Friday, March 22, 2013

High Performance Lusca Squid Proxy Server Ubuntu + Configurasi Router Mikrotik



#===================================================================#
   Step 1. Install Ubuntu Server 10.04 and use manual partition 
#===================================================================#
Type         Size           Location    FileSystem    Mount    BootFlag    Mount Option

Primary    10 GB        Beginning    ext4             /                               noatime [*]
Primary    1024 MB   Beginning    ext4             /boot     on               noatime [*]
Primary    2 GB          Beginning    swap           swap
Primary    12 GB        Beginning    btrfs            /cache                       noatime [*]

#===================================================================#
# Paket Install yang di butuhkan
#===================================================================#
root@proxy:~# apt-get update
root@proxy:~# apt-get install squid -y
root@proxy:~# apt-get install squid squidclient squid-cgi -y
root@proxy:~# apt-get install gcc -y
root@proxy:~# apt-get install build-essential -y
root@proxy:~# apt-get install sharutils -y
root@proxy:~# apt-get install ccze -y
root@proxy:~# apt-get install libzip-dev -y
root@proxy:~# apt-get install automake1.9 -y

root@proxy:~# wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz 
root@proxy:~# tar xzvf LUSCA_HEAD-r14809.tar.gz
root@proxy:~# cd LUSCA_HEAD-r14809

#===================================================================#
# Perintah Install Compile File LUSCA_HEAD-r14809
#===================================================================#
./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-http-gzip --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs --enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp --enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files --enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536 && make && make install

#===================================================================#
# Setelah selesai anda STOP squidnya. 
# Tapi sebelum anda stop squidnya anda ganti dulu isi yang ada di /etc/init.d/squid dengan perintah :
#===================================================================#
root@proxy:~# sudo nano /etc/init.d/squid

#===================================================================#
Download File Squid.conf
#===================================================================#
# Pada Terminal Ketik "/etc/init.d/squid stop". 
# Kemudian Jalankan Winscp dan edit squid.conf di folder /etc/squid/squid.conf

#===================================================================#
Download File Storeurl.pl
#===================================================================#
# Buat listing file store url 

    touch /etc/squid/storeurl.pl
    chmod +x /etc/squid/storeurl.pl

# Buka storeurl.pl dengan winscp dan isikan File yg ada di bawah ini:

#===================================================================#
Download File
#===================================================================#
# Restart Komputer Kamu
# Pada putty ketik " /etc/init.d/squid stop "
# Masih pada PUTTY, copy-paste perintah di bawah satu-persatu

root@proxy:~#     chown proxy:proxy /cache
            chmod 777 /cache
            chown proxy:proxy /etc/squid/storeurl.pl
            chmod 777 /etc/squid/storeurl.pl
            service squid stop
            squid -f /etc/squid/squid.conf -z 
                /etc/init.d/squid start
            /etc/init.d/squid restart

# Restart Komputer Kamu
# Monitoring Squid access.log :

root@proxy:~# tail -f /var/log/lusca/access.log | ccze


#===================================================================#
PAKET INSTALL TAMBAHAN
#===================================================================#
Installing Apache2 With PHP5 And MySQL Support On Ubuntu 10.04:
#===================================================================#
1. Installing MySQL 5
#  aptitude install mysql-server mysql-client -y
   New password for the MySQL "root" user: <-- yourrootsqlpassword
   Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

2. Installing Apache2 
#  aptitude install apache2 -y
   Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page (It works!)
   Apache's default document root is /var/www on Ubuntu, and the configuration file is /etc/apache2/apache2.conf. 
   Additional configurations are stored in subdirectories of the /etc/apache2 directory such as /etc/apache2/mods-enabled (for Apache modules), 
   /etc/apache2/sites-enabled (for virtual hosts), and /etc/apache2/conf.d.

3. Installing PHP5
#  aptitude install php5 -y
#  aptitude install unzip -y
#===================================================================#
install webmin in Ubuntu 10.04 Lucid Lynx.
#===================================================================#
1. wget -c http://www.webmin.com/download/deb/webmin-current.deb
File will be named “webmin-current.deb” in your current working directory as opposed to a filename containing the specific version number of webmin.

2. sudo dpkg -i webmin-current.deb
This command will generate a number of errors. Ignore them.

3. sudo apt-get -f install
This command will install the missing dependencies, recompile, and install webmin.

Now, login to your webmin server. https://[serverIP]:10000

#===================================================================#
Kalau sudah selesai anda setting mikrotiknya seperti dibawah ini :
Masukkan ini di mangle :
#===================================================================#
;;; Intl-conn
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no
/ip firewall mangle add chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no

;;; PROXY-HIT
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12

;;; http-conn
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-conn passthrough=yes protocol=tcp dst-port=80
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=http passthrough=yes connection-mark=http-conn

;;; https-conn
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=https-conn passthrough=yes connection-state=new protocol=tcp dst-port=443
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=https passthrough=no connection-mark=https-conn

;;; CHANGE MMS
/ip firewall mangle add chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=public tcp-mss=1441-65535

IP FIREWALL ADDRESS-LIST :
;;; LocalNet
LocalNet     192.168.2.0/24     — IP local sesuaikan dengan IP lokal anda

;;; PROXY
ProxyNet     192.168.2.0/24 -- IP network Proxy
DNS             202.134.1.10     -- sesuaikan DNS ISP anda
DNS             202.134.0.155     -- sesuaikan DNS ISP anda
GAMES           63.241.101.0/25
GAMES           74.114.8.0/21

IP FIREWALL NAT :
;;; Nat Proxy
/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.2.20 to-ports=3128 protocol=tcp src-address=!192.168.2.20 src-address-list=LocalNet dst-address-list=!ProxyNet dst-port=80,8080,3128
connection-mark=http-conn

;;; Added by webbox
/ip firewall add chain=srcnat action=masquerade out-interface=ether1-gateway

;;; Proxy Out
/ip firewall add chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 192.168.1.2 src-address=IP LOKAL ANDA misalnya 192.168.2.1
/ip firewall add chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53

;;; SSH
/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=22 protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000

;;; queue tree
/queue tree add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s

Reaksi:

1 komentar:

Suheri said...

untuk localnet sama proxy dalam satu subnet ?