High Performance Lusca Squid Proxy Server Ubuntu + Configurasi Router Mikrotik
#===================================================================#
Step 1. Install Ubuntu Server 10.04 and use manual partition
#===================================================================#
Type Size Location FileSystem Mount BootFlag Mount Option
Primary 10 GB Beginning ext4 / noatime [*]
Primary 1024 MB Beginning ext4 /boot on noatime [*]
Primary 2 GB Beginning swap swap
Primary 12 GB Beginning btrfs /cache noatime [*]
#===================================================================#
# Paket Install yang di butuhkan
#===================================================================#
root@proxy:~# apt-get update
root@proxy:~# apt-get install squid -y
root@proxy:~# apt-get install squid squidclient squid-cgi -y
root@proxy:~# apt-get install gcc -y
root@proxy:~# apt-get install build-essential -y
root@proxy:~# apt-get install sharutils -y
root@proxy:~# apt-get install ccze -y
root@proxy:~# apt-get install libzip-dev -y
root@proxy:~# apt-get install automake1.9 -y
root@proxy:~# wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
root@proxy:~# tar xzvf LUSCA_HEAD-r14809.tar.gz
root@proxy:~# cd LUSCA_HEAD-r14809
#===================================================================#
# Perintah Install Compile File LUSCA_HEAD-r14809
#===================================================================#
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-http-gzip --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs --enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp --enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files --enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536 && make && make install
#===================================================================#
# Setelah selesai anda STOP squidnya.
# Tapi sebelum anda stop squidnya anda ganti dulu isi yang ada di /etc/init.d/squid dengan perintah :
#===================================================================#
root@proxy:~# sudo nano /etc/init.d/squid
#===================================================================#
Download File Squid.conf
#===================================================================#
# Pada Terminal Ketik "/etc/init.d/squid stop".
# Kemudian Jalankan Winscp dan edit squid.conf di folder /etc/squid/squid.conf
#===================================================================#
Download File Storeurl.pl
#===================================================================#
# Buat listing file store url
touch /etc/squid/storeurl.pl
chmod +x /etc/squid/storeurl.pl
# Buka storeurl.pl dengan winscp dan isikan File yg ada di bawah ini:
#===================================================================#
Download File
#===================================================================#
# Restart Komputer Kamu
# Pada putty ketik " /etc/init.d/squid stop "
# Masih pada PUTTY, copy-paste perintah di bawah satu-persatu
root@proxy:~# chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
service squid stop
squid -f /etc/squid/squid.conf -z
/etc/init.d/squid start
/etc/init.d/squid restart
# Restart Komputer Kamu
# Monitoring Squid access.log :
root@proxy:~# tail -f /var/log/lusca/access.log | ccze
#===================================================================#
PAKET INSTALL TAMBAHAN
#===================================================================#
Installing Apache2 With PHP5 And MySQL Support On Ubuntu 10.04:
#===================================================================#
1. Installing MySQL 5
# aptitude install mysql-server mysql-client -y
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
2. Installing Apache2
# aptitude install apache2 -y
Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page (It works!)
Apache's default document root is /var/www on Ubuntu, and the configuration file is /etc/apache2/apache2.conf.
Additional configurations are stored in subdirectories of the /etc/apache2 directory such as /etc/apache2/mods-enabled (for Apache modules),
/etc/apache2/sites-enabled (for virtual hosts), and /etc/apache2/conf.d.
3. Installing PHP5
# aptitude install php5 -y#===================================================================#
# aptitude install unzip -y
install webmin in Ubuntu 10.04 Lucid Lynx.
#===================================================================#
1. wget -c http://www.webmin.com/download/deb/webmin-current.deb
File will be named “webmin-current.deb” in your current working directory as opposed to a filename containing the specific version number of webmin.
2. sudo dpkg -i webmin-current.deb
This command will generate a number of errors. Ignore them.
3. sudo apt-get -f install
This command will install the missing dependencies, recompile, and install webmin.
Now, login to your webmin server. https://[serverIP]:10000
#===================================================================#
Kalau sudah selesai anda setting mikrotiknya seperti dibawah ini :
Masukkan ini di mangle :
#===================================================================#
;;; Intl-conn
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no
/ip firewall mangle add chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no
;;; PROXY-HIT
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12
;;; http-conn
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-conn passthrough=yes protocol=tcp dst-port=80
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=http passthrough=yes connection-mark=http-conn
;;; https-conn
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=https-conn passthrough=yes connection-state=new protocol=tcp dst-port=443
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=https passthrough=no connection-mark=https-conn
;;; CHANGE MMS
/ip firewall mangle add chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=public tcp-mss=1441-65535
IP FIREWALL ADDRESS-LIST :
;;; LocalNet
LocalNet 192.168.2.0/24 — IP local sesuaikan dengan IP lokal anda
;;; PROXY
ProxyNet 192.168.2.0/24 -- IP network Proxy
DNS 202.134.1.10 -- sesuaikan DNS ISP anda
DNS 202.134.0.155 -- sesuaikan DNS ISP anda
GAMES 63.241.101.0/25
GAMES 74.114.8.0/21
IP FIREWALL NAT :
;;; Nat Proxy
/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.2.20 to-ports=3128 protocol=tcp src-address=!192.168.2.20 src-address-list=LocalNet dst-address-list=!ProxyNet dst-port=80,8080,3128
connection-mark=http-conn
;;; Added by webbox
/ip firewall add chain=srcnat action=masquerade out-interface=ether1-gateway
;;; Proxy Out
/ip firewall add chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 192.168.1.2 src-address=IP LOKAL ANDA misalnya 192.168.2.1
/ip firewall add chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53
;;; SSH
/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=22 protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000
;;; queue tree
/queue tree add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s
Labels: Proxy Server, UBuntu
1 Comments:
untuk localnet sama proxy dalam satu subnet ?
Post a Comment
Subscribe to Post Comments [Atom]
<< Home