Setting Mikrotik


Keterangan :

Ip modem = 192.168.1.2

Ip Client=192.168.10.1

Ip Squid=192.168.20.2

Ether 1 = Internet

Ether2  = Client

Ether3 = Squid

  1. A.         Setting Mikrotik

 

Ganti Nama ether :

/interfa                ce set 0 name=internet

/interface set 1 name=client

/interface set 2 name=squid

Address List :

/ip address add address =192.168.1.2/24 interface=internet comment=”INTERNET”

/ip address add address=192.168.10.1/24 interface=client commenr=”MIKROTIK CLIENT”

/ip address add address=192.168.20.1/24 interface=squid comment=”PROXY”

/ip add  print  à untuk menampilkan ip address

Kemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke
komputer yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP
Anda sudah benar

Routing :

/ip route add gateway =192.168.1.1

Setting DNS :

/ip dns set server=202.134.1.10 allow-remote-requests=yes
/ip dns set server=202.134.0.155 allow-remote-requests=yes

Setelah itu coba Anda lakukan ping ke yahoo.com

ping yahoo.com

Jika hasilnya sukses, maka settingan DNS sudah benar

NAT ke Client :

/ip firewall nat add chain=srcnat action=masquerade out-interface=internet

Sekarang coba lakukan ping ke yahoo.com dari komputer yang ada di LAN
ping yahoo.com

Jika hasilnya sukses, maka setting masquerade sudah benar

DHCP (Dynamic Host Configuration Protocol) :

–          Membuat IP Address Pool :

/ip pool add name=dhcp-pool ranges=192.168.0.2-192.168.0.254

–          Menambahkan DHCP Network :

/ip dhcp-server network add address=192.168.10.0/24 gateway=192.168.10.1
dns-server=202.134.1.10,202.134.0.155

–          Menambahkan Server DHCP :

/ip dhcp-server add name=DHCP_LAN disabled=no interface=client address-pool=dhcp-pool

  1. B.         Setting Squid

Langkah Pertama yang harus anda lakukan adalah menginstall terlebih dahulu Proxy servernya, disini kami menggunakan ubuntu 10.10 32 bit  atau 11.10. 32 bit untuk spesifikasi computer :

  1. 1 CPU Intel Pentium 4 / AMD, 2GB/4GB, HDD 160 GB lebih besar lebih baik, 1 NIC, 1 CDROM
  2. Kabel Cross
  3. Mikrotik yang sudah koneksi internet

Cara Install Ubuntu :

1. MASUKKAN CD UBUNTU KE CDROM DAN boot pilih ke cdroom,
2. Pilih language english (enter)
3. Pilih instal ubuntu server (enter)
4. Tekan enter pada choose langguage english
5. Pilih united states
6. Klik no pada detect keyboard layout?
7. Klik USA pada ubuntu installer main menu
8. Klik USA pada keyboard layout
9. Klik continue pada configure the network
10. Pilih configure network manually isi ip address dg 192.168.11.11 pilih continue enter
11. Netmask 255.255.255.0 pilih continue enter
12. Gateway 192.168.11.1 terus klik continue
13. Name server addresses 192.168.11.1 pilih continue enter
14. Hotsnama : isi dg proxyku terus pilih continue enter
15. Domain name: di kosongin saja, pilih continue enter
16. Pada configure the clok pilih select from worldwide list terus cari jakarta (sesuaikan lokasi anda) terus enter
17. Pada menu partition disk pilih manual
18. Kita hapus partisi lama dulu :
19. Pilih partisi nya terus enter pilih delete the partion (ulangi perintah ini untuk semua partisi yg tersisa)
20. Jika telah selesai pilih Guided partitioning, kemudian pilih manual arahkan pada FREE SPACE (enter),
21. Pilih Create new partition (enter)
22. New partition size isi 256 mb (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter) pada Mount point pilih /boot (enter), pd mount option pilih[*] noatime (pilih continue dan enter), pada Bootable Flag rubah menjadi on JIKA STATUS NYA TDK BERUBAH ABAIKAN SAJA kemudian pilih done setting up the partition
23. New partition size isi 20 gb (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih EXT4 (enter) pada Mount point pilih / (enter), pd mount option pilih[*] noatime (pilih continue dan enter), kemudian pilih done setting up the partition
24. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi 4 gb ( besarnya 2x RAM) pilih continue dan enter, pilih Primary (enter), pilih Beginning (enter), pada use as pilih swap area (enter), kemudian Pilih done setting up the partition
25. Arahkan pada FREE SPACE (enter), pilih Create new partition (enter) new partition size isi sisa semua harddisk (pilih continue dan enter), pilih Primary (enter), pilih Beginning (enter), pada use as pilih btrFS atau Reinsfers (enter)

CATATAN :

btrFs untuk 64bit

Reinfers untuk 32bit

pada Moun point enter manually buat menjadi /cache, pd mount option pilih[*] noatime dan realtime kemudian Pilih continue dan done setting up the partition
26. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
27. pada full name for the new user isi dg proxyku, terus continue & enter
28. pada Username for your account isi dg proxyku, terus continue & enter
29. pada a password for the new user isi dg proxyku, terus continue & enter
30. pada re-enter password to verify isi dg proxyku, terus continue & enter
31. pada use weak password pilih yes
32. pada encrypt your home directory pilih no
33. pada HTTP proxy information KOSONGIN SAJA
34. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
35.pada choose software to install pilih OpenSSH server pilih continus pd finish the installation dan reboot, ambil CD Ubuntu, 1st Boot kembalikan ke Hardisk

selanjutnya untuk bisa masuk ke ubuntu tanpa harus mensetting langsung dari ubuntuya anda bisa menggunakan putty untuk meremote ubuntu anda

# login dg proxyku
# password proxyku
# ketik sudo su –
# isi proxyku

jika menginginkan login sebagai root setiap reboot ubuntu ikuti langkah berikut :
# ketik passwd
# enter new UNIX password isi dg proxyku
# retype new UNIX password isi proxyku

Langkah berikut nya remote Mikrotik winbox :

hubungkan kabel CROSS ke CPU dan hubungkan ke mikrotik port 3
cek ping dari masing-masing cpu dan mikrotik ping 192.168.20.2 dan ping 192.168.20.1
jika dari keduanya reply lalu ping DNS, jika reply proxy siap untuk install

Jika belum reply reboot mikrotik dan ubuntu, jik belum reply juga cek IP  nya salah Jika gak reply KABEL Salah kaleeeeeeeee (PAKE CROSS Bozzz)

Install Paket yg di butuhkan:

# sudo apt-get update
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9

Catatan : Download Squid 2.7 Stable 9 dan copykan menggunakan WINSCP , jika tidak ada silahkan download WINSCPnya, dan langsung Copykan Squid 2.7 Stable 9  ke folder /root yang ada di ubuntu

 

#tar xvf squid-2.7.STABLE9+patch.tar.gz
# cd squid-2.7.STABLE9

Selanjutnya ada compile proxy dengan cara mengcopy sintax dibawah ini  :

./configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \ –localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \ –enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \ –enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \ –enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536

Jika sudah mengcopy sintax yg diatas untuk langkah selanjutnya

#make

#make install

Jika sudah selesai kita kembali ke mikrotik

Setting IP FIREWALL MANGLE :

  1. a.       PROXY-HIT

/ip firewall mangle add chain=forward  dscp=12 action=mark-connection new-connection-mark=proxy_conn passtrough=yes

/ip  firewall mangle add chain=forward src-address-list=USER IP dst-address-list=PROXY IP action=mark-connection new-connection-mark=proxy_conn passtrough=yes

/ip firewall mangle add chain=forward connection-mark=proxy_conn action=mark-packet new-packet=proxy-hit passtrough=no

  1. b.      HTTP-CONN

/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 protocol=tcp in-interface=CLIENT action=mark-connection new-connection-mark=http_conn

  1. c.       HTTPS-CONN

/ip firewall mangle add chain=prerouting  protocol=tcp dst-port=443 connection-state=new action=mark-packet new-packet-mark=https_conn passtrough=yes

/ip firewall mangle add chain=prerouting connection-mark=https_conn action=mark-routing new-routing-mark=https passtrough=no

  1. d.      DNS

/ip firewall mangle add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS

/ip firewall mangle add chain=prerouting connection-mark=DNS action=change-dscp new-dscp=12

  1. e.      DNS-PACKET

/ip firewall mangle add chain=prerouting connection-mark=DNS

action=mark-packet new-packet-mark=DNS_PACKET passthrough=no

/ip firewall mangle add chain=prerouting action=mark-packet

new-packet-mark=DNS_PACKET passthrough=yes

  1. f.        CHANGE-MSS

/ip firewall mangle add chain=forward protocol=tcp in-interf

ace=INTERNET action=change-mss new-mss=1440

Setting  IP FIREWALL ADDRESS-LIST :

  1. /ip firewall address-list add address=202.134.0.155 list=DNS
  2.  /ip firewall address-list add address=203.130.206.250 list=DNS
  3. /ip firewall address-list add address=192.168.20.2 list=PROXY IP
  4. /ip firewall address-list add address=192.168.10.0/24 list=USER IP

Setting IP FIREWALL NAT :

  1. a.       DNS

/ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=redirect to-ports=53

/ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=redirect to-ports=53

  1. b.      PROXY

/ip firewall nat add chain=dstnat src-address=!192.168.20.2  protocol=tcp  dst-port=80, 8080, 3128, 8000 action=dst-nat to-addresses=192.168.20.2 to-port=3128

Setting QUEUE :

Pilih menu Queue klik dan pilih tab Queue types dan pilih tanda tambah warna merah untuk menambah baru, liat pada gambar dibawah ini :

/queue tree add name=DNS-UP parent=global-in packet-marks=DNS_PACKET queue-type=upstream-pcq priority=5 limit-at=0 max-limit=0 burst-limit=0 burst-treadhold=0 burst-time=0

/queue tree add name=DNS-UP parent=global-out  packet-marks=proxy-hit queue-type=downstream-pcq priority=5 limit-at=0 max-limit=0 burst-limit=0 burst-treadhold=0 burst-time=0

Jika sudah selesai maka kemudian anda remote Ubuntu dengan winscp, cari folder /ect/squid

dan edit squidnya seperti di bawah ini tapi terlebih dahulu matikan squidnya

#/etc/init.d/squid stop

Untuk mengedit squid  :

#pico /etc/squid/squid.conf

Ikuti langkah dibawah ini :

##start of config

http_port 3128 transparent

server_http11 on

icp_port 0

# cache_peer 203.128.88.193 parent 8910 0 no-query no-netdb-exchange no-digest

# File Squid

pid_filename /var/run/squid.pid

coredump_dir /var/spool/squid/

error_directory /usr/share/squid/errors/en/

icon_directory /usr/share/squid/icons

mime_table /usr/share/squid/mime.conf

visible_hostname proxy

# Log Squid

access_log /var/log/squid/access.log

cache_log /dev/null

cache_store_log /dev/null

# Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.

log_fqdn off

log_icp_queries off

buffered_logs off

emulate_httpd_log off

#===========================================================================

# TAG: FTP section

#—————————————————————————

# Selalu gunakan opsi ini untuk mengurangi beban trafik. FTP mode pasif

# menyebabkan client tidak berhubungan langsung dengan FTP Server tujuan

# dan menggunakan squid sebagai relay sehingga bandwidth utk koneksi FTP

# bisa dikontrol mungkin dengan kombinasi IP filtering (PF (BSD)/ IPTABLES).

#===========================================================================

ftp_list_width 32

ftp_passive on

ftp_sanitycheck on

#===================================================================

# TAG: ACL Section

#——————————————————————-

# Allow local network(s) on interface(s)

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

#===================================================================

acl localnet src 192.168.20.0/24   # GANTI DGN IP PROXY AREA

uri_whitespace strip

#DNS NAMESERVER

dns_nameservers /etc/resolv.conf

cache_mem 8 MB

maximum_object_size_in_memory 4 bytes

memory_replacement_policy heap GDSF

cache_replacement_policy heap LFUDA

cache_dir aufs /cache 80000 187 256

minimum_object_size 0 bytes

maximum_object_size 1024 MB

offline_mode off

cache_swap_low 98

cache_swap_high 99

#handycafe

acl billing url_regex -i handycafe

http_access deny billing

deny_info http://photoserver.ws/images/pvVv4b7ec43c3f1f7.jpg billing

#Situs porno

acl kata_terlarang url_regex -i “/etc/squid/porn.txt”

http_access deny kata_terlarang

deny_info http://www.eramuslim.com kata_terlarang

#Situs antinetcut

acl antinetcut url_regex -i tools4free

http_access deny antinetcut

deny_info http://www.facebook.com antinetcut

# Setup some default acls

acl all src 0.0.0.0/0

acl localhost src 127.0.0.1/32

acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535

acl sslports port 443 563 81

acl manager proto cache_object

acl purge method PURGE

acl connect method CONNECT

acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !safeports

http_access deny CONNECT !sslports

# Always allow localhost connections

http_access allow localhost

# Allow local network(s) on interface(s)

http_access allow localnet

# Default block all to be sure

http_access deny all

header_access X-Forwarded-For deny all

#follow_x_forwarded_for allow localnet

#follow_x_forwarded_for allow localhost

#http_gzip on

#http_gzip_types text/plain,text/html,text/xml,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript

#=====================================================

# TAG: ZPH

#=====================================================

tcp_outgoing_tos 0x30 localnet

zph_mode tos

zph_local 0x30

zph_parent 0

zph_option 136

#=====================================================

# DELAY POLL

#=====================================================

acl admin src 192.168.20.0/24         # IP YG TDK KENA LIMIT

acl management src 192.168.20.0/24    # IP YG TIDAK KENA LIMIT

acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.flv$ \.3gp$

acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$

acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$

acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$

acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$

acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.mkv$

delay_pools 2

delay_class 1 1

delay_parameters 1 -1/-1

delay_access 1 allow admin

delay_access 1 allow admin management

delay_access 1 deny all

delay_class 2 1

delay_parameters 2 -1/-1

delay_access 2 allow download

delay_access 2 deny all

#====================================================

# TAG: STORE RULE

#====================================================

# Caching Speedtest

acl speedtest dstdomain .speedtest.telkomspeedy.com

acl speedtest dstdomain .speedtest.cbn.net.id

acl speedtest dstdomain .speedtest.net

acl speedtest dstdomain .speedtest.biznetnetworks.com

acl speedtest dstdomain .speedtest.indosatm2.com

acl speedtest dstdomain .xl.co.id/XLInternet/SpeedTest

storeurl_access allow speedtest

# Caching Youtube

acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?

acl videocache_allow_url url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?

acl videocache_allow_url url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?

acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?

acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?

acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?

acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/

acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/

acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv

acl videocache_allow_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4)

acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?

acl videocache_allow_url url_regex -i \.youporn\.com\/(.*)\.flv

acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv

acl videocache_allow_url url_regex -i \.tube8\.com\/(.*)\.(flv|3gp)

acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv

acl videocache_allow_url url_regex -i \.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram|m4v)

acl videocache_allow_url url_regex -i \.break\.com\/(.*)\.(flv|mp4)

acl videocache_allow_url url_regex -i redtube\.com\/(.*)\.flv

acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .cdn.dailymotion.com

acl videocache_deny_dom  dstdomain .download.youporn.com .static.blip.tv

acl dontrewrite url_regex redbot\.org \.php

acl getmethod method GET

storeurl_access deny dontrewrite

storeurl_access deny !getmethod

storeurl_access deny videocache_deny_dom

storeurl_access allow videocache_allow_url

storeurl_access allow videocache_allow_dom

storeurl_access deny all

storeurl_rewrite_program /etc/squid/storeurl.pl

storeurl_rewrite_children 7

storeurl_rewrite_concurrency 10

#=========================================================

# TAG: Refresh Pattern

#=========================================================

# 1 year = 525600 mins, 1 month = 43200 mins, 1 day = 1440

#=========================================================

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern \.(ico|video-stats) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale

refresh_pattern \.etology\?                                     43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale

refresh_pattern galleries\.video(\?|sz)                         43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale

refresh_pattern brazzers\?                                      43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale

refresh_pattern \.adtology\?                                    43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale

refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 43200 20% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10

refresh_pattern ^.*safebrowsing.*google  43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale

refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)    43200 999999% 43200 override-expire ignore-reload ignore-private store-stale negative-ttl=10080

refresh_pattern ytimg\.com.*\.jpg                                       43200 999999% 43200 override-expire ignore-reload store-stale

refresh_pattern images\.friendster\.com.*\.(png|gif)                    43200 999999% 43200 override-expire ignore-reload store-stale

refresh_pattern garena\.com                                             43200 999999% 43200 override-expire reload-into-ims store-stale

refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)          43200 999999% 43200 override-expire ignore-reload store-stale

refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?                     43200 999999% 43200 ignore-no-cache override-expire override-lastmod store-stale

refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    43200 999999% 43200 reload-into-ims override-expire ignore-private    store-stale

refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.                     43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

refresh_pattern ^http:\/\/www.onemanga.com.*\/                          43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale

# SpeedTest

refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js) 0 50% 180 store-stale negative-ttl=0

# ANTI VIRUS

refresh_pattern guru.avg.com/.*\.(bin)                                  1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern (avgate|avira).*(idx|gz)$                               1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern kaspersky.*\.avc$                                       1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern kaspersky                                               1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern eset                                                   1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                        1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

#POINTBLANK

#refresh_pattern gemscool                                                1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

#others

refresh_pattern windowsupdate.com/.*\.(cab|exe)                 10080  999999%  43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern update.microsoft.com/.*\.(cab|exe)              10080  999999%  43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

refresh_pattern download.microsoft.com/.*\.(cab|exe)            10080  999999%  43200 ignore-no-cache ignore-no-store ignore-reload  reload-into-ims store-stale

#images facebook

refresh_pattern -i \.facebook.com.*\.(jpg|png|gif)                      129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)        129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

# games facebook

refresh_pattern ^http:\/\/apps.facebook.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

refresh_pattern -i \.zynga.com.*\/      10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

refresh_pattern -i \.farmville.com.*\/  10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

refresh_pattern -i \.ninjasaga.com.*\/  10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

refresh_pattern -i \.mafiawars.com.*\/  10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

refresh_pattern -i \.crowdstar.com.*\/  10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

refresh_pattern -i \.popcap.com.*\/        10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

#banner IIX

refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/             43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern ^http:\/\/img.ads.kompas.com.*\/                43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)          43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern ^http:\/\/openx.kompas.com.*\/                  43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)         43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)    43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale

#IIX DOWNLOAD

refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  store-stale ignore-auth

#All File

refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)       43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar)  43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll)         43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i (/cgi-bin/|\?)  0  0%  0

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern ^ftp:           10080   95% 43200 override-lastmod reload-into-ims store-stale

refresh_pattern .               00     95% 43200 override-lastmod reload-into-ims store-stale

#=====================================================

# SNMP

#=====================================================

snmp_port 3401

acl snmppublic snmp_community public

snmp_access allow snmppublic localhost

snmp_access deny all

#==============================================

# TAG: Extra Tuning Configuration

#==============================================

header_access Accept-Encoding deny  all

client_persistent_connections off

server_persistent_connections on

half_closed_clients off

strip_query_terms off

quick_abort_min 0 KB

quick_abort_max 0 KB

quick_abort_pct 100

vary_ignore_expire on

reload_into_ims on

pipeline_prefetch on

range_offset_limit 512 KB

read_timeout 30 minutes

client_lifetime 6 hours

negative_ttl 30 seconds

positive_dns_ttl 6 hours

negative_dns_ttl 60 seconds

pconn_timeout 15 seconds

request_timeout 1 minute

store_avg_object_size 13 KB

log_icp_queries off

ipcache_size 16384

ipcache_low 98

ipcache_high 99

log_fqdn off

fqdncache_size 16384

memory_pools off

forwarded_for on

logfile_rotate 3

store_dir_select_algorithm round-robin

cache_effective_user proxy

cache_effective_group proxy

max_filedescriptors 8192

##end of config

Jika sudah jangan lupa mengcopy file

  1. squid di /etc/init.d/
  2. sysctl.conf di /etc/
  3. squid.conf, storeurl.pl, dan squid.conf.pl  di /etc

selanjutnya  Memberikan permission pada folder cache :

#chown proxy:proxy  /cache
#chmod 777  /cache
#chown proxy:proxy  /etc/squid/storeurl.pl
#chmod 777  /etc/squid/storeurl.pl

Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
#squid  -f  /etc/squid/squid.conf  –z

Restart squid.dengan cara :
# /etc/init.d/squid restart

kemudian anda coba browsing dari client.

jalan kan perintah :

# tail -f /var/log/squid/access.log  | ccze

jika aksess dari client terlihat di Ubuntu berarti proxy anda sudah berjalan dengan baik.

About willyfavindy

Aku seorang yang sangat menggemari teknologi komputer dan mengikuti perkembangan zaman di saat ini

Posted on Juni 16, 2012, in Mikrotik. Bookmark the permalink. Tinggalkan komentar.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: