SQUID DENGAN ROUTER UBUNTU

oke pertama kita install squid :

=>apt-get install squid

Untuk squid3 :

=>Apt-get install squid3

Kemudian edit squid.conf :

=>pico /etc/squid/squid.conf

Edit di bagian :

http_port 3128  http_port 3128 transparent  acl localnet src 192.168.0.0/24  sesuaikan dengan ip yang di direct squid (ip eth1) #http_access allow localnet  uncomment /hilangkan “#”

Dari sini kita dah bs jaln kan squid, tetapi minimal….sementara tweaking saya :

# WELCOME TO SQUID 2.7.STABLE9  # —————————- # apabila squid anda berauthenthik/memakai radius#————————Start—————————— auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123 auth_param basic children 5 auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN auth_param basic credentialsttl 24 hours auth_param basic casesensitive off ### ACL untuk Radius ### acl radiusauth proxy_auth REQUIRED ### ALLOW for RADIUS AUTH http_access allow radiusauth # ————————–end——————————– #Recommended minimum configuration: acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.1.0.0/24 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/24# RFC1918 possible internal network # acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all #Allow ICP queries from local networks only icp_access allow localnet icp_access deny all # Squid normally listens to port 3128 http_port 3128 transparent #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? cache_mem 128 MB maximum_object_size_in_memory 8 MB cache_dir ufs /var/spool/squid 5000 16 256 store_dir_select_algorithm least-load minimum_object_size 0 KB maximum_object_size 204800 KB cache_swap_low 90 cache_swap_high 95 access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880 refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload # example line deb packages #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT

update 1:

disini

kemudian kita buat iptable untuk direct client ke squid :

=>pico /etc/rc.local

Tambahkan iptable ini …………………..
mengunakan ubuntu router :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

apabila mengunakan mikrotik, maka buat rule di mikrotik :

ip firewall nat add action=dst-nat chain=dstnat comment=”” src-address= disabled=no dst-port=80 protocol=tcp to-addresses= to-ports=

ato kalo pengen panjang :

ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.200.1.1 to-ports=3128 \  protocol=tcp src-address=!192.200.1.0 src-address-list=192.200.1.2,192.200.1.3,192.200.1.4 \ in-interface=ether1 dst-port=80

kemudian simpan dan reboot
cek mengunakan :

tail –f /var/log/squid/access.log

cek perform :
squidclient -h 192.168.1.x -p 3128 mgr:info
squidclient -h 127.0.0.1 mgr:info

Sumber