SQUID DENGAN ROUTER UBUNTU

oke pertama kita install squid :

=>apt-get install squid

Untuk squid3 :

=>Apt-get install squid3

Kemudian edit squid.conf :

=>pico /etc/squid/squid.conf

Edit di bagian :

http_port 3128  http_port 3128 transparent  acl localnet src 192.168.0.0/24  sesuaikan dengan ip yang di direct squid (ip eth1) #http_access allow localnet  uncomment /hilangkan “#”

Dari sini kita dah bs jaln kan squid, tetapi minimal….sementara tweaking saya :

# WELCOME TO SQUID 2.7.STABLE9  # —————————- # apabila squid anda berauthenthik/memakai radius#————————Start—————————— auth_param basic program /usr/local/squid/libexec/squid_radius_auth -h 10.1.0.1 -w test123 auth_param basic children 5 auth_param basic realm HAYOOO>>>>ANDA MAU MASUK DENGAN PAKSA, SAMI MAWON MAS LOGIN auth_param basic credentialsttl 24 hours auth_param basic casesensitive off ### ACL untuk Radius ### acl radiusauth proxy_auth REQUIRED ### ALLOW for RADIUS AUTH http_access allow radiusauth # ————————–end——————————– #Recommended minimum configuration: acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.1.0.0/24 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/24# RFC1918 possible internal network # acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all #Allow ICP queries from local networks only icp_access allow localnet icp_access deny all # Squid normally listens to port 3128 http_port 3128 transparent #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? cache_mem 128 MB maximum_object_size_in_memory 8 MB cache_dir ufs /var/spool/squid 5000 16 256 store_dir_select_algorithm least-load minimum_object_size 0 KB maximum_object_size 204800 KB cache_swap_low 90 cache_swap_high 95 access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880 refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-expire refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 10080 100% 4320 override-expire override-lastmod reload-into-ims refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire override-lastmod reload-into-ims ignore-reload # example line deb packages #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT

update 1:

disini

kemudian kita buat iptable untuk direct client ke squid :

=>pico /etc/rc.local

Tambahkan iptable ini …………………..
mengunakan ubuntu router :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

apabila mengunakan mikrotik, maka buat rule di mikrotik :

ip firewall nat add action=dst-nat chain=dstnat comment=”” src-address= disabled=no dst-port=80 protocol=tcp to-addresses= to-ports=

ato kalo pengen panjang :

ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.200.1.1 to-ports=3128 \  protocol=tcp src-address=!192.200.1.0 src-address-list=192.200.1.2,192.200.1.3,192.200.1.4 \ in-interface=ether1 dst-port=80

kemudian simpan dan reboot
cek mengunakan :

tail –f /var/log/squid/access.log

cek perform :
squidclient -h 192.168.1.x -p 3128 mgr:info
squidclient -h 127.0.0.1 mgr:info

Sumber

Read more »

UBUNTU ROUTER

Ubuntu router

• Topo logi
Modem—ubuntu—client
Setelah install ubuntu selesai

• Tinggal setting ethr0-eth1
Sesuaikan dengan kebutuhan….

=>Pico /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 202.134.1.10

auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
lalu simpan

*catatan (eth0=wan, eth1=lan)

• Seting forward
=>Pico /etc/sysctl.conf
Cari kata # net.ipv4.ip_forward=1
Hilangkan “#”
Lalu simpan

• Seting dns selain pake bind9
=>pico /etc/resolv.conf
Lalu ketik dns yang di inginkan missal:
nameserver 202.134.1.10
lalu simpan

• Lalu kita buat nat
Agar iptable selalu starup kita buat di /etc/rc.local sebagi boot up ubuntu
=>Pico /etc/rc.local
Lalu ketik ip table ini
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
lalu simpan

selesai

Sumber

Read more »

MIKROTIK DAN EXTERNAL PROXY

Topologi jaringan

ada beberapa topolagi jaringan yang dapat kita terapkan :

1. modem—->squid(router)—->mikrotik(brige/router)—->client
2. modem —->mikrotik (bridge/router)—->squid(bridge)—->client
3. modem —–>mikrotik (bridge/router)—->client

————————-|squid

topologi no. 1 dan no.2 sanagt mudah di konfigurasi karena tidak ada keterkaitan secara langsung antara mikrotik dan squid, kita akan membuat topologi no.3, meskipun menurut saya untuk tingkat HIT lebih besar pada topologi no.1 akan tetapi no.3 lebih diminati oleh admin jaringan.

Gambar rencana jaringan :

keterangan :

IP modem : 192.200.1.1/24

IP mikrotik :
wan : 192.200.1.2/24, gateway;192.200.1.1
proxy :192.168.10.2/24
lan : 192.168.1.1/24

IP Mesin Proxy : 192.168.10.1/24, gateway : 192.168.10.2

Alat yang di butuhkan :

1. mikrotik router dengan 3 ether
2. mesin squid dengan 1 ether

kita asumsikan mikrotik sudah terinstall dengan baik, dan mesin squid terinstall dengan baik juga, distro yang saya gunakan ubuntu server 10.10 dan squid 2.7 stable9. oke kita mulai………………
1. Seting Ubuntu Sebagai Mesin Squid
setelah ubuntu terinstal dengan baik kita seting interface :
masuk root:

sudo su

pico /etc/network/interfaces  # The primary network interface auto eth0 iface eth0 inet static address 192.168.10.1 netmask 255.255.255.0 network 192.168.10.0 broadcast 192.168.10.255 gateway 192.168.10.2 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 202.134.1.10 dns-search faish.com

kemudian update terlebih dahulu ubuntu:

apt-get update

kemudian install squid :

apt-get install squid

kemudian setting squid.conf

pico /etc/squid/squid.conf

setingan sementara squid.conf
bs di download disini
***nb: sesuaikan dengan kondisi squid anda, terutama “cache_dir”
2. Seting Mikrotik

• Beri nama ethernet

[admin@MikroTik] > interface [admin@MikroTik] interface> print Flags: X – disabled, D – dynamic, R – running # NAME TYPE RX-RATE TX-RATE MTU 0 R ether0 ether 0 0 1500 1 R ether1 ether 0 0 1500 2 R ether2 ether 0 0 1500 [admin@MikroTik] interface> edit 0 name —->isikan publik [admin@MikroTik] interface> edit 1 name —->isikan proxy [admin@MikroTik] interface> edit 2 name —->isikan local

dengan winbox :


• Membuat ip di masing2 ethernet

ip address add address 192.200.1.2/24 interface publik ip address add address 192.168.10.2/24 interface proxy ip address add address 192.168.1.1/24 interface local

dengan winbox :


• Membuat gateway

Ip route add gateway 192.200.1.1

dengan winbox :


• Membuat NAT
untuk nat masquerade :


ip firewall nat add chain srcnat action masquerade out-interface publik

untuk nat direct proxy :


ip firewall nat add action=dst-nat chain=dstnat comment=”ke proxy” src-address=!192.168.10.0/24 disabled=no dst-port=80 protocol=tcp to-addresses=192.168.10.1 to-ports=3128

dengan winbox


• membuat DNS

ip dns set primary-dns 202.134.1.10 secondary-dns 208.67.222.222

dengan winbox :

hasil akhir dengan winbox





Sumber

Read more »