Senin, 02 Januari 2012

Install Ubuntu Server untuk Proxy dengan Squid

Topologi Jaringan:

Modem DSL------------Mikrotik------------Hub-----------Client
                                            |
                                            |
                                       Proxy Ubuntu (harddisk-nya minimal 80GB)

Langkah2:

1. Download Ubuntu Server 10.04 (untuk intel download disini!!!, untuk AMD download disini!!!)
2. Booting lewat CD-ROM
3. Pilih language english (enter)
4. Pilih install ubuntu server (enter)
5. Tekan enter pada choose langguage english
6. Pilih united states
7. Klik no pada detect keyboard layout?
8. Klik USA pada ubuntu installer main menu
9. Klik USA pada keyboard layout
10. Klik continue pada configure the network
11. Pilih configure network manually isi ip address dengan 192.168.7.2 pilih continue enter
12. Netmask 255.255.255.0 pilih continue enter
13. Gateway 192.168.7.1 terus klik continue
14. Name server addresses 192.168.7.1 8.8.8.8 pilih continue enter
15. Hotsname : isi dg fanizar terus pilih continue enter
16. Domain name: di kosongin saja, pilih continue enter
17. Pada configure the clok pilih select from worldwide list terus cari jakarta terus enter
18. Pada menu partition disk pilih manual
19. Hapus partisi lama dulu (pilih delete the partion)
20. Pilih partisi baru terus (arahkan pada FREE SPACE kemudian enter)
21. Pilih manual

22. Pilih Create new partition (enter)

- isi 1gb enter
- Primary enter
- Begining enter
- use as = Ext4
- Mount point = /boot
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition

23. Pilih Create new partition (enter)

- isi 16gb
- Secondary
- Begining
- use as = Ext4
- Mount point = /
- Mount options = noatime
- Pilih Done setting up the partition

24. Pilih Create new partition (enter)

- isi 2gb (2x besaran RAM)
- Secondary
- Begining
- use as = swap area
- Pilih Done setting up the partition

25. Pilih Create new partition (enter)

- isi berdasarkan sisa hasil partisi dikurangi 2gb untuk direktori home continue
- Secondary
- use as = ReiserFS
- Mount point = Enter manually dan rubah menjadi /cache
- Mount options = notail dan noatime
- Pilih Done setting up the partition

26. Pilih Create new partition (enter)

- isi 2gb (atau sisa dari direktori cache) enter
- Secondary enter
- Begining enter
- use as = Ext4
- Mount point = /home
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition

27. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
28. pada full name for the new user isi dg fanizar, terus continue & enter
29. pada Username for your account isi dg fanizar, terus continue & enter
30. pada a password for the new user isi dg fanizar, terus continue & enter
31. pada re-enter password to verify isi dg fanizar, terus continue & enter
32. pada use weak password pilih yes
33. pada encrypt your home directory pilih no
34. pada HTTP proxy information KOSONGIN SAJA
35. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
36.pada choose software to install pilih OpenSSH server pilih continus pd finis the installation dan
restart

37. Remote pake putty, setelah berhasil login ketik perintah:
- sudo su kemudian isikan password yang tadi dibuat waktu ngistall
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
- passwd (isikan password untuk root)
- squid stop

Siapkan Softwre Winscp kemudian install. Masuk ke proxy dengan username root dan password yang dibuat tadi.

masuk ke direktori /etc/squid dan backup dulu suid.conf ke flashdisk kemudian buka squid.conf tersebut. Hapus semua isinya dan ganti dengan konfigurasi di bawah ini:

# Proxy Server Versi 2.7.Stable7
# by fanizar
# Port
http_port 3128 transparent
server_http11 on
acl speedtest dstdomain .speedtest.cbn.net
acl speedtest dstdomain .speedtest.net
cache allow speedtest
#icp_port 3130
#prefer_direct off
#tambahan
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# Cache & Object
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 512 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 125 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
mime_table /usr/share/squid/mime.conf
# cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options>
cache_dir aufs /cache 49000 30 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_fqdn off
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers 192.168.7.1 8.8.8.8
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#anyar
positive_dns_ttl 1 hours
#ftp mode pasif
ftp_passive on
ftp_sanitycheck on
# Rules: Safe Port
#tambahan
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
shutdown_lifetime 10 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
# Refresh Pattern
# pictures & images
# refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ign$
# refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ignore-re$
#sound, video multimedia
# refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ign$
# refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload igno$
# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320
#refresh_pattern ^http://pb.gemscool.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://ayodance.megaxus.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://luna.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://www.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://kaskus.us/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://perfectworld.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://seal.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.indowebster.*/.* 720 100% 4320
refresh_pattern ^http://*.4shared.*/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.boleh.*/.* 720 100% 4320
#refresh_pattern ^http://*.detik.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320
#refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320
#refresh_pattern ^http://*.kompas.*/.* 180 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.texas_holdem.*/.* 720 100% 4320
refresh_pattern ^http://*.zynga.com.*/.* 720 100% 4320
refresh_pattern ^http://*.ninjasaga.*/.* 720 100% 4320
refresh_pattern ^http://*.texas.poker.*/.* 720 100% 4320
refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# SNMP
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
# ALLOWED ACCESS
acl fanizar src 192.168.1.0/24
acl fanizar src 192.168.7.0/24
acl fanizar src 192.168.0.0/24

http_access allow fanizar
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow fanizar
icp_access allow localhost
icp_access allow all
always_direct deny all
# Cache CGI & Administrative
cache_mgr alfanet
visible_hostname fanizar-speedy
cache_effective_user proxy
cache_effective_group proxy
logfile_rotate 7
#tambahan
memory_pools on #biasanya off
icp_hit_stale on
query_icmp on
reload_into_ims on
coredump_dir /var/spool/squid
pipeline_prefetch on
vary_ignore_expire on
request_body_max_size 1048 KB
#tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
simpan dan tutup.

ketik perintah lagi di putty
- chown -R proxy.proxy /cache
- chown -R proxy.proxy /var/log/squid/access.log
- squid -f /etc/squid/squid.conf -z
- restart squid

reboot cpu nya.

Konfigurasi mikrotik agar bisa sinkron dengan ubuntu
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.7.2 to-ports=3128 protocol=tcp \
dst-port=80,8080.3128 src-address==!192.168.7.0/24

/ip firewall mangle
add chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12 

/queue tree
add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 




Coba browsing ke http://www.whatismyip.com/
di webpage harus terdeteksi squid stable 2.7

good luck semoga membantu.




0 komentar: