30 256cache_access_log /var/log/squid/access.logcache_log /var/log/squid/cache.logcache_store_log nonelog_fqdn offpid_filename /var/run/squid.pidcache_swap_log /var/log/squid/swap.statedns_nameservers 192.168.7.1 8.8.8.8emulate_httpd_log offhosts_file /etc/hostshalf_closed_clients offnegative_ttl 1 minutes#anyarpositive_dns_ttl 1 hours#ftp mode pasifftp_passive onftp_sanitycheck on# Rules: Safe Port#tambahanquick_abort_min 0quick_abort_max 0quick_abort_pct 98shutdown_lifetime 10 secondsacl all src 0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src 127.0.0.1/255.255.255.255acl to_localhost dst 127.0.0.0/8acl SSL_ports port 443 563 873 # https snews rsyncacl Safe_ports port 80 # httpacl Safe_ports port 20 21 # ftpacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 631 # cupsacl Safe_ports port 10000 # webminacl Safe_ports port 901 # SWATacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 873 # rsyncacl Safe_ports port 110 # POP3acl Safe_ports port 25 # SMTPacl Safe_ports port 2095 2096 # webmail from cpanelacl Safe_ports port 2082 2083 # cpanelacl purge method PURGEacl CONNECT method CONNECThttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !Safe_ports !SSL_portshttp_access deny CONNECT !SSL_ports !Safe_ports# Refresh Pattern# pictures & images# refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ign$# refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ignore-re$#sound, video multimedia# refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ign$# refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload igno$# filesrefresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-authrefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-authrefresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-authrefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-authrefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-authrefresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-imsrefresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-imsrefresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-imsrefresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-imsrefresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-imsrefresh_pattern ^http://*.google.*/.* 720 100% 4320#refresh_pattern ^http://pb.gemscool.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims#refresh_pattern ^http://ayodance.megaxus.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims#refresh_pattern ^http://luna.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-imsrefresh_pattern ^http://www.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-imsrefresh_pattern ^http://kaskus.us/.* 720 100% 4320 override-expire override-lastmod reload-into-ims#refresh_pattern ^http://perfectworld.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims#refresh_pattern ^http://seal.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-imsrefresh_pattern ^http://*.indowebster.*/.* 720 100% 4320refresh_pattern ^http://*.4shared.*/.* 720 100% 4320refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320refresh_pattern ^http://*.yimg.*/.* 720 100% 4320refresh_pattern ^http://*.boleh.*/.* 720 100% 4320#refresh_pattern ^http://*.detik.*/.* 180 100% 4320#refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320#refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320#refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320#refresh_pattern ^http://*.kompas.*/.* 180 100% 4320refresh_pattern ^http://*.facebook.*/.* 720 100% 4320refresh_pattern ^http://*.texas_holdem.*/.* 720 100% 4320refresh_pattern ^http://*.zynga.com.*/.* 720 100% 4320refresh_pattern ^http://*.ninjasaga.*/.* 720 100% 4320refresh_pattern ^http://*.texas.poker.*/.* 720 100% 4320refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320#default optionrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320# SNMPsnmp_port 3401acl snmpsquid snmp_community publicsnmp_access allow snmpsquid localhostsnmp_access deny all# ALLOWED ACCESSacl fanizar src 192.168.1.0/24acl fanizar src 192.168.7.0/24acl fanizar src 192.168.0.0/24http_access allow fanizarhttp_access allow localhosthttp_access deny allhttp_reply_access allow allicp_access allow fanizaricp_access allow localhosticp_access allow allalways_direct deny all# Cache CGI & Administrativecache_mgr alfanetvisible_hostname fanizar-speedycache_effective_user proxycache_effective_group proxylogfile_rotate 7#tambahanmemory_pools on #biasanya officp_hit_stale onquery_icmp onreload_into_ims oncoredump_dir /var/spool/squidpipeline_prefetch onvary_ignore_expire onrequest_body_max_size 1048 KB#tcp_outgoing_tos 0x30 localnetzph_mode toszph_local 0x30zph_parent 0zph_option 136
ketik perintah lagi di putty
- chown -R proxy.proxy /cache
- chown -R proxy.proxy /var/log/squid/access.log
- squid -f /etc/squid/squid.conf -z
- restart squid
reboot cpu nya.
Konfigurasi mikrotik agar bisa sinkron dengan ubuntu
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.7.2 to-ports=3128 protocol=tcp \
dst-port=80,8080.3128 src-address==!192.168.7.0/24
/ip firewall mangle
add chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12
/queue tree
add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
Coba browsing ke http://www.whatismyip.com/
di webpage harus terdeteksi squid stable 2.7
good luck semoga membantu.
0 komentar:
Posting Komentar