SQUID di EASYHOTSPOT

Kita asumsikan ubuntu server telah terinstall paket LAMP, Ssh server dan yang lain (sesuai kebutuhan anda), langsung kita mulai…..
1. Update ubuntu:

=>apt-get update

2. Untuk memperbolehkan forward ke internet:

=> pico /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

3. buat data base….

=>mysqladmin -u root -pnirwana create hotspot

4. Buat user untuk database…..

=>mysql –u root –pnirwana
=> CREATE USER ‘easyhotspot’@’localhost’;
=>SET PASSWORD FOR ‘easyhotspot’@’localhost’ = PASSWORD(‘nirwana’);
=> GRANT ALL ON hotspot.* ‘easyhotspot’@’localhost’;

**kalo belom bs silahkan memakai webmin..
5. Membuat table billing easyhotspot….
1. Buat git core….

=>apt-get install git-core

2. Unduh file easyhotsgit clone

cd /opt
git clone git://easyhotspot.git.sourceforge.net/gitroot/easyhotspot/easyhotspot

3. memasukkan table billing ke database hotspot

=>cd /opt/easyhotspot/install
=> mysql -u root -pnirwana hotspot <easyhotspot_opensource_2010-10-21.sql

7. Seting freeradius……

=>pico /etc/freeradius/sql.conf
# Connection info:
server = “localhost”
#port = 3306
login = “easyhotspot” #sesuaikan dengan user
password = “nirwana” #sesuaikan dengan pass mysql
# Database table configuration for everything except Oracle
radius_db = “hotspot” #sesuaikan dengan data base
# If you are using Oracle then use this instead
# radius_db = “(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(POR$

8. Edit database pada easyhotspot…………

=>pico /opt/easyhotspot/htdocs/system/application/config/database.php
$db[‘default’][‘hostname’] = “127.0.0.1”;
$db[‘default’][‘username’] = “easyhotspot”;  sesuaikan dengan radius
$db[‘default’][‘password’] = “nirwana”;  sesuaikan dengan radius
$db[‘default’][‘database’] = “hotspot”;  sesuaikan dengan radius
$db[‘default’][‘dbdriver’] = “mysql”;

9. Untuk autenthikasi radius ke mysql…………….

=>pico /etc/freeradius/radiusd.conf

Uncomment:

$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf

Tambahkan di bawah instantiate :

max_all_mb
noresetcounter

untuk selanjutnya edit :

=>pico /etc/freeradius/sites-enabled/default

Uncomment sql pada bagian authorize dan tambahkan :

sql
max_all_mb
noresetcounter

kemudian uncomment baris sql di bagian accounting, session dan post-auth

Dan untuk menghitung data counter mysql client………..

=>pico /etc/freeradius/sql/mysql/counter.conf

Ganti tulisan dibawah ini :

sqlcounter noresetcounter {
dst
}

Dengan :

sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName=’%{%k}’”
}
sqlcounter max_all_mb {
counter-name = Max-All-MB
check-name = Max-All-MB
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(AcctInputOctets)/(1024*1024) + SUM(AcctOutputOctets)/(1024*1024) FROM radacct WHERE UserName=’%{%k}’”
}

10. Kemudia jalan kan radius :

=>/etc/init.d/freeradius stop
=>/usr/sbin/freeradius –X
=>/usr/sbin/freeradius

———-kalo tidak ada eror di lanjut…..
11. Install coovachilli…..

=>wget http://ap.coova.org/chilli/coova-chilli_1.2.4_i386.deb
=>dpkg -i coova-chilli_1.2.4_i386.deb

Aktiv kan coovachilli

=> pico /etc/default/chilli
START_CHILLI=0 ubah menjadi START_CHILLI=1

** apabila anda sudah pernah install chillispot, anda harus manual dengan cara

=>pico /etc/rc.local

Ketik :

/etc/init.d/chilli start

Edit file /etc/chilli/wwwsh

=>pico /etc/chilli/wwwsh
haserl=$(which haserl 2>/dev/null)

ubah menjadi :

haserl=/usr/local/bin/haserl

Edit file /etc/chilli/up.sh

=>pico  /etc/chilli/up.sh

Tambahkan scrip NAT di bawah :

# may not have been populated the first time; run again
[ -e “/var/run/chilli.iptables” ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

12. sekarang jalan kan perintah chilli….

/etc/init.d/chilli start

Install haserl…..

=>apt-get install gcc
=>wget http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz/download
=>tar -zxvf haserl-0.8.0.tar.gz
=>cd haserl-0.8.0;./configure;make;sudo make install

13. Lalu buat simlink easyhotspot :

Ln -s /opt/easyhotspot/htdocs /var/www/easyhotspot

Dari sini anda dapat mencoba dengan measang client di eth1/tun0, kalo IP client dapat DHCP artinya coova anda berjalan lancer, sekarang anda coba browsing, kalo tampilan captive portal muncul berarti hotspot anda sudah berjalan ….
Untuk seting billing easyhotsot selahkan anda masuk kan di browser:
http://ip-server/easyhotspot
kalo tampilany pengen di rubah silah kan oprek tamplate di /etc/chilli/www
kalo pengen rubah ip,DNs,dll oprek di /etc/chilli/defaults

Chilli.conf Harus sama dengan
radiussecret secret di /etc/freeradius/clients.conf in the “client localhost {}” section
uamsecret uamsecret di /etc/chilli/defaults

14. Install squid

=>apt-get install squid

Setting squid :

=>pico /etc/squid/squid.conf

Aktifkan transparent :
Ubah http_port 3128 menjadi http_port 3128 transparent
Bual Acl untuk ip yang didirect:
acl localnet src 10.1.0.0/24
uncooment http localnet :
http_access allow localnet
dari sini kita sudah membuat squid mengijinkan ip coova untuk masuk….kita juga telah membuat transparent proxy, untuk tuning selanjutny terserah anda……..
15. Kita buat iptable untuk direct semua permintaan client ke squid

=>pico /etc/chilli/up.sh

Masukkan ip table berikut di baris paling bawah

iptables -I INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
iptables -I INPUT -i tun0 -p tcp -m tcp –dport 3128 –syn -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -m tcp –dport 3128 -j DROP
iptables -A INPUT -i tun0 -j DROP

kemudian cek dengan :

tail -f /var/log/squid/access.log

16. Agar captive portal tidak bisa di bypass oleh proxy kita buat :

=>wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
=>tar -zxvf squid_radius_auth-1.10.tar.gz
=>cd squid_radius_auth-1.10/
=>make clean
=>make install
=>pico /etc/squid/squid.conf

Edit :

auth_param basic program /usr/local/squid/libexec/squid_radius_auth –h 10.1.0.1 –w testing123
#sesuaikan ip server anda dan password radius anda
auth_param basic children 5
auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off 

### ACL untuk Radius ###
acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH
http_access allow radiusauth

untuk sementara setingan squid.conf yang saya pake :

# WELCOME TO SQUID 2.7.STABLE9
# —————————-
# apabila squid anda berauthenthik/memakai radius
#————————Start——————————
auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123
auth_param basic children 5
auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off 

### ACL untuk Radius ###
acl radiusauth proxy_auth REQUIRED

### ALLOW for RADIUS AUTH
http_access allow radiusauth
# ————————–end——————————–

#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.1.0.0/24 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/24# RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# Squid normally listens to port 3128
http_port 3128 transparent
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
maximum_object_size_in_memory 8 MB
cache_dir ufs /var/spool/squid 5000 16 256
store_dir_select_algorithm least-load
minimum_object_size 0 KB
maximum_object_size 204800 KB
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims
refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload
# example line deb packages
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

 

selesaii…………smoga dengan catatan ini dapat memberi manfaat

kritik dan saran sangat di tunggu trimakasih

Tentang faish83

langkah maju
Pos ini dipublikasikan di Uncategorized dan tag . Tandai permalink.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s