CEDET2WELL

CEDET2WELL

CEDET2WELL

CEDET2WELL

CEDET2WELL

Monday, 1 October 2012

Squid.conf

02:55  , ,  No comments

#-----------------------------------#
# Proxy Server Versi 2.7.Stable7
# net2well@gmail.com
# update 3 Maret 2011
#-----------------------------------#

#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#

http_port 3128 transparent
icp_port 3130
prefer_direct off

#---------------------------------------------------------------#
# Mengatasi Facebook Blank setelah login
#---------------------------------------------------------------#

server_http11 on

#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB

ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

#----------------------------------------------------------------#
# cache_dir
#----------------------------------------------------------------#

cache_dir aufs /home/proxy1 16000 28 256
cache_dir aufs /home/proxy2 16000 28 256
cache_dir aufs /home/proxy3 16000 28 256

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes

#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel

acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#

# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth

#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private

# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth

# -- refresh pattern for specific sites -- #
refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#

acl proxyku src 192.168.4.0/24
http_access allow proxyku
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow proxyku
icp_access allow localhost
icp_access deny all
always_direct deny all

#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#

cache_mgr webmaster@R.net
visible_hostname ab-intermedia.com
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14

#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136




Atau bisa liat squid.conf nya Lintasnet klik

Read More

Sunday, 23 September 2012

Setup Ubuntu Server 10.10 (Proxy) + Mikrotik

07:31  , ,  No comments

 

 


langsung aja kita ke Tutorialnya :
1. disini Ts memakai Rb450 / RB750 Buat Mikrotiknya dan spek untuk ubuntu servernya sbb:
1. Prosesor PIV
2. Ram 1 Gb DDR1
3. Hdd 160 Gb
4. Power suply bawaan cassing.
5. Lan card D-Link

Topologi jaringan seperti ini tepatnya :


Proses Instal Ubuntu 


1. Instalasi Ubuntu Server 10.10 32 bit , Bagi Yang Belum Punya Cd Instalasi bisa download Ubuntu server 10.10 di Situs resminya Ubuntu ( gak usah kuatir harus bayar karena Ubuntu Produk freeware Alias OS Gretongan / Gratis ).
2. seperti biasa kita setting komputer dulu untuk first bootingnya ke CD room / Usb Cd room bagi yg menggunakan Usb CD room di BIOS nya. Bagi yang pernah instal windows pasti sudah tau yang saya maksud.
kalau sudah kita mulai langsung proses Instalasinya seperti langkah - langkah dibawah Ini, Cekiprot :
1. Masukkan Cd Ubuntu ke Cd room
2. Pilih language english (enter)
3. Pilih instal ubuntu server (enter)
4. Tekan enter pada choose langguage english
5. Pilih united states
6. Klik no pada detect keyboard layout?
7. Klik USA pada ubuntu installer main menu
8. Klik USA pada keyboard layout
9. Klik continue pada configure the network
10. Pilih configure network manually isi ip address dg 192.168.3.2 pilih continue enter
11. Netmask 255.255.255.0 pilih continue enter
12. Gateway 192.168.3.1 terus klik continue
13. Name server addresses 192.168.3.1 pilih continue enter
14. Hotsnama : isi dg proxyku terus pilih continue enter
15. Domain name: di kosongin saja, pilih continue enter
16. Pada configure the clok pilih select from worldwide list terus cari jakarta (sesuaikan lokasi anda) terus enter
17. Pada menu partition disk pilih manual
18. Kita hapus partisi lama dulu :
19. Pilih partisi nya terus enter pilih delete the partion (ulangi perintah ini untuk semua partisi yg tersisa)
20. Jika telah selesai pilih Guided partitioning, kemudian pilih manual arahkan pada FREE SPACE (enter),
21. Pilih Create new partition (enter)

22. New partition size isi 1 Gb (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter) pada Mount point pilih /boot (enter), pd mount option pilih[*] noatime (pilih continue dan enter), pada Bootable Flag rubah menjadi on JIKA STATUS NYA TDK BERUBAH ABAIKAN SAJA kemudian pilih done setting up the partition

23. New partition size isi 10 gb (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter) pada Mount point pilih / (enter), pd mount option pilih[*] noatime (pilih continue dan enter), kemudian pilih done setting up the partition

24. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi 2 gb ( besarnya 2x RAM) pilih continue dan enter, pilih Primary (enter), pilih Beginning (enter), pada use as pilih swap area (enter), kemudian Pilih done setting up the partition

25. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi sisa semua harddisk (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih Reinsfers (enter)

pada Moun point enter manually buat menjadi /cache, pd mount option pilih[*] noatime dan realtime kemudian Pilih continue dan done setting up the partition
26. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
27. pada full name for the new user isi dg proxyku, terus continue & enter
28. pada Username for your account isi dg proxyku, terus continue & enter
29. pada a password for the new user isi dg proxyku, terus continue & enter
30. pada re-enter password to verify isi dg proxyku, terus continue & enter
31. pada use weak password pilih yes
32. pada encrypt your home directory pilih no
33. pada HTTP proxy information KOSONGIN SAJA
34. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
35.pada choose software to install pilih OpenSSH server pilih continus pd finish the installation dan reboot, ambil CD Ubuntu, 1st Boot kembalikan ke Hardisk.
selanjutnya anda instal paket yang dibutuhkan
# login dg cedet
# password cedet
# ketik sudo su -
# isi cedet
# Ketik passwd
# enter new UNIX password isi dg cedet
# retype new UNIX password isi cedet

Kalau sudah selesai Instalnya mari kita mulai buat instal paket-paket yang dibutuhkan buat proxynya.
Setelah selesai instal Hubungkan Kabel CROSS Dari Pc Ubuntu ke Mikrotik.
setelah itu Buka winbox untuk remote mikrotik, coba Ping IP Ubuntu dari new terminal yang ada di winbox.
lihat dan perhatikan apakah sudah reply atau belum. kalau belum coba diteliti lagi mungkin ada yang belum bener. kalau sudah reply kita lanjutkan.
langkah Berikutnya kita akan menginstal paket yang dibutuhkan, sebelumnya anda download Putty dan Winscp untuk remote ubuntu servernya disini
http://www.media*fire..com/?qi7v7r1792d0dc1

kalau sudah anda remote ubuntu lewat Putty dengan mengetikan IP address Pc Ubuntunya (192.168.3.2 ). kalau muncul pesan warning pilih aja Yes.
setelah muncul jendela terminal di Putty login seperti anda login di Ubuntu sebagai #root.

kemudian anda instal paket yang di butuhkan dengan mengetik perintah di bawah ini :
root@proxyku:~#apt-get update
root@proxyku:~#apt-get install squid squidclient squid-cgi
root@proxyku:~#apt-get install gcc
root@proxyku:~#apt-get install build-essential
root@proxyku:~#apt-get install sharutils
root@proxyku:~#apt-get install ccze
root@proxyku:~#apt-get install libzip-dev
root@proxyku:~#apt-get install automake1.9

kalau sudah selesai anda download squid 2.7STABLE9 dengan mengetikan perintah di terminal ubuntu melalui putty :

root@proxyku:~# wget h**p://tempat-sampah.googlecode.com/files/squid-2.7.STABLE9%2Bpatch.tar.gz (**=Ganti tt )

kalau sudah selesai kita extrak filenya dengan perintah :

root@proxyku:~# tar xvf squid-2.7.STABLE9+patch.tar.gz
root@proxyku:~# cd squid-2.7.STABLE9

setelah itu anda lanjutkan dengan kompil file tersebut dengan perintah di bawah ini :

./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs \
--enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp \
--enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files \
--enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536

Kalau anda bingung anda copas aja tiap barisnya terus anda paste di Puttynya dengan klik kanan aja terus anda ENTER.
setelah itu anda lanjutkan dengan perintah :
root@proxyku:~#make
root@proxyku:~#make install

setelah selesai anda STOP squidnya. tapi sebelum anda stop squidnya anda ganti dulu isi yang ada di /etc/init.d/squid dengan perintah :

root@proxyku:~#nano /etc/init.d/squid

kemudian anda hapus semua isinya dan anda ganti dengan ini:




#! /bin/sh
#
# squid Startup script for the SQUID HTTP proxy-cache.
#
# Version: @(#)squid.rc 2.20 01-Oct-2001 miquels@cistron.nl
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: $named
# Should-Stop: $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Squid HTTP Proxy
### END INIT INFO

NAME=squid
DAEMON=/usr/sbin/squid
LIB=/usr/lib/squid
PIDFILE=/var/run/$NAME.pid
SQUID_ARGS="-D -YC"

[ ! -f /etc/default/squid ] || . /etc/default/squid

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

grepconf () {
w=" " # space tab
sq=/etc/squid/squid.conf
# sed is cool.
res=`sed -ne '
s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $sq`
[ -n "$res" ] || res=$2
echo "$res"
}

grepconf2 () {
w=" " # space tab
sq=/etc/squid/$NAME.conf
# sed is cool.
res=`sed -ne '
s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $sq`
[ -n "$res" ] || res=$2
echo "$res"
}

#
# Try to increase the # of filedescriptors we can open.
#
maxfds () {
[ -n "$SQUID_MAXFD" ] || return
[ -f /proc/sys/fs/file-max ] || return 0
global_file_max=`cat /proc/sys/fs/file-max`
minimal_file_max=$(($SQUID_MAXFD + 4096))
if [ "$global_file_max" -lt $minimal_file_max ]
then
echo $minimal_file_max > /proc/sys/fs/file-max
fi
ulimit -n $SQUID_MAXFD
}

start () {
cdr=`grepconf2 cache_dir /var/spool/$NAME`
ctp=`grepconf cache_dir ufs`

case "$cdr" in
[0-9]*)
log_failure_msg "squid: squid.conf contains 2.2.5 syntax - not starting!"
log_end_msg 1
exit 1
;;
esac

#
# Create spool dirs if they don't exist.
#
if [ -d "$cdr" -a ! -d "$cdr/00" ] || [ "$ctp" = "coss" -a ! -w "$cdr" ]
then
log_warning_msg "Creating squid cache structure"
$DAEMON $SQUID_ARGS -z
fi

if [ "$CHUID" = "" ]; then
CHUID=root
fi

#maxfds
ulimit -n 8192
umask 027
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--chuid $CHUID \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
return $?
}

stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --name squid
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
log_action_begin_msg " Waiting"
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 24 ]
then
log_action_end_msg 1
return 1
fi
sleep 5
log_action_cont_msg ""
done
log_action_end_msg 0
return 0
else
return 0
fi
}

case "$1" in
start)
log_daemon_msg "Starting Squid HTTP proxy" "squid"
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
stop)
log_daemon_msg "Stopping Squid HTTP proxy" "squid"
if stop ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
reload|force-reload)
log_action_msg "Reloading Squid configuration files"
$DAEMON -k reconfigure
log_action_end_msg 0
;;
restart)
log_daemon_msg "Restarting Squid HTTP proxy" "squid"
stop
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
status)
status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $?
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}"
exit 3
;;
esac

exit 0

 
kalau sudah anda tekan ctrl+x terus anda ketik y terus enter untuk menyimpan hasil perubahan isi di /etc/init.d/squid. terus anda ketik perintah lagi :
root@proxyku:~#chmod +x /etc/init.d/squid

kalau sudah kita bisa stop squidnya dengan perintah:
root@proxyku:~#/etc/init.d/squid stop
kalau sudah anda download dulu squid.conf di sinihttp://www.4*shared.com/file/3h7a3MpJ/autobia.html
terus anda pastekan isinya ke ubuntu lewat WinSCP.
Bagi yang bingung remote dengan winscp, isi Hostname dengan IP addressnya ubuntu (192.168.3.2 ) Username : root password : proxyku .
terus anda tinggal drag and drop file yang ada di cpu anda ke cpu ubuntu.
kalua sudah anda lanjutkan dengan Memberikan permission pada folder cache dengan perintah :
root@proxyku:~#chown proxy : proxy/cache
root@proxyku:~#chmod 777 /cache
root@proxyku:~#chown proxy : proxy/etc/squid/storeurl.pl
root@proxyku:~#chmod 777 /etc/squid/storeurl.pl



kalau sudah selesai lanjuutkan dengan membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah :
root@proxyku:~#squid -f /etc/squid/squid.conf -z

lalu anda restart squidnya dengan perintah :
root@proxyku:~#/etc/init.d/squid restart
kalau sudah selesai anda setting mikrotiknya seperti dibawah ini :

Masukkan ini di mangle :
IP FIREWALL ADDRESS-LIST :Buat manggle browsing :

/ip firewall mangle
add action=mark-connection chain=forward comment="ALL_Conection"\
new-connection-mark=users_con protocol=tcp dst.port=80 disable=no\
passthrough=yes

/ip firewall mangle
add action=mark-packet chain=forward comment="ALL_Connection_Paket" \
connection-mark=users_con disabled=no new-packet-mark="all_pkt" \
passthrough=no

Buat queue treenya

/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=1000000 max-limit=1000000 name="Browsing_down" \
packet-mark=all_pkt parent=global-out priority=8 \
queue="default-smal"

/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=256000 max-limit=256000 name="Browsing_ups" \
packet-mark=all_pkt parent=global-out priority=8 \
queue=default-smal


Buat Manggle game Online :

Di paket kan dulu Semua Game nya:

/ip firewall mangle
add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=no new-packet-mark="GAME PAKET" \
passthrough=no

terus buat mark-connection tiap game :

Mangle POKER tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="POKER KONEKSI" \
disabled=no dst-port=9339,843 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp

Mangle AYODANCE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="AYODANCE KONEKSI" \
disabled=no dst-port=18901,18902,18903,18904,18905,18906,18907,189 08,18909 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp

Mangle POINT BLANK udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="POINT BLANK KONEKSI UDP" \
disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp

Mangle POINT BLANK tcp port
/ip firewall mangle
add chain=prerouting action=mark-connection \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp \
dst-address=203.89.146.0/23 dst-port=39190 comment="POINT BLANK KONEKSI TCP"

Mangle DOTA tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="DOTTA KONEKSI" \
disabled=no dst-port=6000-6152 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp

Mangle CROSS FIRE tcp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CROSS FIRE KONEKSI TCP" \
disabled=no dst-port=10009 new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=tcp

Mangle CROSS FIRE udp port
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CROSS FIRE KONEKSI UDP" \
disabled=no dst-port=40000-40010 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp

Untuk game Online yang belum ada bisa agan tambah sendiri, kuncinya ada di dst.port sama dst addressnya (kalau ada).

Selanjutnya Buat queue tree nya:

/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=Game_down \
packet-mark=GAME PAKET parent=global-out priority=1 \
queue=default-small

/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=Game_ups \
packet-mark=GAME PAKET parent=ether1 priority=1 \
queue=default-small

NB: ether1 adalah ip address modem / Wan / Public di mikrotik

Buat Limit user yang pakai IDM dan software sejenisnya :

kita limit menurut jenis ekstensinya dengan layer7-protocol

/ip firewall layer7-protocol
add name="Extension \" .exe \"" regexp="^.*get.+\\.exe.*\$"
add name="Extension \" .rar\"" regexp="^.*get.+\\.rar.*\$"
add name="Extension \" .zip\"" regexp="^.*get.+\\.zip.*\$"

Diatas Ts hanya menulis beberapa ekstencynya, bisa agan tambah sendiri (mis: .mp3 / . 3gp / .7zip / dll.

Terus kita buat manglenya

/ip firewall mangle
add action=mark-connection chain=forward disabled=no layer7-protocol=\
"Extension \" .exe \"" new-connection-mark=exe_conn passthrough=yes \
protocol=tcp

add action=mark-connection chain=forward disabled=no layer7-protocol=\
"Extension \" .zip\"" new-connection-mark=zip_conn passthrough=yes \
protocol=tcp

add action=mark-connection chain=forward disabled=no layer7-protocol=\
"Extension \" .rar\"" new-connection-mark=rar_conn passthrough=yes \
protocol=tcp

add action=mark-packet chain=forward connection-mark=exe_conn\
disabled=no new-packet-mark=exe passthrough=no

add action=mark-packet chain=forward connection-mark=rar_conn\
disabled=no new-packet-mark=rar passthrough=no

add action=mark-packet chain=forward connection-mark=zip_conn\
disabled=no new-packet-mark=zip passthrough=no

Terus kita buat queue tree nya buat limit :

kita buat parentnya dulu
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no\
limit-at=500000 max-limit=500000 name=DW.FILES\
parent=global-out priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no\
limit-at=125000 max-limit=0 name=ZIP packet-mark=zip\
parent=DW.FILES priority=8 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no\
limit-at=125000 max-limit=125000 name=EXE \
packet-mark=exe parent=DW.FILES priority=8 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no\
limit-at=125000 max-limit=125000 name=RAR\
packet-mark=rar parent=DW.FILES priority=8 queue=default

Nb: disini per ekstency kita limit 125k atau 12Kb/det kecepatan downloadnya dengan total limit 500k (misal kita download 3 file rar dan 2 file exe secara bersamaan ,masing2 tidak akan dapat 12 kb/ detik karena max.limitnya 500k atau 50 kb/detik jadi total ada 5 file download yang akan mendapat bandwidth 50 kb/detik : 5 = 10 kb/detik.)

Buat yang suka buka youtub*** dan situs streaming biar gak ngabisin bandwidth Browsingnya :

Kita pakai layer7-protocol lagi

/ip firewall layer7-protocol
add name=http-video regexp="http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)"

Kita buat mangle nya :

/ip frewall mangle
add action=mark-connection chain=postrouting comment="http-video-connection" \
disabled=no layer7-protocol=http-video new-connection-mark=http-videos \
protocol=tcp dst.port=80 passthrough=yes

/ip frewall mangle
add action=mark-packet chain=postrouting comment="http-video'' \
disabled=no connection-mark=http-videos \
new-packet-mark=http-video-pkt passthrough=no

terus kita buat queue tree nya :

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256000 \
max-limit=300000 name=http-vidio parent=global-out priority=8 \
packet-marks=http-video-pkt queue type=default
(Bila ada Game online yang punya Ip address masukkan aja di ADDRESS-LIST dengan nama GAMES biar gamenya gak ke cache sama proxynya)

IP FIREWALL NAT :
0;;;; Nat Proxy
chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=3128 protocol=tcp src-address-list=LocalNet dst-address-list=!ProxyNet dst-port=80,8080,3128

1 Nat Client
chain=srcnat action=masquerade out-interface=ether1-gateway (klo modem mode bridge anda rubah out-interface=ether1 jadi out-interface=pppoe-out )

2 ;;; Proxy Out
chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 192.168.1.2
src-address=IP LOKAL ANDA misalnya 192.168.2.1
4 chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53
5 ;;; SSH
chain=dstnat action=dst-nat to-addresses=192.168.3.2 to-ports=22
protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000

Untuk Bandwidth management lihat lanjutan di bawah.
NB: Disini saya asumsuikan anda sudah bisa setting dasar Mikrotik, bagi yang belum bisa saya tidak akan menerangkan disini, anda bisa main-main ke sinihttp://www.kaskus.us/showthread.php?t=8839596kalau pengen belajar mikrotik.

SAMPAI DISINI KITA SUDAH SELESAI MEMBUAT MIKROTIK + EXTERNAL PROXY UBUNTU SERVER 10.10
Bagaimana kita bisa tahu bahwa squid proxy kita sudah jalan???? kita balik maneng neng Putty kita tulis perintah :

root@proxyku:~#tail -f /var/log/squid/access.log enter

Ts sudah tes di warnet Ts sendiri dan hasilnya wussssss buat cache vidio sama patch/update game Online.

untuk clear cache bisa pakai ini :


kalau paling mudah lewat webmin langsung direbuild, kalau mau lewat terminal agan ikuti langkah ini :
1. Matikan squid proxy-nya
Code:

# service squid stop && squid -k shutdown

2. hapus semua file dan folder cache-nya,
harus diketahui terlebih dahulu lokasi cache-nya....
Code:

# rm -fdR /[lokasi_cache_folder]/*

jangan lupa hapus juga log-nya biar seperti baru...
Code:

# rm -fd /var/log/squid/*

3. bangun kembali cache folder-nya...
Code:

# squid -z

4. jalankan kembali squid-nya
Code:

# service squid start atau /etc/init.d/squid/restart

Read More
Subscribe to: Posts (Atom)