Mikrotik 3.30+squid (ubuntu 11.04)

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
TaNK
Posts: 10
Joined: 05 Aug 2011, 18:23

Mikrotik 3.30+squid (ubuntu 11.04)

Postby TaNK » 05 Aug 2011, 19:44

Mohon koreksinya dari para suhu disini
mikrotik 3.30
ubuntu 11.04 (squid 2.7 stable9)
topologi

Code: Select all

Modem --- Mikrotik ---- HUB/switch --- Client
             |
           squid

Mikrotik 3.30 :
ether1 (ke modem) 192.168.100.11/26
ether2 (ke cumi) = 192.168.101.2/24
ether3 (ke Client/HUB) = 192.168.102.0/26

NAT Mikrotik
Tampilkan
[admin@MikroTik] > /ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.101.1 to-ports=3128 protocol=tcp src-address=!192.168.101.1 dst-port=80

1 chain=srcnat action=masquerade src-address=192.168.101.1
[admin@MikroTik] >


/ip proxy
Tampilkan
[admin@MikroTik] > /ip proxy pr
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 192.168.101.1
parent-proxy-port: 3128
cache-administrator: "cumikriting"
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: secondary-master
[admin@MikroTik] >

-----------------------
Squid box

ip eth0 192.168.101.1
isi dari /etc/network/interface
Tampilkan
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.101.1
netmask 255.255.255.0
network 192.168.101.0
broadcast 192.168.101.255
gateway 192.168.101.2
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.101.2

isi squid.conf
Tampilkan
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl mikrotik src 192.168.101.2/32 #ip mikrotik
acl semuaklien src 192.168.102.0/26 #ip semuanya
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow semuaklien
http_access allow mikrotik
http_access deny all

# http_reply_access allow all
icp_access allow localnet
icp_access deny all

http_port 3128 transparent
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
##zph end

hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
# memory_replacement_policy lru
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
# cache_replacement_policy lru
cache_dir ufs /squid/cache 10240 64 128
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
minimum_object_size 8 KB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
cache_swap_low 90
cache_swap_high 99
update_headers on
##jika memori 512 MB keatas, silahkan diperbesar angkanya
ipcache_size 2048
ipcache_low 98
ipcache_high 99

# cache_log /var/log/squid/cache.log
access_log /squid/access.log squid
cache_store_log /squid/store.log
# logfile_rotate 0
# emulate_httpd_log off
# log_ip_on_direct on
# mime_table /usr/share/squid/mime.conf
# log_mime_hdrs off
# log_fqdn off
# client_netmask 255.255.255.255
# strip_query_terms on
# buffered_logs off
# netdb_filename /var/spool/squid/logs/netdb.state
# max_stale 1 week
visible_hostname tank.gurita

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(mp3|3gp|mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(exe|iso|tar|rar|zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern ^http:/*.facebook.*/.* 10080 90% 43200 reload-into-ims override-lastmod

# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
# via on
# cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

dns_nameservers 192.168.101.2
#nggonku dns nyah pake alamat ip mikriting
hosts_file /etc/hosts
# fqdncache_size 1024
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
# pipeline_prefetch of


iptables -A PREROUTING -t nat -p tcp -s 192.168.101.2 --dport 80 -j REDIRECT --to-port 3128

-----
setelah di cek ke http://www.cmyip.com/
Tampilkan
My IP Address Is 192.168.102.9

dan http://proxy.jaringanwarnet.com/
Tampilkan
Proxy detected
This request appears to have come via a proxy.

Proxy Details :
2011-08-05 19:37:35
Detected proxy server: 118.xxx.xx.x (118.xxx.xx.x)
trigger HTTP_VIA: 1.1 tank.gurita:3128 (squid/2.7.STABLE9)
trigger HTTP_X_FORWARDED_FOR: 192.168.102.9
Your IP Address is : 118.xxx.xx.x


konsidi :
1. squid-box bisa konek ke internet
2. klient 192.168.102.0/26 bisa konek ke internet semua

Pertanyaanku :
1. apa sudah tepat settinganku ?
2. tail -f /squid/access.log miss semua, apakah wajar?
3. dari komputer klien aku buka game facebook dan youtube pake firefox sampe selesai, kemudian aku buka pake chrome kok gak ngambil dari cache squid, tp malah konek langsung ke internet (dilihat dari trafik interface MT), dan dilihat dari squidclient -h localhost cache Hits nya 0 0, kenapa ya?

Mohon bantuan untuk mengoreksi settingan saya
User avatar
Magelar
Posts: 11
Joined: 21 Jul 2011, 22:47
Location: palembang

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby Magelar » 05 Aug 2011, 20:58

Sundul dulu gan...ikut menyimak aja....semoga para master cepat turun ke TKP....ane juga lagi nyari...

sekedar bahan pertimbangan ane kasih link yang berhubungan dengan seting di mikrotik
http://interfacewirelessbridge.blogspot ... ernal.html
User avatar
Slincerdream
Posts: 9
Joined: 14 May 2011, 19:00
Location: Yogyakarta

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby Slincerdream » 05 Aug 2011, 23:08

Coba jalan-jalan dimari Gan, seting squid ubuntu + mikrotik , bisa jadi refrensi. :)
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby yudiarbi » 06 Aug 2011, 00:03

cobain membantu bro, ip 192.168.102.9 milik siapa?

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=!192.168.101.1 dst-port=80

diganti

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=192.168.101.11 dst-port=80

iptables pada cumi gak usah diaktifin, krn jatuhnya NAT pada mikrotik
User avatar
TaNK
Posts: 10
Joined: 05 Aug 2011, 18:23

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby TaNK » 06 Aug 2011, 00:38

192.168.102.9 ip client

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=192.168.101.11 dst-port=80


src-address=192.168.101.11 == ip ether1 yang menuju modem kah?

oh iya gan, aslina setelah kuamati lebih lanjut, settingku udah ngeHit, cuman emang gak bisa ngecache youtube.
setelah telusur sana sini, dari link diatas... untuk mencache video semacam youtube ternyata ada rumusnya sendiri, ada yang pake lusca atau cachevideos
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby sipelaut » 06 Aug 2011, 09:52

wabuset.. mau ngecache yutub apa gak ngebengkak masbro..nanti jadinya
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby yudiarbi » 06 Aug 2011, 11:27

kl aq mending type filenya aj yg dicaceh, flv-nya pake tag refresh_pattern itu ud nge-hit kok
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: Mikrotik 3.30+squid (ubuntu 11.04)

Postby sipelaut » 06 Aug 2011, 12:00

[quote=yudiarbi]kl aq mending type filenya aj yg dicaceh, flv-nya pake tag refresh_pattern itu ud nge-hit kok

turunin ilmunya dong masbro..
pengen tau juga nichh
dishare dimari aja hee....