Rabu, 29 Februari 2012

settingan terbaik mikrotik untuk warnet dan game online

sebelum saya menginjakkan kaki dari dunia perwarnetan dan saya serius kuliah saya pengen tulis ini dulu :D, menurut saya ini adalah settingan terbaik mikrotik untuk warnet baik small dan large (up to 200) client.
saya pake mikrotik di 19 client warnet (termasuk server dan client), dimana 8 PC games, dan 10 PC internet biasa.
saya anggap Anda sudah mengerti script mikrotik dan interface sudah jelas serta sudah connect internet (masquarade) jadi tinggal lewat winbox saja.
sebelumnya saya pake router PC dengan mikrotik generate an v3.22. dengan spesifikasi processor dual core dan bisa dilihat digambar:


mikrotik saya bekerja pada jaringan internet speedy 3 Mbps.

berikut interface saya:
# NAME TYPE MTU
0 R SPEEDY ether 1500
1 R LAN ether 1500
2 X OnBoard ether 1500
dan menganut topologi jaringan untuk port 80 seperti ini:
Internet -> Mikrotik -> Web Proxy -> Client.
dan untuk port lain contoh 443, dan 21, direct tanpa ke web proxy
Internet -> Mikrotik -> Client.
baik mari kita mulai set up.
1. enable kan proxy server internal mikrotik.


enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: “deenet@bulak”
max-cache-size: unlimited
cache-on-disk: yes
max-client-connections: 950
max-server-connections: 950
max-fresh-time: 2w5d19m
serialize-connections: no
always-from-cache: yes
cache-hit-dscp: 4
cache-drive: secondary-master
lanjut ke step ke 2
2. route semua request 80 dari client di interface LAN (192.168.1.0/24) jadi redirect ke 8080 (proxy) dari NAT FIREWALL
nat
chain=dstnat
action=redirect
to-ports=8080
protocol=tcp

src-address=192.168.1.0/24
in-interface=LAN
dst-port=80
oke proxy secara penuh sudah berjalan untuk semua client kemudian lanjut ke no 3 kita set up MANGLE
3. pada set up mangle ini langkah harus diperhatikan ! dan peletakan rules harus sesuai! gak boleh keliru.
mangle
a. mangle pertama
0 ;;; HIT TRAFFIC FROM PROXY
chain=output out-interface=lan
dscp=4 action=mark-packet
new-packet-mark=proxy-hit passthrough=no
b. mangle kedua, ketiga dan keempat, berurutan
1 ;;; UP TRAFFIC
chain=prerouting in-interface=lan
src-address=192.168.1.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
2 ;;; CONN-MARK
chain=forward src-address=192.168.1.0/24
action=mark-connection
new-connection-mark=test-conn passthrough=yes
3 ;;; DOWN-DIRECT CONNECTION
chain=forward in-interface=public
connection-mark=test-conn action=mark-packet
new-packet-mark=test-down passthrough=no
4 ;;; DOWN-VIA PROXY
chain=output out-interface=lan
dst-address=192.168.1.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no
1/ip firewall mangle add chain=output out-interface=lan dscp=4 action=mark-packet new-packet-mark=proxy-hit passthrough=no comment="HIT TRAFFIC FROM PROXY";
2/ip firewall mangle add chain=prerouting in-interface=lan src-address=192.168.1.0/24 action=mark-packet new-packet-mark=test-up passthrough=no comment="UP TRAFFIC";
3/ip firewall mangle add chain=forward src-address=192.168.1.0/24 action=mark-connection new-connection-mark=test-conn passthrough=yes comment="CONN-MARK";
4/ip firewall mangle add chain=forward in-interface=speedy connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no comment="DOWN DIRECT CONNECTION";
5/ip firewall mangle add chain=output out-interface=lan dst-address=192.168.1.0/24 action=mark-packet new-packet-mark=test-down passthrough=no comment="DOWN VIA PROXY";
oke dah selesai dari sini kita tinggal atur bandwith per client dari simple queues biar gak ada yang nyedot bandwith.
4. buat simple queues dengan packet mark “test-down”
queues1
queues2
name=”Client 1″
target-addresses=192.168.1.221/32
dst-address=0.0.0.0/0
interface=all
parent=none
packet-marks=test-down
direction=both
priority=8
queue=default-small/default-small
limit-at=0/0
max-limit=384000/384000
burst-limit=0/0
burst-threshold=0/0
burst-time=0s/0s
total-queue=default-small
ingat yang di mark packet nya itu ‘test-down’ karena tadi di Mangle atas kita sudah tandai bahwa packet ‘test-down’ ialah packet request dan upload dari client ke internet (modem).
sementara queues akan meng loss bandwith dari proxy server (ROS) ke client.
oke now done, logika settingan diatas ialah untuk membedakan koneksi antara koneksi ke proxy dan ke internet.
sebagai contoh saya setting koneksi per client ialah 384/384 sehingga tidak ada rebutan bandwith, tentu saja maximal download client walaupun pake IDM ialah 40 – 50 KBps.
tapi jika mereka download pertama kali kemudian melakukan cache di proxy server MT untuk koneksi kedua dari client lain koneksi tidak akan ke internet melainkan ke proxy server MT dan LOSS tidak terkena queues 384/384.
ibarat kata ‘supaya proxy server tidak terkena queues’ ini contoh settingan simple queues saya.
yes
01{
02:local strPC
03:set strPC "Client"
04:local interfacenya
05:set interfacenya "lan"
06:local ipnya
07:set ipnya "192.168.1."
08:local iprouternya
09:set iprouternya 1
10:local limitnya
11:set limitnya "256000/256000"
12:local maxlimitnya
13:set maxlimitnya "384000/384000"
14:local startipnya
15:set startipnya 2
16:local endipnya
17:set endipnya 50
18:for i from=$startipnya to=$endipnya do={
19:if ($i < 10) do={ :set strPC "Client0" } else={ :set strPC "Client" }
20/queue simple add packet-marks=test-down target-addresses=($ipnya . $i) limit-at=$limitnya max-limit=$maxlimitnya interface=$interfacenya name=($strPC . $i)}
21/queue simple remove [/queue simple find target-addresses=($ipnya . $iprouternya . "/32")]
22}
dan ini screenshot untuk koneksi ke dua download dari client alias dari proxy yang gak kena queues
54049335
ini juga setelah tercache oleh proxy
asd
Good Luck!

Blocking Multi Keywords With Mikrotik Proxy

Bentar ya gue mau ketawa dulu,,wkkk.wkkkwkk…Ketawa karena bisa juga. Jadi suatu saat bos gue curhat “Bisa ga kl di Mikrotik kl kita ketikin word Porno di Google itu bisa ke blok”. Gue bilang aja belum pernah,,tapi diem2 gue curhat sama mbah Google eh ternyata bisa tapi pake IP PROXY. Tapi jangan seneng dulu, di INTERNET rata2 scriptnya pake versi mikrotik 2.9.27. hikz..hikzz. ga sesuai dunks sama versi mikrotik gue 5.beta04. Akhirnya dengan niat yang tulus akhirnya gue bisa jg..HORE..HORE…
Berikut langkah-langkahnya :…..
1. Aktifkan ip web proxy,, mudah ko :
[wiwid@MikrotiQu] > ip proxy set enabled=yes port=8080 parent-proxy=0.0.0.0 max-cache-size=4000 cache-on-disk=yes
gw jelasin dikit ya,, “cache-administrator=”Mang ENaK, DI BLOK YA”” akan muncul pas page error..tinggal selera anda,, tulisannya mau seperti apa. Cache-0n-disk boleh yes atau no. Kalo “YES” Berarti memory lw akan dipakai sebesar cache yang diset.
Penasaran ya

ketika di print seperti ini :
[wiwid@MikrotiQu] > ip proxy prin
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0
parent-proxy-port: 8080
cache-administrator: “Mang ENaK, DI BLOK YA”
max-cache-size: 4000KiB
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: system
2. Buat NAT Proxynya,,disini ada proses redirect dari Port 80 (http) Ke Port 8080 (Proxy)
/ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \
src-address=192.168.1.0/29 to-ports=8080
src-address merupakan IP LAN anda,, jadi silahkan ganti..he.he..
OK, ini bagian yang penting..Kenapa ?? karena ini intinya…he.he..he. rule nya
3. kita mau blok, url yang berawalan mail, baik itu gmail.com, mail.jetcoms.net, dll.
4. mau blok kata-kata, maksudnya jika kita ketik kata misalkan “PORNO” di Google, maka akan error atau ke BLOK..
OK, lanjut…
/ip proxy access
add action=deny disabled=no path=*porno*
add action=deny disabled=no dst-host=:mail
add action=deny disabled=no path=*testing* redirect-to=http://routerosmikrotik.blogspot.com/
add action=deny disabled=no path=*bola*

Berikut penjelasannya :
Baris pertama, akan blok kata “PORNO yang diketikkan di Google
Baris kedua, akan blok url yang berawalan “mail”
Baris ketiga, akan blok kata “testing” dengan redirect atau melempar ke url “http://routerosmikrotik.blogspot.com/”
Baris keempat, sama dengan baris pertama yaitu akan blok kata “BOLA yang diketikkan di Google
Berikut ScreenShotnya.

Learning By Doing

TUNNELING VPN SERVER DI MIKROTIK

Pada tulisan sebelumnya saya menjanjikan untuk membahas mengenai implementasi VPN dengan menggunakan Mikrotik dan ClarckConnect. Pada kesempatan ini saya akan memberikan contoh konfigurasi VPN pada Mikrotik dengan menggunakan metode PPTP Server. Dalam contoh ini saya mensimulasikan  Remote Acces VPN, yaitu membuat koneksi VPN dari mobile user ke Jaringan Lan Kantor
Dalam simulasi ini saya menggunakan Mikrotik dengan dua buah ethernet, satu terhubung dengan internet (WAN) dan satunya terhubung dengan jaringan lokal (LAN).  Mengenai konfigurasi Mikrotik agar bisa terkoneksi  ke internet (konfig IP, Gateway, DNS dan NAT) tidak saya jelaskan lagi karena saya yakin semuanya sudah bisa. Konfigurasi PPTP Server Mikrotik adalah sebagai berikut:
Mengaktifkan fungsi PPTP Server pada Mikrotik
[admin@MikroTik] > interface pptp-server server set enabled=yesMembuat user Client
[admin@MikroTik] > ppp secret add name=user1 service=pptp local-address=192.168.0.1 remote-address=192.168.0.150 password=error07
Menambahkan User Client pada PPTP Server
[admin@MikroTik] > interface pptp-server add name=laptop-1 user=user1
Koneksi VPN sudah bisa digunakan setelah kita  melakukan penambahan user client pada PPTP Server, namun koneksi tersebut hanya bisa mengakses ethernet LAN Mikrotik (192.168.0.1) saja. Supaya bisa melakukan akses ke jaringan lokal Kantor , ethernet LAN Mikrotik perlu dikonfigurasi sebagai “proxy arp”
[admin@MikroTik] > interface ethernet set LAN arp=proxy-arp

Konfigurasi di client Windows XP
Diatas telah dijelaskan bagaimana membuat  PPTP VPN Server dengan Mikrotik, sekarang saya akan jelaskan bagaimana konfigurasi client PPTP VPN yang mengunakan Sistem Operasi Windows XP. Pertama kita masuk ke Network Connection yang terdapat dalam Control Panel, kita buat koneksi baru dengan mengklik Create New Connection yang ada pada sidebar kiri. Kita akan memilih Connect to the network at workplace pada pilihan  Network Connetion Type. Pada pilihan Network Connection kita pilih Virtual Private Network Connection dan kita namakan koneksi ini sesuai dengan keinginan kita dalam contoh ini saya beri nama Test VPN.Pada pilihan Pubic Network, kita abaikan saja pilihan Automaticaly dial this initial connection, jika kita tidak menggunakan koneksi dial-up untuk internet. Selanjutnya pada pilihan VPN Server Selection, kita isi dengan IP address VPN Server yang telah kita buat, dalam contoh ini saya menggunakan IP 10.11.12.2 yang merupakan IP WAN router saya. Pada proses finishing konfigurasi  kita bisa menambahkan shorcut koneksi VPN ini ke desktop komputer kita, untuk selanjutnya akan kita coba dengan memasukkan user dan password yang telah dibuat pada VPN Server.Jika konfigurasi kita berhasil maka kita akan bisa melakukan komunikasi dengan jaringan yang berada dalam LAN Kantor . Okeh sekian dulu cerita bersambung saya ini… nanti kita lanjutkan lagi dengan konfigurasi VPN Server pada Clarck Connet (masih nyari Pcnya buat diinstall ClarckConnect) jika merasa terbantu dengan cerita ini jangan lupa COMMENTNYA okey….

Jumat, 24 Februari 2012

Tutorial Mikrotik Remote PC Dengan VNC

Kali ini saya sempatkan menulis catatan kecil yang mungkin sudah banyak ditulis orang lain. Selain nambah posting, lumayan bisa bikin otak selalu inget. Imam Syafi’ie pernah berkata “Ikatlah ilmu dengan pena” mungkin bahasa gampangnya kalo pengen inget terus sama suatu pelajaran lebih baik dicatet, karena tulisan saya jelek maka catetnya di blog aja .
Topologinya seperti ini :


Dari topologi diatas bisa dilihat kalo kita akan melakukan remote komputer yang terletak di belakang mikrotik. Untuk software remote saya menggunakan UltraVNC free. Modem ADSL saya set bridge, jadi PPPOE lewat mikrotik supaya si RB750 bisa mendapat IP public (110.138.224.***) .
Langkah – langkah yang harus dilakukan :
1. Install ultravnc di komputer yang akan diremote dan di komputer kita (dalam kasus ini laptop saya)
2. Komputer yang akan diremote mempunyai IP 2.2.2.2 dan IP public pada mikrotik anda 110.138.224.***. Untuk melihat IP public anda silahkan masuk ke mikrotik anda, winbox>> IP >> Adressess.

3. Setelah masuk ke mikrotik melalui winbox, silahkan masuk ke IP >> Firewall >> NAT , kemudian bikin NAT baru untuk forward dari IP publik ke komputer yang akan diremote (2.2.2.2) :
chain : dst-nat
dst-adreess : 110.138.224.***
protocol : tcp
dst-port : 5900
in-interface : PPPOE SPIDOL
action : dst-nat
to-address : 2.2.2.2
To-ports : 5900
Berikut ScreenShootnya :


4. Selanjutnya langkah yang terakhir buat NAT lagi, IP >> Firewall >> NAT , yang tentu saja kebalikan dari NAT diatas :
chain : dst-nat
src-address : 2.2.2.0/28
dst-address : 110.138.224.***
protocol : tcp
dst-port : 5900
in-interface : LAN
action : dst-nat
to-address : 2.2.2.2
to-ports : 5900


Nah sudah selesai , cukup mudah bukan ?
Sekarang silahkan anda ke kantor,kampus atau sekolah dan jalankan Ultra VNC viewerkemudian isikan dengan 110.138.224.***::5900



tulisan/tutorial ini juga bisa anda download gratis disini

Setting Load Balancing 2 Speedy Mikrotik RouterOS V.3.x.xx dan V.4.x.xx

Load Balancing 2 Speedy Mikrotik RouterOS V.3.x.xx dan V.4.x.xx

Langka pertama
Ip modem 1 192.168.1.1
Ip modem 2 192.168.2.1
colokkan modem 1 pada ether1
colokkan modem 2 pada ether2
colokkan yang dari hub pada ether3
posisi PPoE dari modem
--------------------------------------------------------------------------
Pada mikrotik
buka pada winbox.
muncul baru pertama kali remove all configuration
--------------------------------------------------------------------------

    /interface
    set 0 name=modem1
    set 1 name=modem2
    set 2 name=lokal

---------------------------------------------------------------------------------------------------------------------------------------
buat IP di masing2 ethernet
---------------------------------------------------------------------------------------------------------------------------------------

    /ip address
    add address=192.168.1.2/24 netmask=255.255.255.0 interface=modem1
    add address=192.168.2.2/24 netmask=255.255.255.0 interface=modem2
    add address=192.168.0.254/24 netmask=255.255.255.0 interface=lokal

---------------------------------------------------------------------------------------------------------------------------------------
buat mangle untuk load balancing
---------------------------------------------------------------------------------------------------------------------------------------

    /ip firewall mangle
    add chain=prerouting in-interface=lokal connection-state=new nth=2,1 action=mark-connection new-connection-mark=speedy1 passthrough=yes
    add chain=prerouting in-interface=Lokal connection-mark=speedy1 action=mark-routing new-routing-mark=speedy1 passthrough=no
    add chain=prerouting in-interface=lokal connection-state=new nth=2,2 action=mark-connection new-connection-mark=speedy2 passthrough=yes
    add chain=prerouting in-interface=Lokal connection-mark=speedy1 action=mark-routing new-routing-mark=speedy2 passthrough=no

---------------------------------------------------------------------------------------------------------------------------------------
buat NAT untuk load balancing
---------------------------------------------------------------------------------------------------------------------------------------

    /ip firewall nat
    chain=srcnat out-interface=modem1 action=masquerade
    chain=srcnat out-interface=modem2 action=masquerade

---------------------------------------------------------------------------------------------------------------------------------------
buat ip route
---------------------------------------------------------------------------------------------------------------------------------------

    /ip route
    add gateway=192.168.1.1
    add gateway=192.168.2.1 routing-mark=speedy2

---------------------------------------------------------------------------------------------------------------------------------------

Tips and Trik
apabila salah satu speedy down, silahkan semua mangle.
misalnya speedy2 down silahkan disable gateway yang mengarah speedy2
misalnya speedy1 down silahkan disable gateway yang mengarah speedy1 dan hilangkan routing-mark speedy2

ROUTER WITH LOAD BALANCING

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment=”” \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment=”” disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment=”” disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment=”” disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment=”” disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment=”” \
disabled=no
Mangle
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment=”” \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment=”” disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment=”” disabled=no
router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama
interface “Local” dan ip address 192.168.0.1/24.
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment=”” disabled=no
NAT
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment=”” disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment=”” disabled=no
Routing
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment=”” \
disabled=no comment=”gateway for the router itself”
NB : NTH yaitu :
Angka Pertama = Every (N)
Angka Kedua = Counter (T)
Angka Ketiga = Packet (H)
1,1,0 berarti
1 ( 2 paket, 0-1)
1 ( 1 paket)
0 ( paket yg pertama)

Setting Hotspot di Mikrotik

  1. Setup hotspot anda
  2. Buat sebuah server Radius
    / radius add service=hotspot address=127.0.0.1 secret=09876
  3. Set profile pada langkah 1 untuk menggunakan Radius Server
    / ip hotspot profile set hsprof1 use-radius=yes
  4. Membuat subscriber
    / tool user-manager customer add login=”kodil” password=”kodil” permissions=owner
  5. Tambahkan Router
    / tool user-manager router add subscriber=kodil ip-address=127.0.0.1 shared-secret=09876
    Selamat mencoba. Silahkan buka browser http://ipmikrotik/userman. anda bisa membuat voucher hotspot dengan mikrotik dan modifikasi halaman login nya

Setting squid web proxy di linux

Tutorial berikut berisi tentang instalasi squid. untuk isi dari squid.conf nya diambil dari tulisan balinux.or.id,
yang dibuat oleh saudara egi (egi@nuxegi.net). untuk isi squid.conf, bisa dimodifikasi sesuai kebutuhan kita
instalasi squid
1. extrak paket
#tar -xvzf squid-2.6.STABLE4.tar.gz
2. kemudian lakukan kompilasi squid
[root@gateway squid-2.6.STABLE4]#./configure –prefix=/usr/local/squid –sysconfdir=/etc/ –enable-gnuregex –enable-icmp –enable-delay-pools –enable-snmp –enable-htcp –enable-ssl –enable-cache-digests –enable-linux-netfilter –enable-large-cache-files –enable-carp –with-pthreads –enable-carp –with-pthreads –enable-storeio=diskd,ufs –enable-removal-policies=heap –enable-arp-acl –enable-forw-via-db –enable-leakfinder –enable-truncate –enable-underscores –enable-stacktraces –enable-dlmalloc
[root@gateway squid-2.6.STABLE4]#make
[root@gateway squid-2.6.STABLE4]#make install
3. buat directory cache, kemudian ubah hak aksesnya
[root@gateway squid-2.6.STABLE4]# mkdir –mode=777 /usr/local/squid/var/cache
[root@gateway squid-2.6.STABLE4]# chown -Rf squid.squid /usr/local/squid/var/cache/
4. buat file access.log dan cache.log
[root@gateway squid-2.6.STABLE4]# touch /usr/local/squid/var/logs/access.log
[root@gateway squid-2.6.STABLE4]# touch /usr/local/squid/var/logs/cache.log
5. buat permission akses filenya
[root@gateway squid-2.6.STABLE4]#chown -Rf squid.squid /usr/local/squid/var/logs/
[root@gateway squid-2.6.STABLE4]#chmod -Rf 777 /usr/local/squid/var/cache/
Editting squid.conf
“file /etc/squid.conf”
# file: Squid.conf
# Creted by : egi@nuxegi.net
#
#————————————————————————–
# Port yang digunakan 8080 atau 3128
#————————————————————————–
http_port 8080
icp_port 3130
#————————————————————————–
# Pilihan proxy
#————————————————————————–
#cache_peer 202.xxx.xxx.xxx parent 8080 3130 no-query default
#cache_peer sv.us.ircache.net parent 3128 3130 login=egi@nuxegi.net.id:FafboluveuvEecgi
#cache_peer sj.us.ircache.net parent 3128 3130 login=egi@nuxegi.net.id:FafboluveuvEecgi
#icp_query_timeout 2000
#maximum_icp_query_timeout 2000
#mcast_icp_query_timeout 2000
#dead_peer_timeout 15 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#prefer_direct off
#————————————————————————–
# Pilihan kebutuhan cache
#————————————————————————–
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB
maximum_object_size 100 MB
maximum_object_size_in_memory 20 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#————————————————————————–
# File Log dan tempat directori cache…direktori cache bisa dibuat lebih dari 1 (satu)
#————————————————————————–
cache_dir diskd /usr/local/squid/var/cache 3000 16 256 Q1=72 Q2=64
store_dir_select_algorithm round-robin
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
emulate_httpd_log off
log_ip_on_direct off
log_fqdn off
log_mime_hdrs off
log_icp_queries off
buffered_logs off
debug_options ALL,1
mime_table /squid/etc/mime.conf
#————————————————————————–
# Options For External Support Programs
#————————————————————————–
ftp_user admin@dapenbni.co.id
ftp_list_width 32
ftp_passive on
#dns_nameservers 202.155.0.10 202.155.0.15
unlinkd_program /usr/local/squid/libexec/unlinkd
redirect_rewrites_host_header on
#————————————————————————–
# Options For Peer Database
#————————————————————————–
digest_generation on
digest_bits_per_entry 10
digest_rebuild_period 30 minutes
digest_rewrite_period 30 minutes
digest_swapout_chunk_size 6000 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
store_dir_select_algorithm round-robin
#————————————————————————–
# Optimalkan cache
#————————————————————————–
request_header_max_size 10 KB
request_body_max_size 3 MB
#reply_body_max_size 500 MB
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.bom\.gov\.au 30 20% 120
refresh_pattern -i \.html$ 480 50% 22160
refresh_pattern -i \.htm$ 480 50% 22160
refresh_pattern -i \.class$ 10080 90% 43200
refresh_pattern -i \.zip$ 10080 90% 43200
refresh_pattern -i \.jpeg$ 10080 90% 43200
refresh_pattern -i \.mid$ 10080 90% 43200
refresh_pattern -i \.shtml$ 480 50% 22160
refresh_pattern -i \.exe$ 10080 90% 43200
refresh_pattern -i \.thm$ 10080 90% 43200
refresh_pattern -i \.wav$ 10080 90% 43200
refresh_pattern -i \.txt$ 10080 90% 43200
refresh_pattern -i \.cab$ 10080 90% 43200
refresh_pattern -i \.au$ 10080 90% 43200
refresh_pattern -i \.mov$ 10080 90% 43200
refresh_pattern -i \.xbm$ 10080 90% 43200
refresh_pattern -i \.ram$ 10080 90% 43200
refresh_pattern -i \.avi$ 10080 90% 43200
refresh_pattern -i \.chtml$ 480 50% 22160
refresh_pattern -i \.thb$ 10080 90% 43200
refresh_pattern -i \.dcr$ 10080 90% 43200
refresh_pattern -i \.bmp$ 10080 90% 43200
refresh_pattern -i \.phtml$ 480 50% 22160
refresh_pattern -i \.mpg$ 10080 90% 43200
refresh_pattern -i \.pdf$ 10080 90% 43200
refresh_pattern -i \.art$ 10080 90% 43200
refresh_pattern -i \.swf$ 10080 90% 43200
refresh_pattern -i \.mp3$ 10080 90% 43200
refresh_pattern -i \.ra$ 10080 90% 43200
refresh_pattern -i \.spl$ 10080 90% 43200
refresh_pattern -i \.viv$ 10080 90% 43200
refresh_pattern -i \.doc$ 10080 90% 43200
refresh_pattern -i \.gz$ 10080 90% 43200
refresh_pattern -i \.Z$ 10080 90% 43200
refresh_pattern -i \.tgz$ 10080 90% 43200
refresh_pattern -i \.tar$ 10080 90% 43200
refresh_pattern -i \.vrm$ 10080 90% 43200
refresh_pattern -i \.vrml$ 10080 90% 43200
refresh_pattern -i \.aif$ 10080 90% 43200
refresh_pattern -i \.aifc$ 10080 90% 43200
refresh_pattern -i \.aiff$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.c$ 10080 90% 43200
refresh_pattern -i \.cpt$ 10080 90% 43200
refresh_pattern -i \.dir$ 10080 90% 43200
refresh_pattern -i \.dxr$ 10080 90% 43200
refresh_pattern -i \.hqx$ 10080 90% 43200
refresh_pattern -i \.jpe$ 10080 90% 43200
refresh_pattern -i \.lha$ 10080 90% 43200
refresh_pattern -i \.lzh$ 10080 90% 43200
refresh_pattern -i \.midi$ 10080 90% 43200
refresh_pattern -i \.movie$ 10080 90% 43200
refresh_pattern -i \.mp2$ 10080 90% 43200
refresh_pattern -i \.mpe$ 10080 90% 43200
refresh_pattern -i \.mpeg$ 10080 90% 43200
refresh_pattern -i \.mpga$ 10080 90% 43200
refresh_pattern -i \.pl$ 10080 90% 43200
refresh_pattern -i \.ppt$ 10080 90% 43200
refresh_pattern -i \.ps$ 10080 90% 43200
refresh_pattern -i \.qt$ 10080 90% 43200
refresh_pattern -i \.qtm$ 10080 90% 43200
refresh_pattern -i \.ras$ 10080 90% 43200
refresh_pattern -i \.sea$ 10080 90% 43200
refresh_pattern -i \.sit$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
refresh_pattern -i \.snd$ 10080 90% 43200
refresh_pattern -i \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
#reference_age 1 month
quick_abort_min 16 KB
quick_abort_max 32 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
range_offset_limit 0 KB
connect_timeout 360 seconds
read_timeout 15 minutes
request_timeout 360 seconds
client_lifetime 100 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
announce_period 7 day
#————————————————————————–
# Timeouts
#————————————————————————–
connect_timeout 120 seconds
peer_connect_timeout 60 seconds
#siteselect_timeout 6 seconds
read_timeout 5 minutes
request_timeout 20 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 60 seconds
ident_timeout 5 seconds
shutdown_lifetime 30 seconds
#————————————————————————–
# Informasi Administrativ
#————————————————————————–
cache_mgr admin@dapenbni.co.id
cache_effective_user squid
cache_effective_group squid
visible_hostname gateway.dapenbni.co.id
unique_hostname gateway.dapenbni.co.id
#————————————————————————–
# Cache
#————————————————————————–
announce_host gateway.dapenbni.co.id
announce_port 8080
#————————————————————————–
# Kebutuhan Transparent Proxy
#————————————————————————–
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off
#————————————————————————–
# Lain-lain
#————————————————————————–
logfile_rotate 5
memory_pools on
memory_pools_limit 200 MB
forwarded_for on
log_icp_queries on
icp_hit_stale on
minimum_direct_hops 5
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 1 minutes
query_icmp on
test_reachability on
reload_into_ims on
#fake_user_agent SiNK1NGfuNK/1.0 (CP/M; 128-bit)
#————————————————————————–
# Manajemen Akses
#————————————————————————–
acl all src 0/0
acl internal src 192.168.0.0/24
acl allowedhost src 202.xxx.xxx.xxx
#acl blok url_regex -i gohip
#acl blok1 url_regex -i bonzi
#acl blok2 url_regex -i lolitas
#acl blok3 url_regex -i passthison
#acl blok4 url_regex -i dewisex
#acl blok5 url_regex -i lolitasworld
#acl blok6 url_regex -i netsetter
acl localservers src 202.xxx.xxx.xxx
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 808 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
always_direct allow localhost
always_direct allow internal
always_direct allow allowedhost
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny blok
#http_access deny blok1
#http_access deny blok2
#http_access deny blok3
#http_access deny blok4
#http_access deny blok5
#http_access deny blok6
http_access allow localhost
http_access allow internal
http_access allow allowedhost
http_access allow localservers
http_access deny all
icp_access allow all
miss_access allow all
#snmp_access allow localhost
#snmp_access deny all
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow snmppublic allowed_hosts
#snmp_access deny all
never_direct allow all
#————————————————————————–
# Parameter Delaypool
#————————————————————————–
acl magic_words1 url_regex -i 202.154
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
delay_pools 2
delay_class 1 2
#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2
delay_parameters 2 4000/150000 4000/120000
delay_access 2 allow magic_words2
menjalankan squid
[root@gateway squid-2.6.STABLE4]# /usr/local/squid/sbin/squid -z
[root@gateway squid-2.6.STABLE4]# /usr/local/squid/sbin/squid -sYD
Cek squid
[root@gateway squid-2.6.STABLE4]# netstat -plnat grep squid
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 14066/(squid)


Sumber : www.fedora.or.id

Setup CentOS 5.5 sebagai server

Install CentOS 5.5 untuk mode server adalah Seperti Gambar di bawah ini :
1. Mode Linux Text agar install nya lebih cepat. Ketik Linux Text lalu enter :

2. Pilih Skip untuk check disk

3. Pilih language english untuk bahasa :


4. Pilih Keyboard US

5. Erase all partition Pilih yes

6. Pilih remove all partition trus pilih OK trus jika di tanya are you sure : pilih OK lagi

7. Review Partition pilih NO, biarkan partition nya default

8. Config network eth0 pilih yes

9. Pilih active on boot dan kasi tanda * menggunakan space bar di ipv4

10. Masukkan ip address. Disini saya menggunakan ip address static dengan ip 192.168.0.82/24

11. Setelah itu masukkan gateway dan DNS server yang di gunakan.

12. Masukkan hostname : di sini saya menggunakan lusca-proxy sebagai hostname

13. Pilih time zone. pilih Asia/jakarta

14. Masukkan password untuk user : root

15. Karena kita akan membuat server Hilangkan paket GNome. hanya pilih server dan pilih juga di bagian bawah Custom software selection

16. Pilih paket server yang di butuhkan, disini saya memilih :
- Base
- Editors
- Legacy Network Server
- Network server
- Server Configuration Tools, dan terakhir
- Text Base Internet.
Selain yang di sebutkan di atas tidak di install, alias di hilangkan tanda (*)

17. Install to begin pilih OK

18. Duduk tenang menunggu instalasi selesai. setelah itu “reboot”

Gampang kaaan ?? saya menggunakan HDD 143 SAS dan 2 Gb ram. hanya perlu 10 menit untuk melakukan instalasi server mode text ini. Selanjut nya kita bisa langsung me-remote server menggunakan putty.

Setting LUSCA proxy di CentOS 5.5

Berikut ini cara install Lusca Proxy dan Tunning nya
1. Linux yang di gunakan adalah CentOS 5.5 dengan mode TEXT
Instalasi LINUX mode TEXT dapat di lihat di SINI
2. Setelah Instalasi selesai pertama-tama kita ubah dahulu repository nya ke repository indonesia agar instalasi jauh lebih cepat. Cara nya dapat di lihat di SINI dan kemudian Matikan firewall dan disable selinux. Caranya dapat di lihat di SINI
3. Install squid bawaan CentOS terlebih dahulu menggunakan “YUM” dan kemudian remove kembali.
Karena asli nya LUSCA adalah pengembangan squid, maka untuk memasukkan paket-paket yang di butuhkan LUSCA cara yang paling cepat adalah dengan menginstall squid dan kemudian me-remove nya kembali

[root@lusca-proxy ~]# yum install squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons                                                   |  951 B     00:00
addons/primary                                           |  202 B     00:00
base                                                     | 2.1 kB     00:00
base/primary_db                                          | 1.6 MB     00:02
extras                                                   | 2.1 kB     00:00
extras/primary_db                                        | 188 kB     00:00
updates                                                  | 1.9 kB     00:00
updates/primary_db                                       | 840 kB     00:01
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be updated
--> Processing Dependency: perl(URI::URL) for package: squid
--> Running transaction check
---> Package perl-URI.noarch 0:1.35-3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch          Version                        Repository   Size
================================================================================
Installing:
 squid           i386          7:2.6.STABLE21-6.el5           base        1.3 M
Installing for dependencies:
 perl-URI        noarch        1.35-3                         base        116 k

Transaction Summary
================================================================================
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 1.4 M
Is this ok [y/N]: y
3. Setelah terinstall maka kita remove lagi :D
[root@lusca-proxy ~]# yum remove squid
Loaded plugins: fastestmirror
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package      Arch        Version                        Repository        Size
================================================================================
Removing:
 squid        i386        7:2.6.STABLE21-6.el5           installed        3.5 M

Transaction Summary
================================================================================
Remove        1 Package(s)
Reinstall     0 Package(s)
Downgrade     0 Package(s)

Is this ok [y/N]: y
4. Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils
[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated
--> Processing Dependency: autoconf >= 2.58 for package: automake
---> Package e2fsprogs-devel.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5_5.1 for package: e2fspro                                                                                        gs-devel
---> Package gcc.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: cpp = 4.1.2-48.el5 for package: gcc
--> Processing Dependency: libgomp >= 4.1.2-48.el5 for package: gcc
---> Package glibc-devel.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-headers = 2.5-49.el5_5.7 for package: glibc-dev                                                                                        el
--> Processing Dependency: glibc = 2.5-49.el5_5.7 for package: glibc-devel
--> Processing Dependency: glibc-headers for package: glibc-devel
---> Package sharutils.i386 0:4.6.1-2 set to be updated
--> Running transaction check
---> Package autoconf.noarch 0:2.59-12 set to be updated
--> Processing Dependency: imake for package: autoconf
---> Package cpp.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5 for package: e2fsprogs
---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: glibc = 2.5-49 for package: nscd
---> Package glibc.i686 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-common = 2.5-49.el5_5.7 for package: glibc
---> Package glibc-headers.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers
--> Processing Dependency: kernel-headers for package: glibc-headers
---> Package libgomp.i386 0:4.4.0-6.el5 set to be updated
--> Running transaction check
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package glibc-common.i386 0:2.5-49.el5_5.7 set to be updated
---> Package imake.i386 0:1.0.2-3 set to be updated
---> Package kernel-headers.i386 0:2.6.18-194.26.1.el5 set to be updated
---> Package nscd.i386 0:2.5-49.el5_5.7 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch        Version                    Repository    Size
================================================================================
Installing:
 automake             noarch      1.9.6-2.3.el5              base         476 k
 e2fsprogs-devel      i386        1.39-23.el5_5.1            updates      569 k
 gcc                  i386        4.1.2-48.el5               base         5.2 M
 glibc-devel          i386        2.5-49.el5_5.7             updates      2.0 M
 sharutils            i386        4.6.1-2                    base         201 k
Installing for dependencies:
 autoconf             noarch      2.59-12                    base         647 k
 cpp                  i386        4.1.2-48.el5               base         2.6 M
 glibc-headers        i386        2.5-49.el5_5.7             updates      602 k
 imake                i386        1.0.2-3                    base         319 k
 kernel-headers       i386        2.6.18-194.26.1.el5        updates      1.1 M
 libgomp              i386        4.4.0-6.el5                base          70 k
Updating for dependencies:
 e2fsprogs            i386        1.39-23.el5_5.1            updates      977 k
 e2fsprogs-libs       i386        1.39-23.el5_5.1            updates      118 k
 glibc                i686        2.5-49.el5_5.7             updates      5.3 M
 glibc-common         i386        2.5-49.el5_5.7             updates       16 M
 nscd                 i386        2.5-49.el5_5.7             updates      166 k

Transaction Summary
================================================================================
Install      11 Package(s)
Upgrade       5 Package(s)

Total download size: 37 M
Is this ok [y/N]:y
5. Duduk tenang selesai install paket-paket di atas kemudian download LUSCA nya dari google
[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
6. Setelah itu di extrak
[root@lusca-proxy ~]# tar -zxvf LUSCA_HEAD-r14809.tar.gz
7. Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan opsi-opsi di bawah ini
[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809
[root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups
semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file squid
8. Kemudian install
[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install
9. Duduk tenang menunggu instalasi selesai sekarang waktu nya Konfigurasi.
- Pindah ke direktori /usr/local/squid/etc
[root@lusca-proxy LUSCA_HEAD-r14809]# cd /usr/local/squid/etc/
- ambil file squid.conf menggunakan wget dari website ini
[root@lusca-proxy etc]# wget http://www.hendraarif.web.id/wp-content/uploads/2011/02/squid.conf
--2011-02-25 01:43:23--  http://www.hendraarif.web.id/wp-content/uploads/2011/02/squid.conf
Resolving www.hendraarif.web.id... 192.168.0.137
Connecting to www.hendraarif.web.id|192.168.0.137|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2141 (2.1K) [text/plain]
Saving to: `squid.conf.1'

100%[====================================================>] 2,141       --.-K/s   in 0s

2011-02-25 01:43:23 (207 MB/s) - `squid.conf.1' saved [2141/2141]
10. copy squid.conf.1 ke squid.conf
[root@lusca-proxy etc]# cp squid.conf.1  squid.conf
cp: overwrite `squid.conf'? y
11. ambil storeurl di website ini :
[root@lusca-proxy etc]# wget http://www.hendraarif.web.id/wp-content/uploads/2011/02/storeurl.pl
--2011-02-25 01:46:35--  http://www.hendraarif.web.id/wp-content/uploads/2011/02/storeurl.pl
Resolving www.hendraarif.web.id... 192.168.0.137
Connecting to www.hendraarif.web.id|192.168.0.137|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4799 (4.7K) [text/plain]
Saving to: `storeurl.pl'

100%[====================================================>] 4,799       --.-K/s   in 0s

2011-02-25 01:46:35 (311 MB/s) - `storeurl.pl' saved [4799/4799]
12. Ambil file tunning.conf di website ini
[root@lusca-proxy etc]# wget http://www.hendraarif.web.id/wp-content/uploads/2011/02/tunning.conf
--2011-02-25 01:48:16--  http://www.hendraarif.web.id/wp-content/uploads/2011/02/tunning.conf
Resolving www.hendraarif.web.id... 192.168.0.137
Connecting to www.hendraarif.web.id|192.168.0.137|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11047 (11K) [text/plain]
Saving to: `tunning.conf'

100%[============================================================>] 11,047      --.-K/s   in 0s

2011-02-25 01:48:16 (425 MB/s) - `tunning.conf' saved [11047/11047]
13. – Buat direktori untuk nampung cache di /cache1,
– kemudian ubah permission nya untuk squid
– kemudian ubah permission file tunning.conf dan storeurl.pl agar bisa di exekusi
[root@lusca-proxy etc]# mkdir /cache1
[root@lusca-proxy etc]# chown squid:squid /cache1
[root@lusca-proxy etc]# chmod 777 tunning.conf storeurl.pl
14. Building cache dir squid
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -z
15. edit localnet pada squid.conf. sesuaikan network client kita :
potongan squid.conf
......
[root@lusca-proxy etc]# nano -c squid.conf
.......................
####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 7.7.9.0/24 # RFC1918 possible internal network
####################################################################
16. Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse
[root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 &
17. Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128
[root@lusca-proxy etc]# tail -f  /cache1/access.log
1298574413.127    154 7.7.9.2 TCP_MISS/302 839 GET http://www.google.com/search?q=wordpress+file+upload+plugins&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a - DIRECT/209.85.175.147 text/html
1298574413.813    365 7.7.9.2 TCP_MISS/200 14796 GET http://www.google.co.id/search?q=wordpress+file+upload+plugins&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a - DIRECT/209.85.175.103 text/html
1298574414.419    122 7.7.9.2 TCP_MISS/204 267 GET http://clients1.google.co.id/generate_204 - DIRECT/209.85.175.113 text/html
1298574414.838    106 7.7.9.2 TCP_MISS/204 357 GET http://www.google.co.id/csi?v=3&s=web&action=&e=17259,17311,27495,28454,28589,28903,28940&ei=3qpmTchQhvCtB6LhqNoK&expi=17259,17311,27495,28454,28589,28903,28940&imc=4&imn=4&imp=0&rt=xjsls.417,prt.419,xjses.484,xjsee.549,xjs.568,ol.869,iml.419 - DIRECT/209.85.175.99 text/html
1298574424.075   2804 7.7.9.2 TCP_MISS/200 547 POST http://www.hendraarif.web.id/wp-admin/admin-ajax.php - DIRECT/192.168.0.137 text/xml
Perlu di ingat tunning hardware berbanding terbalik dengan kemampuan hardware. jika di paksa bekerja terlalu keras maka alat akan cepat rusak.
update
catatan :
1. buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga
2. jika ketemu error Filedescriptors blabla, edit di file
[root@lusca-proxy ~]# nano -c  /usr/local/squid/etc/storeurl.pl
pada bagian paling atas
#!/usr/bin/perl5.8.8               <===== edit menjadi "#!/usr/bin/perl" tanpa tanda kutip
# by chudy_fernandez@yahoo.com
# Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/D
iscussion
$|=1;
.............................
3. untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console
[root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >> /etc/rc.local
Beres deh... gampang kan ? selamat mencoba

Kamis, 23 Februari 2012

How to Setup Hotspot with MIKROTIK routers

You need to setup your Mikrotik router by using Winbox. Winbox is the graphical user interface for configuring the Mikrotik Router OS. You can get Winbox via The Dude. Once installed, click on Discover. Once the devices are discovered and displayed, you can right click on the Router OS select tools then select Winbox.
1. First we need to define the first port for WAN connection so the router will connect to the internet via another router with DHCP.
In winbox click IP > DHCP Client and Add DHCP Client to port ether1
2. Let's add the hotspot service to wlan Click IP > HotSpot and the Setup box, choose wlan1 as hotspot interface. You can accept default values but choose none for certificate. Leave the IP as it is (10.5.50.x). If you change this IP, the LOGIN and LOGOUT links will not work on your splash page.

3. The router should be placed in ap bridge mode.
Click interface, double click wlan1, click Mode: and select ap bridge
4. You need to add our radius server as authentication and accounting server.
In the hotspot profiles (IP > HotSpot > Profiles) choose your hotspot profile and allow radius in the radius tab, de-select cookie, allow http pap and chap.

5. You need to define our radius server. Click Radius and the + sign to add our radius server.
Click Servies > Hotspot, enter radius address: 195.228.75.174, Secret: hotsys123

6. You need to add the secondary radius server. Click Radius and the + sign.
Click Servies > Hotspot, enter radius address: 85.25.152.132, Secret: hotsys123
7. We have to allow certain sites and servers for non authenticated users otherwise they can't buy access.
In the section IP > HotSpot > Walled Garden, click on + sign and add the following domains to Dst. Host one by one:
*.hotspotsystem.com
*.worldpay.com
*.paypal.com
*.paypalobjects.com
*.akamaiedge.net
paypal.112.2O7.net
*.moneybookers.com
*.adyen.com

For Hotspot FREE SOCIAL locations: you must add 'www.apple.com' too!
Then in the section IP > HotSpot > Walled Garden > IP List add the following IPs to Dst. Address one by one (if your Mikrotik doesn't allow netmask values (.0/24) you can skip the netmask value):
194.149.46.0/24
198.241.128.0/17
66.211.128.0/17
216.113.128.0/17
70.42.128.0/17
128.242.125.0/24
216.52.17.0/24
62.249.232.74
155.136.68.77
66.4.128.0/17
66.211.128.0/17
66.235.128.0/17
88.221.136.146
195.228.254.149
195.228.254.152
203.211.140.157
203.211.150.204
82.199.90.136/29
82.199.90.160/27
91.212.42.0/24
8. You need to syncronize the router's time with our server.
Click on System > NTP Client. Enter primary and secondary NTP servers. To find NTP servers, go to http://www.pool.ntp.org/ and select the location's continent on the right side of the page. You'll find NTP servers there.
Be sure to leave TimeZoneName: manual, and TimeZone: 00:00 in System > Clock. (Don't set your own timezone, because the router has to show the GMT time!)

9. You need to change the router's NASID. The NASID setting in the Mikrotik is located under System > Identity. Default is 'MikroTik'.
Change this the following way: OPERATORUSERNAME_LOCATIONNUMBER
Example: Operator Username is 'globalhotspot', Location ID: '2', then NASID should be: 'globalhotspot_2'

10. You have to customize Mikrotik's built-in login page. On the side menu go to Files, and find the login.html file under the 'hotspot' directory. Double click on the file and choose Backup.
Open a simple text editor like notepad and copy and paste the following to the editor:

Save it as login.html to your Desktop.
Drag and drop this login.html to your "hotspot" directory in the Winbox program.
If you wish to use FTP you can FTP to your mikrotik router with the admin userid and password and replace the file there under the 'hotspot' directory.
If you don't wish to redirect users to our nice splash page you can continue to use the router's built-in login page but in this case it is important to add a link to the internal page where your users can buy access or activate their prepaid cards. Click here for more information.

11. You have to set the Login/Logout URL IP addresses in the Control Center. Log in to the Control Center with your Operator Username and password and go to Manage > Locations. Click on the location, then click on Modify Hotspot Data & Settings. In Splash Page Settings modify the Internal Login/Logout URL Set to Mikrotik. Make sure that 'Display Login Box on Main Splash Page' option is CHECKED.

12. As the last step you have to add hourly checking for up status for the Router Alert feature.
Go to System > Scheduler and add a new task by pressing the plus sign.
Name: up
Interval: 01:00:00
On Event:


Policy: enable all
Press Apply and OK.
That's all. You can setup hotspot service even on a wired connection. In this case you have to choose an ethernet port instead of wlan or you can setup hotspot on both ports.
If you have successfully setup your mikrotik router you have to see a login window when connecting via wireless. You can log in with username admin, blank password.