Squid dengan Router ubuntu

Biar saya tidak lupa dengan proxy saya, maka saya buat catatn ini

Kita asumsikan router ubuntu telah terinstall dengan baik, apa bila belom silahkan ikuti langkah2 untuk membuat router ubuntu, seperti :

https://catatanfaish.wordpress.com/2010/12/13/ubuntu-router/

oke pertama kita install squid :

=>apt-get install squid

Untuk squid3 :

=>Apt-get install squid3

Kemudian edit squid.conf :

=>pico /etc/squid/squid.conf

Edit di bagian :

http_port 3128  http_port 3128 transparent 

acl localnet src 192.168.0.0/24  sesuaikan dengan ip yang di direct squid (ip eth1)

#http_access allow localnet  uncomment /hilangkan “#”

Dari sini kita dah bs jaln kan squid, tetapi minimal….sementara tweaking saya :

# WELCOME TO SQUID 2.7.STABLE9 

# —————————-

# apabila squid anda berauthenthik/memakai radius#————————Start——————————

auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123

auth_param basic children 5

auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN

auth_param basic credentialsttl 24 hours

auth_param basic casesensitive off

### ACL untuk Radius ###

acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH

http_access allow radiusauth

# ————————–end——————————–

#Recommended minimum configuration:

acl all src all

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.1.0.0/24 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/24# RFC1918 possible internal network

#

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

#Recommended minimum configuration:

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Only allow purge requests from localhost

http_access allow purge localhost

http_access deny purge

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

#Allow ICP queries from local networks only

icp_access allow localnet

icp_access deny all

# Squid normally listens to port 3128

http_port 3128 transparent

#We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

cache_mem 128 MB

maximum_object_size_in_memory 8 MB

cache_dir ufs /var/spool/squid 5000 16 256

store_dir_select_algorithm least-load

minimum_object_size 0 KB

maximum_object_size 204800 KB

cache_swap_low 90

cache_swap_high 95

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880

refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire

refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire

refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire

refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire

refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire

refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire

refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims

refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims

refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload

# example line deb packages

#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600

refresh_pattern . 0 20% 4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

extension_methods REPORT MERGE MKACTIVITY CHECKOUT

update 1:

disini

kemudian kita buat iptable untuk direct client ke squid :

=>pico /etc/rc.local

Tambahkan iptable ini …………………..

mengunakan ubuntu router :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

apabila mengunakan mikrotik, maka buat rule di mikrotik :

ip firewall nat add action=dst-nat chain=dstnat comment=”” src-address=<networ kproxy address> disabled=no dst-port=80 protocol=tcp to-addresses=<proxy address> to-ports=<proxy port>

ato kalo pengen panjang :

ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.200.1.1 to-ports=3128 \ 

protocol=tcp src-address=!192.200.1.0 src-address-list=192.200.1.2,192.200.1.3,192.200.1.4 \

in-interface=ether1 dst-port=80

kemudian simpan dan reboot

cek mengunakan :

tail –f /var/log/squid/access.log

cek perform :

squidclient -h 192.168.1.x -p 3128 mgr:info

squidclient -h 127.0.0.1 mgr:info

kalo menginginkan DHCP silahkan ikuti :

https://catatanfaish.wordpress.com/2010/12/15/dinamic-host-configuration-protokol-dhcp-server-di-ubuntu/

untuk membuat beberapa cache directiry :

misalny kita buat di home :

root@faish:/home#mkdir proxy1

root@faish:/home#chmod 777 proxy1

ulangi hingga bebrapa direktory

stop squid :

/etc/init.d/squid stop

atau

squid -K shutdown

lalu edit di squid.conf pada bagian :

cache_dir aufs /home/proxy1 10400 32 256

cache_dir aufs /home/proxy2 10400 32 256

sesuiakan tempat dan folder..

buat perintah untuk permision di proxy :

root@faish:/home# chown -R proxy.proxy /home/proxy1

root@faish:/home# chown -R proxy.proxy /home/proxy2

kemudian  buat swap untuk cache_dir :

root@faish:/home#squid -z                atau

squid -f /etc/squid/squid.conf –z

lalu jalankan lagi squid anda :

/etc/init.d/squid start                          atau

squid s-CYs

untuk menghapus isi cache :

hentikan terlebih dahulu squid

kemudian hapus semua subdiektory

rm –fdR /home/squid1

rm –fdR /home/squid2

kemudian bangun lagi swap /subdirektori

squid -z

setelah selesai, statrt kembali squid anda

kalo ada masukan dan kritikan silahkan tinggalkan comment…

trimakasih

Tentang faish83

langkah maju
Pos ini dipublikasikan di Uncategorized dan tag . Tandai permalink.

Satu Balasan ke Squid dengan Router ubuntu

  1. kicrit_ucrit@yahoo.com berkata:

    squid -N -d 1 -D untuk start squid n ceking

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s