Mikrotik 3.30+squid (ubuntu 11.04)

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
TaNK

Mikrotik 3.30+squid (ubuntu 11.04)

Post 05 Aug 2011, 19:44

Mohon koreksinya dari para suhu disini
mikrotik 3.30
ubuntu 11.04 (squid 2.7 stable9)
topologi

Code: Select all

Modem --- Mikrotik ---- HUB/switch --- Client
             |
           squid
Mikrotik 3.30 :
ether1 (ke modem) 192.168.100.11/26
ether2 (ke cumi) = 192.168.101.2/24
ether3 (ke Client/HUB) = 192.168.102.0/26

NAT Mikrotik
[spoiler][admin@MikroTik] > /ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.101.1 to-ports=3128 protocol=tcp src-address=!192.168.101.1 dst-port=80

1 chain=srcnat action=masquerade src-address=192.168.101.1
[admin@MikroTik] >[/spoiler]

/ip proxy
[spoiler][admin@MikroTik] > /ip proxy pr
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 192.168.101.1
parent-proxy-port: 3128
cache-administrator: "cumikriting"
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: secondary-master
[admin@MikroTik] >[/spoiler]
-----------------------
Squid box

ip eth0 192.168.101.1
isi dari /etc/network/interface
[spoiler]# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.101.1
netmask 255.255.255.0
network 192.168.101.0
broadcast 192.168.101.255
gateway 192.168.101.2
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.101.2[/spoiler]
isi squid.conf
[spoiler]#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl mikrotik src 192.168.101.2/32 #ip mikrotik
acl semuaklien src 192.168.102.0/26 #ip semuanya
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow semuaklien
http_access allow mikrotik
http_access deny all

# http_reply_access allow all
icp_access allow localnet
icp_access deny all

http_port 3128 transparent
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
##zph end

hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
# memory_replacement_policy lru
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
# cache_replacement_policy lru
cache_dir ufs /squid/cache 10240 64 128
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
minimum_object_size 8 KB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
cache_swap_low 90
cache_swap_high 99
update_headers on
##jika memori 512 MB keatas, silahkan diperbesar angkanya
ipcache_size 2048
ipcache_low 98
ipcache_high 99

# cache_log /var/log/squid/cache.log
access_log /squid/access.log squid
cache_store_log /squid/store.log
# logfile_rotate 0
# emulate_httpd_log off
# log_ip_on_direct on
# mime_table /usr/share/squid/mime.conf
# log_mime_hdrs off
# log_fqdn off
# client_netmask 255.255.255.255
# strip_query_terms on
# buffered_logs off
# netdb_filename /var/spool/squid/logs/netdb.state
# max_stale 1 week
visible_hostname tank.gurita

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(mp3|3gp|mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(exe|iso|tar|rar|zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern ^http:/*.facebook.*/.* 10080 90% 43200 reload-into-ims override-lastmod

# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
# via on
# cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

dns_nameservers 192.168.101.2
#nggonku dns nyah pake alamat ip mikriting
hosts_file /etc/hosts
# fqdncache_size 1024
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
# pipeline_prefetch of[/spoiler]

iptables -A PREROUTING -t nat -p tcp -s 192.168.101.2 --dport 80 -j REDIRECT --to-port 3128

-----
setelah di cek ke http://www.cmyip.com/
[spoiler]My IP Address Is 192.168.102.9[/spoiler]
dan http://proxy.jaringanwarnet.com/
[spoiler]Proxy detected
This request appears to have come via a proxy.

Proxy Details :
2011-08-05 19:37:35
Detected proxy server: 118.xxx.xx.x (118.xxx.xx.x)
trigger HTTP_VIA: 1.1 tank.gurita:3128 (squid/2.7.STABLE9)
trigger HTTP_X_FORWARDED_FOR: 192.168.102.9
Your IP Address is : 118.xxx.xx.x[/spoiler]

konsidi :
1. squid-box bisa konek ke internet
2. klient 192.168.102.0/26 bisa konek ke internet semua

Pertanyaanku :
1. apa sudah tepat settinganku ?
2. tail -f /squid/access.log miss semua, apakah wajar?
3. dari komputer klien aku buka game facebook dan youtube pake firefox sampe selesai, kemudian aku buka pake chrome kok gak ngambil dari cache squid, tp malah konek langsung ke internet (dilihat dari trafik interface MT), dan dilihat dari squidclient -h localhost cache Hits nya 0 0, kenapa ya?

Mohon bantuan untuk mengoreksi settingan saya


User avatar
Magelar

Post 05 Aug 2011, 20:58

Sundul dulu gan...ikut menyimak aja....semoga para master cepat turun ke TKP....ane juga lagi nyari...

sekedar bahan pertimbangan ane kasih link yang berhubungan dengan seting di mikrotik
http://interfacewirelessbridge.blogspot ... ernal.html


User avatar
Slincerdream

Post 05 Aug 2011, 23:08

Coba jalan-jalan dimari Gan, seting squid ubuntu + mikrotik , bisa jadi refrensi. :)


User avatar
yudiarbi
Contact:

Post 06 Aug 2011, 00:03

cobain membantu bro, ip 192.168.102.9 milik siapa?

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=!192.168.101.1 dst-port=80
diganti

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=192.168.101.11 dst-port=80
iptables pada cumi gak usah diaktifin, krn jatuhnya NAT pada mikrotik


User avatar
TaNK

Post 06 Aug 2011, 00:38

192.168.102.9 ip client

Code: Select all

chain=dstnat action=dst-nat to-addresses=192.168.101.1
to-ports=3128 protocol=tcp src-address=192.168.101.11 dst-port=80
src-address=192.168.101.11 == ip ether1 yang menuju modem kah?

oh iya gan, aslina setelah kuamati lebih lanjut, settingku udah ngeHit, cuman emang gak bisa ngecache youtube.
setelah telusur sana sini, dari link diatas... untuk mencache video semacam youtube ternyata ada rumusnya sendiri, ada yang pake lusca atau cachevideos


User avatar
sipelaut
Contact:

Post 06 Aug 2011, 09:52

wabuset.. mau ngecache yutub apa gak ngebengkak masbro..nanti jadinya


User avatar
yudiarbi
Contact:

Post 06 Aug 2011, 11:27

kl aq mending type filenya aj yg dicaceh, flv-nya pake tag refresh_pattern itu ud nge-hit kok


User avatar
sipelaut
Contact:

Post 06 Aug 2011, 12:00

yudiarbi wrote:kl aq mending type filenya aj yg dicaceh, flv-nya pake tag refresh_pattern itu ud nge-hit kok

turunin ilmunya dong masbro..
pengen tau juga nichh
dishare dimari aja hee....


User avatar
rafdinal

Post 06 Aug 2011, 12:07

@yudiarbi,,kalo modemnya bridge dan dial pppoe dr mikrotik apa bisa jg pake src-address ip interface ke modem???..


User avatar
yudiarbi
Contact:

Post 07 Aug 2011, 09:43

sipelaut wrote:turunin ilmunya dong masbro..
pengen tau juga nichh
dishare dimari aja hee....

waduh, ilmuq belum cukup juga Gus-->(elmuna engkok gik kurang.. :D)
mungkin spt ini :

Code: Select all

refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
gibrannet wrote:kalo modemnya bridge dan dial pppoe dr mikrotik apa bisa jg pake src-address ip interface ke modem???..

waduh, ya salah satu donk bro, pake bridge apa pppoe gitu, gak bsa kl modem bridge dial pppoe....
konsepnya spt ini, kl modem bridge, dial di mikrotik krn jatuhnya gateway di server, kl modem pppoe, dialnya di modem krn jatuhnya gateway di modem...


User avatar
rafdinal

Post 07 Aug 2011, 10:54

@yudiarbi,,iya kan memang itu yg aku maksud "kalo modemnya bridge dan dial pppoe dr mikrotik apa bisa jg pake src-address ip interface ke modem???.coba baca dgn teliti
modem bridge dial pppoe dari mikeorik..
jadi kan ip public nya masuk ke mikrotik,,src-address nya yg mana kita bikin ip public pppoe atau ip lokal modem yg bridge??...


User avatar
yudiarbi
Contact:

Post 07 Aug 2011, 19:05

kl modem bridge, src-address kita bikin ip mikrotik, krn yg dial si mikrotik


User avatar
ilham2930
Contact:

Post 08 Aug 2011, 10:51

TaNK wrote: oh iya gan, aslina setelah kuamati lebih lanjut, settingku udah ngeHit, cuman emang gak bisa ngecache youtube.
setelah telusur sana sini, dari link diatas... untuk mencache video semacam youtube ternyata ada rumusnya sendiri, ada yang pake lusca atau cachevideos
emang udah jalan brapa lama bro squidnya..!!
biarin cachenya gendut dlu, baru deh terasa bedanya..!!
-=just share bro, ni punya q =-
[spoiler]

Code: Select all

Squid Object Cache: Version 2.7.STABLE6
Start Time:	Mon, 01 Aug 2011 08:11:09 GMT
Current Time:	Mon, 08 Aug 2011 03:52:19 GMT
Connection information for squid:
	Number of clients accessing cache:	33
	Number of HTTP requests received:	306102
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	31.2
	Average ICP messages per minute since start:	0.0
	Select loop called: 7984898 times, 73.798 ms avg
Cache information for squid:
	Request Hit Ratios:	5min: 44.6%, 60min: 34.1%
	Byte Hit Ratios:	5min: 25.1%, 60min: 14.0%
	Request Memory Hit Ratios:	5min: 3.8%, 60min: 8.9%
	Request Disk Hit Ratios:	5min: 8.2%, 60min: 29.0%
	Storage Swap size:	17113716 KB
	Storage Mem size:	367544 KB
	Mean Object Size:	19.24 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):   0.18699  0.27332
	Cache Misses:          0.52331  0.52331
	Cache Hits:            0.00091  0.00091
	Near Hits:             0.35832  0.28853
	Not-Modified Replies:  0.00000  0.00091
	DNS Lookups:           0.06364  0.05815
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	589269.880 seconds
	CPU Time:	601.538 seconds
	CPU Usage:	0.10%
	CPU Usage, 5 minute avg:	0.38%
	CPU Usage, 60 minute avg:	0.41%
	Process Data Segment Size via sbrk(): 103788 KB
	Maximum Resident Size: 0 KB
	Page faults with physical i/o: 1
Memory usage for squid via mallinfo():
	Total space in arena:  525676 KB
	Ordinary blocks:       524307 KB  38445 blks
	Small blocks:               0 KB      0 blks
	Holding blocks:          7192 KB      7 blks
	Free Small blocks:          0 KB
	Free Ordinary blocks:    1368 KB
	Total in use:          531499 KB 100%
	Total free:              1368 KB 0%
	Total size:            532868 KB
Memory accounted for:
	Total accounted:       469910 KB
	memPoolAlloc calls: 53178932
	memPoolFree calls: 50195825
File descriptor usage for squid:
	Maximum number of file descriptors:   4096
	Largest file desc currently in use:    145
	Number of file desc currently in use:  108
	Files queued for open:                   0
	Available number of file descriptors: 3988
	Reserved number of file descriptors:   100
	Store Disk files open:                   0
	IO loop method:                     epoll
Internal Data Structures:
	890293 StoreEntries
	 49168 StoreEntries with MemObjects
	 49160 Hot Object Cache Items
	889518 on-disk objects
[/spoiler]


User avatar
sonor

Post 09 Aug 2011, 12:55

ikutan nyimak...


User avatar
TaNK

Post 11 Aug 2011, 03:08

Oh iya bro...
dah nyoba ngoprek LUSCA...
ternyata mangTAV bro... youtube pun diembat.
LUSCA katanya emang emang spesialis konten dinamis


User avatar
ilham2930
Contact:

Post 11 Aug 2011, 10:17

TaNK wrote:Oh iya bro...
dah nyoba ngoprek LUSCA...
ternyata mangTAV bro... youtube pun diembat.
LUSCA katanya emang emang spesialis konten dinamis
jadi sekarang gimana konfigurasi squid+lusca mu bro..
share dong..!


User avatar
TaNK

Post 17 Aug 2011, 00:21

ini sekarang konfigurasiku
for iler :
[spoiler]

Code: Select all

#-----------------------------------------------------#
## PROXY LUSCA - High Performance Configuration
## ---------------------------------------------------#
## Support :    TaNK
## Updated :	016.08.2011
#-----------------------------------------------------#

http_port 3128 transparent
icp_port 0
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/share/squid/errors/English
icon_directory /usr/share/squid/icons
visible_hostname proxy-tank
cache_mgr admin@localhost
access_log /squid/access.log
cache_log /squid/cache.log
cache_store_log none
pid_filename /squid/squid.pid
logfile_rotate 1
shutdown_lifetime 10 seconds
acl localnet src 192.168.101.0/24 ###Mikretek 
acl warnet src 192.168.102.0/26 ###Klien warnet
uri_whitespace strip
dns_nameservers 127.0.0.1
cache_mem 8 MB
maximum_object_size_in_memory 256 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 30000 64 256
##minimum_object_size 512 bytes
maximum_object_size 768 MB
offline_mode off
cache_swap_low 90
cache_swap_high 99
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access allow localnet
http_access allow warnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
http_access deny all

acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|rar|mp3)\?
acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 4
storeurl_rewrite_concurrency 99

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv  0 0% 0 	override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280	90%	161280 ignore-reload  store-stale
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600	override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\?	   				129600 999999% 129600	override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz)   			129600 999999% 129600	override-expire ignore-reload ignore-no-cache store-stale   
refresh_pattern brazzers\?	   				129600 999999% 129600	override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\?  					129600 999999% 129600	override-expire ignore-reload ignore-no-cache store-stale   
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google  129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload   ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg   				129600 999999% 129600	override-expire ignore-reload   store-stale   
refresh_pattern images\.friendster\.com.*\.(png|gif) 	  	129600 999999% 129600	override-expire ignore-reload   store-stale  
refresh_pattern garena\.com                           		129600 999999% 129600 	override-expire reload-into-ims store-stale   
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)  129600 999999% 129600 	override-expire ignore-reload   store-stale  
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?   		129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    129600 999999% 129600 reload-into-ims override-expire ignore-private    store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/           129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

# files
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache  store-stale ignore-must-revalidate
refresh_pattern -i \.(swf|wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth  store-stale ignore-must-revalidate
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth  store-stale ignore-must-revalidate
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern -i \.(hqx|pdf|rtf|doc)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth store-stale ignore-must-revalidate

# specific sites 
refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache store-stale ignore-must-revalidate
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache store-stale ignore-must-revalidate
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.detikinet.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth store-stale ignore-must-revalidate
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private store-stale ignore-must-revalidate
refresh_pattern (cgi-bin|\?)  	 0  	0%  	0
refresh_pattern ^gopher:	1440	0%	1440 
refresh_pattern ^ftp: 		10080 	95% 	43200 override-lastmod reload-into-ims store-stale
refresh_pattern 		. 	180 	95% 43200 override-lastmod reload-into-ims store-stale

header_access X-Forwarded-For deny all
header_access Accept-Encoding deny  all
client_persistent_connections off
server_persistent_connections on 
half_closed_clients off
strip_query_terms off
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
#read_timeout 30 minutes
#client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for off
prefer_direct on

### Direct gak perlu belok proxy rumusnya dibawah ini ###
#acl local-dst dst semuaalamatlokal semuaalamatipygdekat
#acl local-domain dstdomain localhost domain-anda.com isp-anda.com domainku.web.id

#always_direct allow localhost local-dst local-domain
#always_direct deny all

##zph
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
max_filedescriptors 8192

######### for Lusca Only #############
n_aiops_threads 24
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on

############ TaNK #################
###dns nameserver
dns_nameservers 192.168.101.2
#nggonku dns nyah pake alamat ip mikriting
hosts_file /etc/hosts
# fqdncache_size 1024
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
# pipeline_prefetch off
[/spoiler]
untuk lusca aku donlot disini
[spoiler]dongdot[/spoiler]
ini nggak tau kenapa kl donlot situs officialnya selalu gagal waktu eksekusi squidnya, mungkin ada yang kurang paket dev nya,
biasane kesalahan ada di

Code: Select all

cache_dir aufs /cache 30000 64 256
di aufs, padahal waktu kompil juga dah kusertakan aufs.
ketika kuganti ufs pun masih tetep gak mau jalan squidnya


User avatar
seekerz

Post 26 Aug 2011, 12:47

maaf semua, numpang nanya..
udah bisa konek internet via proxy, mengikuti langkah TS..
tapi kok susah ya koneksinya?
kadang kadang,

"Unable to connect
Firefox can't establish a connection to the server"

setelah di refresh, beberapa kali baru jalan..

mohon bantuan, salahnya dimana? :)


User avatar
rafdinal

Post 03 Sep 2011, 21:04

squid 2.7.stable9 gak ada option ignore-must-revalidate pada refresh_patern nya,,apa bisa di pacth gann,,biar dapat ignore-must-revalidate???


User avatar
bontoe

Post 08 Sep 2011, 21:13

Ikut nyimak yach...para master, soalnya pemula


User avatar
TaNK

Post 12 Sep 2011, 23:22

nah ini para buat para master...
ada solusinya gak?

soalnya ane juga baru belajar :D


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 19 Dec 2011, 11:46

manteb ini sama setingan kayak network gw...squid di DMZ alias sejajar dg mikrotik..izin belajar gan.. :)


User avatar
wonktegal
Contact:

Post 19 Dec 2011, 13:20

kuato
[quote=TaNK]Mohon koreksinya dari para suhu disini
mikrotik 3.30
ubuntu 11.04 (squid 2.7 stable9)
topologi

Code: Select all

Modem --- Mikrotik ---- HUB/switch --- Client
             |
           squid
Mikrotik 3.30 :
ether1 (ke modem) 192.168.100.11/26
ether2 (ke cumi) = 192.168.101.2/24
ether3 (ke Client/HUB) = 192.168.102.0/26

NAT Mikrotik
[spoiler][admin@MikroTik] > /ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.101.1 to-ports=3128 protocol=tcp src-address=!192.168.101.1 dst-port=80

1 chain=srcnat action=masquerade src-address=192.168.101.1
[admin@MikroTik] >
/ip proxy
[spoiler][admin@MikroTik] > /ip proxy pr
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 192.168.101.1
parent-proxy-port: 3128
cache-administrator: "cumikriting"
max-cache-size: none
cache-on-disk: no
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: secondary-master
[admin@MikroTik] >[/spoiler]
-----------------------
Squid box

ip eth0 192.168.101.1
isi dari /etc/network/interface
[spoiler]# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.101.1
netmask 255.255.255.0
network 192.168.101.0
broadcast 192.168.101.255
gateway 192.168.101.2
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.101.2[/spoiler]
isi squid.conf
[spoiler]#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl mikrotik src 192.168.101.2/32 #ip mikrotik
acl semuaklien src 192.168.102.0/26 #ip semuanya
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow semuaklien
http_access allow mikrotik
http_access deny all

# http_reply_access allow all
icp_access allow localnet
icp_access deny all

http_port 3128 transparent
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
##zph end

hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
# memory_replacement_policy lru
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
# cache_replacement_policy lru
cache_dir ufs /squid/cache 10240 64 128
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
minimum_object_size 8 KB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
cache_swap_low 90
cache_swap_high 99
update_headers on
##jika memori 512 MB keatas, silahkan diperbesar angkanya
ipcache_size 2048
ipcache_low 98
ipcache_high 99

# cache_log /var/log/squid/cache.log
access_log /squid/access.log squid
cache_store_log /squid/store.log
# logfile_rotate 0
# emulate_httpd_log off
# log_ip_on_direct on
# mime_table /usr/share/squid/mime.conf
# log_mime_hdrs off
# log_fqdn off
# client_netmask 255.255.255.255
# strip_query_terms on
# buffered_logs off
# netdb_filename /var/spool/squid/logs/netdb.state
# max_stale 1 week
visible_hostname tank.gurita

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(mp3|3gp|mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(exe|iso|tar|rar|zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-lastmod reload-into-ims
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 reload-into-ims override-lastmod
refresh_pattern ^http:/*.facebook.*/.* 10080 90% 43200 reload-into-ims override-lastmod

# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
# via on
# cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT

dns_nameservers 192.168.101.2
#nggonku dns nyah pake alamat ip mikriting
hosts_file /etc/hosts
# fqdncache_size 1024
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
# pipeline_prefetch of[/spoiler]

iptables -A PREROUTING -t nat -p tcp -s 192.168.101.2 --dport 80 -j REDIRECT --to-port 3128

-----
setelah di cek ke http://www.cmyip.com/
[spoiler]My IP Address Is 192.168.102.9[/spoiler]
dan http://proxy.jaringanwarnet.com/
[spoiler]Proxy detected
This request appears to have come via a proxy.

Proxy Details :
2011-08-05 19:37:35
Detected proxy server: 118.xxx.xx.x (118.xxx.xx.x)
trigger HTTP_VIA: 1.1 tank.gurita:3128 (squid/2.7.STABLE9)
trigger HTTP_X_FORWARDED_FOR: 192.168.102.9
Your IP Address is : 118.xxx.xx.x[/spoiler]

konsidi :
1. squid-box bisa konek ke internet
2. klient 192.168.102.0/26 bisa konek ke internet semua

Pertanyaanku :
1. apa sudah tepat settinganku ?
2. tail -f /squid/access.log miss semua, apakah wajar?
3. dari komputer klien aku buka game facebook dan youtube pake firefox sampe selesai, kemudian aku buka pake chrome kok gak ngambil dari cache squid, tp malah konek langsung ke internet (dilihat dari trafik interface MT), dan dilihat dari squidclient -h localhost cache Hits nya 0 0, kenapa ya?

Mohon bantuan untuk mengoreksi settingan saya[/quote][/spoiler]

*) izin nyimak dari para sesepuh FUI, kuloo masih pemula .. :)


User avatar
Rh354
Contact:

Post 20 Dec 2011, 12:12

duduk menyimak para mastah menjelaskan ilmu yg bermanfaat buat nubi


User avatar
Daeng_tinro
Contact:

Post 21 Dec 2011, 17:38

hmmm mantap nyimak gan uda lama nunggu topik gini .. he he hee


User avatar
sipelaut
Contact:

Post 28 Dec 2011, 23:45

ane bantu sundul ajalahhh
biar gak ilang nichh trett...
ntar lagi 2012 mo nerapin kek ginian


User avatar
yudiarbi
Contact:

Post 29 Dec 2011, 02:14

seeeep, ayo digelar bro2 yg udah eksperimen.. :D


User avatar
Alvio

Post 31 Dec 2011, 08:23

Dear Master2, :blush:
Bagaimana kalo mikrotiknya juga difungsihan sebagai hotspot?
Gimana cara pengaturannya?
Ane dah coba berkali2 smp pusing..
Kalo Hotspot hidup, Proxy gak jalan; :confused: kalo setting proxy ditaro diatasnya hotspot, Proxy jalan tapi login screen user hotspot jadi gak jalan; :confused:
Berusaha merubah di redirect port nya hotspot, tapi gak bisa diubah...
Mohon Bantuan... :cry: :cry: :cry:


User avatar
musthopa_ping

Post 02 Jan 2012, 08:58

Join Bos, ..
Untuk dapat remote proxy squid dari luar Network gimana yaa?

topologi jaringan sekolah :

ISP
|
Switch/Hub -- ServerWeb
|
Mikrotik
|
Switch --Proxy Squid Ubuntu 2.7 Stable9
|
LAN

--Nah, untuk Remote squidnya gimana caranya, kalo dari mikrotik bisa tapi dari luar jaringan di atas ????


User avatar
ilham2930
Contact:

Post 03 Jan 2012, 08:20

Installin ssh server di mesin proxy, kemudian akses dari luar ke IP mesin proxy..


User avatar
Orca

Post 03 Jan 2012, 08:29

musthopa_ping wrote:Join Bos, ..
Untuk dapat remote proxy squid dari luar Network gimana yaa?

topologi jaringan sekolah :

ISP
|
Switch/Hub -- ServerWeb
|
Mikrotik
|
Switch --Proxy Squid Ubuntu 2.7 Stable9
|
LAN

--Nah, untuk Remote squidnya gimana caranya, kalo dari mikrotik bisa tapi dari luar jaringan di atas ????


/ip firewall nat
add action=dst-nat chain=dstnat comment="Redirect Webmin on Proxy" disabled=no \
dst-address=110.136.xxx.xxx dst-port=10000 protocol=tcp to-addresses=192.168.100.2 \
to-ports=10000 ### Biar Bisa Masuk ke Webmin

add action=dst-nat chain=dstnat comment="Luar Redirect to Proxy" disabled=no \
dst-address=110.136.xxx.xxx dst-port=22 protocol=tcp to-addresses=192.168.100.2 \
to-ports=22
#### Biar Bisa remote via winSCP sama Putty

Ip Proxy : 192.168.100.2
cmiiw


User avatar
zero_point

Post 15 Feb 2012, 09:20

"iptables -A PREROUTING -t nat -p tcp -s 192.168.101.2 --dport 80 -j REDIRECT --to-port 3128"

konfig di atas masukin nya dimana???

mohon bantuan nya....
<<<masih pemula


User avatar
rockafello
Contact:

Post 15 Feb 2012, 15:18

* Documentation: https://help.ubuntu.com/

System information as of Wed Feb 15 15:26:17 WIT 2012

System load: 0.84 Processes: 101
Usage of /: 6.9% of 3.67GB Users logged in: 0
Memory usage: 2% IP address for eth1: 192.168.21.2
Swap usage: 0%

Graph this data and manage this system at https://landscape.canonical.com/
Last login: Wed Feb 15 13:37:23 2012 from 192.168.21.1
rocka007@rocka007:~$ #pico /etc/squid/squid.conf
rocka007@rocka007:~$
rocka007@rocka007:~$ nano /etc/squid/squid.conf
rocka007@rocka007:~$ nano
rocka007@rocka007:~$ nano /etc/squid/squid.conf
rocka007@rocka007:~$ squid -k parse
2012/02/15 15:34:21| ACL name 'all' not defined!
FATAL: Bungled (null) line 180: http_access deny all
Squid Cache (Version 2.7.STABLE9): Terminated abnormally.
rocka007@rocka007:~$


klo kaya gini squid dh jalan blm om...... saya blm berhasil juga


User avatar
Tsubasa

Post 21 Feb 2012, 14:27

Mas-mas Master

Gimana sih settingan wubi ubuntu 11.10
mao bikin proxy , bingung ?

ni di warnet dan ane setting gini gan

Modem
|
mikrotik(rb750)
|
Hub
|
client (15 pc)


mohon pencerahannya gan......


Post Reply

Who is online

Users browsing this forum: No registered users and 22 guests