installasi squid proxy di ubuntu server 10.10

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
BlackRedemp
Posts: 1
Joined: 05 May 2011, 16:02
Location: jogjakarta
Contact:

installasi squid proxy di ubuntu server 10.10

Post by BlackRedemp » 05 May 2011, 16:34

maaf sebelumnya.
salam kenal buat agan2 semuanya, ane newbie ne.

salam ubuntu! merdeka!

langsung aja gan,
ane udah install ubuntu server 10.10
ane mo install squid proxy,,
tp waktu ane ketikkan perintah,
# sudo apt-get update
munculnya gini gan :

Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/main Sources
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/restricted Sources
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/universe Sources
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/multiverse Sources
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/main amd64 Packages
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/restricted amd64 Packages
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/universe amd64 Packages
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
Err http://us.archive.ubuntu.com maverick-updates/multiverse amd64 Packages
Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... elease.gpg Could not connect to us.archive.ubuntu.com:80 (91.189.88.140). - connect (110: Connection timed out) [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... elease.gpg Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ion-en.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... -en_US.bz2 Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... elease.gpg Could not connect to security.ubuntu.com:80 (91.189.92.167). - connect (110: Connection timed out) [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ion-en.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... -en_US.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ion-en.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... -en_US.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ion-en.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... -en_US.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ion-en.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... -en_US.bz2 Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... Sources.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... Sources.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... Sources.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... Sources.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ackages.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ackages.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ackages.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists ... ackages.gz Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... Sources.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dis ... ackages.gz Unable to connect to us.archive.ubuntu.com:http: [IP: 91.189.88.140 80]

E: Some index files failed to download, they have been ignored, or old ones used instead.
root@jayanet:~#

ane minta tolong pencerahannya gan??? please??

terima kasih agan2 semuanya, semoga bisa segera terjawab.

salam kenal dari BlackRedemp


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 05 May 2011, 21:05

konekin internet dulu bro...


User avatar
blangkon91
Posts: 16
Joined: 07 May 2010, 16:08
Location: jakarta/tangerang
Contact:

Post by blangkon91 » 09 May 2011, 12:34

bener apa yang di kasih tau Gan di atas ane, sama kaya aku dulu juga gitu, hixzzz


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 12 May 2011, 17:08

salam perkenalan "wasli"
sudah 1 bulan saya coba ubuntu server 9.04 namun belum berhasil
tolong para master sekalian untuk mohon di koreksi instal serta squid
ip proxy 192.168.2.2
ip mikrotik 192.168.2.1
ip client 192.168.0.1
ip modem spedy 192.168.1.3

sudah saya install semua sukses namun pada saat dihubungkan ke clien muncul tulisan

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com/firefox?

The following error was encountered:

* Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is alfanet.
Generated Thu, 12 May 2011 16:42:30 GMT by cikruk21 (squid/2.7.STABLE3)


dan ini squid yang saya pakai

# Proxy Server Versi 2.7.Stable7
# by cikruk21
#-----------------------------------#

#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#

http_port 3128 transparent

#---------------------------------------------------------------#
#untuk facebook
#---------------------------------------------------------------#

server_http11 on

acl speedtest dstdomain .speedtest.cbn.net
acl speedtest dstdomain .speedtest.net
cache allow speedtest

#icp_port 3130
#prefer_direct off
#tambahan
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 125 KB

ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF


mime_table /usr/share/squid/mime.conf
#----------------------------------------------------------------#
# cache_dir
#----------------------------------------------------------------#

cache_dir aufs /home/proxy1 25000 30 256

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_fqdn off
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers 192.168.2.1
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#anyar
positive_dns_ttl 1 hours

#ftp mode pasif

ftp_passive on
ftp_sanitycheck on

#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#

#tambahan
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
shutdown_lifetime 10 seconds


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel


acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#

# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ign$
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ignore-re$

#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ign$
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload igno$

# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth


refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320
#refresh_pattern ^http://pb.gemscool.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://ayodance.megaxus.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://luna.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://www.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://kaskus.us/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://perfectworld.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://seal.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.indowebster.*/.* 720 100% 4320
refresh_pattern ^http://*.4shared.*/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.boleh.*/.* 720 100% 4320
#refresh_pattern ^http://*.detik.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320
#refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320
#refresh_pattern ^http://*.kompas.*/.* 180 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.texas_holdem.*/.* 720 100% 4320
refresh_pattern ^http://*.zynga.com.*/.* 720 100% 4320
refresh_pattern ^http://*.ninjasaga.*/.* 720 100% 4320
refresh_pattern ^http://*.texas.poker.*/.* 720 100% 4320
refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

#---------------------------------------------------------------#
# SNMP
#---------------------------------------------------------------#

snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all

#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#


#acl cikruk21 src 192.168.0.0/24
acl cikruk21 src 192.168.2.0/24
http_access allow cikruk21
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow cikruk21
icp_access allow localhost
icp_access allow all
always_direct deny all

#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#

cache_mgr alfanet
visible_hostname cikruk21
cache_effective_user proxy
cache_effective_group proxy

logfile_rotate 7

#tambahan
memory_pools on #biasanya off
icp_hit_stale on
query_icmp on
reload_into_ims on
coredump_dir /var/spool/squid
pipeline_prefetch on
vary_ignore_expire on

request_body_max_size 1048 KB



#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 12 May 2011, 22:37

mencoba membantu ya, coba2 juga, di bagian :
wasliyanto wrote: ip proxy 192.168.2.2
ip mikrotik 192.168.2.1
ip client 192.168.0.1
ip modem spedy 192.168.1.3
saya asumsikan ip client2 bos wasli, 192.168.0.0/24
wasliyanto wrote: sudah saya install semua sukses namun pada saat dihubungkan ke clien muncul tulisan

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com/firefox?

The following error was encountered:

* Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is alfanet.
Generated Thu, 12 May 2011 16:42:30 GMT by cikruk21 (squid/2.7.STABLE3)
dari error tersebut diartikan(menurut saya) si client dilarang keras dilewatkan ke modem, di tutup oleh si "cumi", menurut analisa saya di sebabkan pada squid.conf:
wasliyanto wrote: acl cikruk21 src 192.168.2.0/24
http_access allow cikruk21

dari script itu diartikan yang boleh mengakses jaringan adalah 192.168.2.0/24 yang didefinisikan sebagai cikruk21, padahal ip client 192.168.0.1(192.168.0.0/24), beda segmen beda network, harus di definisikan di squid,conf dan mainin iptables...
itu masih menurut saya bro... :D


User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Post by sipelaut » 13 May 2011, 06:42

wasliyanto wrote:salam perkenalan "wasli"
sudah 1 bulan saya coba ubuntu server 9.04 namun belum berhasil
tolong para master sekalian untuk mohon di koreksi instal serta squid
ip proxy 192.168.2.2
ip mikrotik 192.168.2.1
ip client 192.168.0.1
ip modem spedy 192.168.1.3

waduhh udah makek mikrotik...
gak berani bantu broo... soalnya lom paham mikrotik
nyimak ajalah.. hee....


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 13 May 2011, 21:21

sudah saya coba bos yudiarbi menurut penjelasan diatas, disesuaikan ip nya tetap keluar seperti itu, apa mungkin squidnya yang salah bro,tolong dong bantuin mungkin punya squid yang lain yang sudah terbukti bisa, maklum la saya newbie sekali dengan ubuntu server dan squid, sebelumnya saya pakai proxy clearOS 5.2 digabungkan dengan mikrotik sudah sukses dan jalan,kali ini saya masih belajar ubuntu proxy juga digabungkan dengan mikrotik, tolong bro dibantuin


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 14 May 2011, 02:27

coba di posting skema jaringan lengkap plus ip2nya..., mgkn bisa kita tela'ah bareng2..


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 14 May 2011, 09:11

192.168.1.2 192.168.0.1
Modem spedy-------------------Mikrotik-------------------Wifi
192.168.1.1 192.168.0.253
192.168.2.1 -----------------------------

Proxy Ubuntu
192.168.2.2



Mikrotik
192.168.1.1 (gatway di mikrotik)
Ether5 -192.168.2.1/24 ke proxy ubuntu
Ether2 -192.168.0.1/24 ke wifi
Ether3 -192.168.1.2/24 ke modem speedy

DNS mikrotik
180.131.144.144
180.131.145.145

Seting nat di mikrotik
/ip firewall nat add chain=srcnat out-interface=ether3 action=masquerade
/ip firewall nat add chain=dstnat src-address=!192.168.2.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.2.2 to-ports=3128 comment="Redirect_Proxy_WiFi" disabled=no

Nb: setingan mikrotik diatas sudah bisa jalan dengan proxy clearOS 5.2 standlone no firewall

Ubuntu server 9.04
IP 192.168.2.2
255.255.255.0
192.168.2.1 gatway
Name dns 192.168.2.1

CPU ubuntu:Pentium 4, proc. 3 G, ram 512, hardisk sata 80G

Partisi hardisknya ubuntu
#1 Primary 4.0 GB ext4 /boot
#2 Logical 4.0 GB ext4 /
#3 Logical 4.0 GB ext4 /var
#4 Logical 4.0 GB ext /usr
#5 Logical 1.0 GB swap
#6 Logical 30.0GB /home/proxy1
#7 Logical 33.0GB /home/data

Saya ngambil tutorial dari web:
http://kumpulan-tutorial-mikrotik.blogs ... squid.html
maaf gambar topologinya ga jelas(ngajak)


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 14 May 2011, 10:12

kayaknya di bagian ini :
/ip firewall nat add chain=dstnat src-address=!192.168.2.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.2.2 to-ports=3128
tanda seru diilangin
smpyn ubah natnya dengan konsep pake src-address yaitu yang akan diproxy adalah yang dari eth3 yang sudah dihandle oleh mikrotik di nat ke port80 address server proxy ports 3128
/ip firewall nat add chain=dstnat src-address=192.168.1.2 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.2.1 to-ports=3128
mgkn bisa membantu


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 14 May 2011, 11:03

sudah saya rubah natnya sesuai dengan petunjuk diatas namun saya pantau di ip address mikrotik ether5 yang terhubung ke proxy masih belum jalan walaupun disisi client banyak yang dowload dan browsing namun masih tidak sesuai dengan kecepatan yang ada di ether 2 dan 3 berkisar, client browsing sudah bisa jalan 586bps


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 14 May 2011, 16:39

kalo memantau proxy ya ditunggu beberapa saat, lakukan aktifitas di client, sambil jlnin perintah di server proxy tail -f /var/log/squid/access.log


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 14 May 2011, 18:28

cara melihat client ada akses dan bisa berfungsi cache nya bagaimana?


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 15 May 2011, 01:09

ya di atas itu perintahnya ke server proxy bos, sambil client melakukan aktifitas browsing...


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 16 May 2011, 19:38

Sudah dilakukan sesuai dengan petunjuk mas yudiarbi namun di proxy hitnya tidak bergerak, walaupun client melakukan browsing, apanya ya, yang salah, tolongin dong?


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 16 May 2011, 22:19

waduh..kok bisa bro, transparent proxy kan?coba diganti :
add action=dst-nat chain=dstnat comment="___DIRECT TO PROXY" disabled=no \
dst-port=80 protocol=tcp to-addresses=192.168.168.2.1 \
to-ports=3128


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 05:43

sudah saya coba bos tetep g bisa, malah client tidak bisa browsing bos,bagaimana ya? apa squidnya yang perlu dirubah ya?


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 17 May 2011, 06:43

yang ini ttp jgn di ilangin :
/ip firewall nat add chain=srcnat out-interface=ether3 action=masquerade
di tambahin ini :
/ip firewall nat add chain=dstnat src-address=192.168.1.2 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.2.1 to-ports=3128
rule2nya cukup itu aj, rule2 yg lain diapus, gmn hasilnya?gak perlu merubah squid krn overall ud bagus kok, asal acl di ganti sesuai jawaban saya di atas :D


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 07:03

coba bos acl nya diketikkan juga karena saya kurang jelas, ini sudah saya coba client sudah bisa browsing namun dilihat di hit nya ga jalan walaupun client sudah browsing


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 07:26

tolong bos penyesuain aclnya di squidnya di ketikkan krn saya kurang jelas,maklum pemula sekali


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 09:59

tolong bos cara penyesuaian aclnya disquid diatas diketikkan krn saya kurang jelas/paham


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 17 May 2011, 10:34

mencoba membantu, mungkin ad koreksi dari master2..
cache_dir aufs /home/proxy1 25000 30 256
diganti
cache_dir aufs /home/proxy1 25000 32 256
dns_nameservers 192.168.2.1
diganti
dns_nameservers 127.0.0.1 #agar lgsg membaca /etc/resolv.conf
acl cikruk21 src 192.168.2.0/24
diganti
acl cikruk21 src 192.168.0.0/24 # karena ip client 192.168.0.1
maximum_object_size 128 MB
diganti
maximum_object_size 1024 MB #biar yang dicache semakin besar, krn tag refresh_pattern banyak tuh di squid.conf anda
maximum_object_size_in_memory 4 bytes
#biar memaksimalkan partisi proxynya

nb : kl bisa memory_pools di comment aj krn ntar jd ribet di caching
quick_abort di comment aj semua, ntar jd di-aborted semua sama si squid, juga sekalian kita test dulu, jd dikasih tambhan2 dulu


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 11:21

sudah disesuaikan squidnya seperti acuan diatas namun tetap aja bos hit nya g jalan,bgaimana bos ? apa nya ya yang salah


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 17 May 2011, 16:11

coba squid.conf ubh spt ini :

Code: Select all

http_port 3128 transparent
icp_port 3130
prefer_direct off

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir aufs /home/proxy1 15000 32 256

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state

dns_nameservers 127.0.0.1

emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minute

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8


acl SSL_ports port 443 563 873	# https
acl Safe_ports port 80		# http
acl Safe_ports port 20 21	# ftp
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 631
acl Safe_ports port 10000
acl Safe_ports port 901
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl Safe_ports port 873		# rsync
acl Safe_ports port 110		# POP3
acl Safe_ports port 25
acl Safe_ports port 2095 2096
acl Safe_ports port 2082 2083

acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg\mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)% 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320

refresh_pattern .	0	20%	4320

#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default

acl cikruk src "/etc/squid/daf.txt"

snmp_port 3401 
acl snmpsquid snmp_community public 
snmp_access allow snmpsquid localhost 
snmp_access deny all

http_access allow cikruk
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow localhost
icp_access deny all
always_direct deny all

cache_mgr alfanet@yahoo.com
cachemgr_passwd 123 all
visible_hostname alfa.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
buat file daf.txt di /etc/squid dengan isi ip dari client2
contoh :
192.168.0.100
192.168.0.101

mgkn bisa membantu


User avatar
wasliyanto
Posts: 12
Joined: 12 May 2011, 16:59

Post by wasliyanto » 17 May 2011, 21:36

sudah saya ganti squidnya sesuai petunjuk yang diatas tapi masih belum bisa, pergantian squid juga sukses dan dijalankan squidnya juka sudah jalan namun di hitnya masih belum jalan, kira2 apanya ya, tolong bos jika memang ada tutorial install ubuntu dan squid yang lain yang sudah berhasil jalan mohon boleh dong saya copy, apa saya instal ulang lagi ya? jadi bingun deh! maklum saya baru pemula


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 18 May 2011, 08:21

saya gak punya tutorial, memang sih sbnre mnrt pendapatku, ngpain pake mikrotik sama proxy lain mesin, mending ttp satu mesin, mikrotik aj ato proxy aj.sbnre ubuntu server udah cukup kok.(tapi ini pendapatq loh), krn gmn pun di mikrotik udah ad proxy walaupun gak di aktifkan dan hitnya gak sebagus mesin sendiri, kl mikrotik sbg router, ubuntu udah sangat bisa kok..


User avatar
ahzamsesya
Posts: 31
Joined: 05 Oct 2011, 19:00
Location: Bekasi
Contact:

Post by ahzamsesya » 05 Oct 2011, 19:28

agan yudiarbi mohon pencerahan.
mangle di MT sy seperti ini :


/ip firewall mangle
add action=mark-packet chain=prerouting comment=CACHE_HIT disabled=no dscp=12 \
new-packet-mark=proxy_hit passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no dscp=12 \
new-packet-mark=proxy_hit passthrough=no
add action=mark-packet chain=prerouting comment=DNS disabled=no dst-port=53 \
in-interface=Local new-packet-mark=critical_up passthrough=no protocol=\
udp
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=critical_down out-interface=Local passthrough=no \
protocol=udp src-port=53
add action=mark-packet chain=prerouting comment=ICMP disabled=no \
icmp-options=0:0 in-interface=Local new-packet-mark=critical_up \
passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment="" disabled=no icmp-options=\
8:0 in-interface=Local new-packet-mark=critical_up passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no icmp-options=\
0:0 new-packet-mark=critical_down out-interface=Local passthrough=no \
protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no icmp-options=\
8:0 new-packet-mark=critical_down out-interface=Local passthrough=no \
protocol=icmp
add action=mark-packet chain=prerouting comment=QoS_ACK_UP disabled=no \
dst-address=203.89.146.0/24 in-interface=Local new-packet-mark=\
time_critical_up packet-size=0-666 passthrough=no protocol=tcp tcp-flags=\
syn
add action=mark-packet chain=prerouting comment="" disabled=no dst-address=\
203.89.146.0/24 in-interface=Local new-packet-mark=time_critical_up \
packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=QoS_ACK_DOWN disabled=no \
new-packet-mark=time_critical_down out-interface=Local packet-size=0-666 \
passthrough=no protocol=tcp src-address=203.89.146.0/24 tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=time_critical_down out-interface=Local packet-size=0-123 \
passthrough=no protocol=tcp src-address=203.89.146.0/24 tcp-flags=ack
add action=mark-packet chain=prerouting comment=QoS_ACK_UP disabled=no \
dst-port=80,443,3128,5050 in-interface=Local new-packet-mark=\
time_critical_up packet-size=0-666 passthrough=no protocol=tcp tcp-flags=\
syn
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=\
80,443,3128,5050 in-interface=Local new-packet-mark=time_critical_up \
packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting comment=QoS_ACK_DOWN disabled=no \
new-packet-mark=time_critical_down out-interface=Local packet-size=0-666 \
passthrough=no protocol=tcp src-port=80,443,3128,5050 tcp-flags=syn
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=time_critical_down out-interface=Local packet-size=0-123 \
passthrough=no protocol=tcp src-port=80,443,3128,5050 tcp-flags=ack
add action=mark-packet chain=prerouting comment="Poker Zynga & Poker King" \
disabled=no dst-port=843,9339,1111-1120,11000-14000 in-interface=Local \
new-packet-mark=game_up passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=game_down out-interface=Local passthrough=no protocol=tcp \
src-port=843,9339,1111-1120,11000-14000
add action=mark-packet chain=prerouting comment=REMOTE disabled=no dst-port=\
8291,4899,5050 in-interface=Local new-packet-mark=remote_up passthrough=\
no protocol=tcp
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=remote_down out-interface=Local passthrough=no protocol=\
tcp src-port=8291,4899,5050
add action=mark-packet chain=prerouting comment=Game-UP disabled=no dst-port="\
19101,19000,39100,39110,39220,39190,49100,27780,29000,22100,6000-6152,1818\
,13002,10012" in-interface=Local new-packet-mark=game_up passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="" disabled=no dst-port="10009\
,13008,16666,28012,9300,9400,9700,10001-10011,40000,4300,22100,12025,13051\
,14901" in-interface=Local new-packet-mark=game_up passthrough=no \
protocol=tcp
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=\
5340,5352,11132,11458,18901-18910,13045,27018 in-interface=Local \
new-packet-mark=game_up passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="" disabled=no dst-port=\
40000-40010,42489,12020-12080,13000-13080,9401,9600,40040-40500,1293,1479 \
in-interface=Local new-packet-mark=game_up passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment=Game-Down disabled=no \
new-packet-mark=game_down out-interface=Local passthrough=no protocol=tcp \
src-port="19101,19000,39100,39110,39220,39190,49100,27780,29000,22100,6000\
-6152,1818,13002,12038"
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=game_down out-interface=Local passthrough=no protocol=tcp \
src-port="10009,13008,16666,28012,9300,9400,9700,10001-10011,40000,4300,22\
100,12025,13051,14901"
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=game_down out-interface=Local passthrough=no protocol=tcp \
src-port=5340,5352,11132,11458,18901-18910,13045,27018
add action=mark-packet chain=postrouting comment="" disabled=no \
new-packet-mark=game_down out-interface=Local passthrough=no protocol=udp \
src-port=\
40000-40010,42489,12020-12080,13000-13080,9401,9600,40040-40500,1293,1479
add action=mark-packet chain=prerouting comment=BROWSE_Up connection-bytes=\
0-64000 disabled=no dst-address-list=!Local in-interface=Local \
new-packet-mark=browse_up passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BROWSE_Down \
connection-bytes=0-256000 disabled=no new-packet-mark=browse_down \
out-interface=Local passthrough=no protocol=tcp src-address-list=!Local
add action=mark-packet chain=prerouting comment=BIG-UP connection-bytes=\
64000-0 disabled=no dst-address-list=!Local in-interface=Local \
new-packet-mark=big_up passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment=BIG-Down connection-bytes=\
256000-0 disabled=no new-packet-mark=big_down out-interface=Local \
passthrough=no protocol=tcp src-address-list=!Local

/ip firewall nat
add action=masquerade chain=srcnat comment=Nat-masq disabled=no \
out-interface=Public
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Modem
add action=dst-nat chain=dstnat comment=Transparent-Proxy disabled=yes \
dst-address-list=!Proxy dst-port=80 in-interface=Local protocol=tcp \
src-address-list=Local to-addresses=192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment=Remote-Only disabled=no dst-port=22 \
in-interface=Public protocol=tcp to-addresses=192.168.2.2 to-ports=22
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=4898 \
in-interface=Public protocol=tcp to-addresses=192.168.0.100 to-ports=4899
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=10000 \
in-interface=Public protocol=tcp to-addresses=192.168.0.100 to-ports=4899
add action=redirect chain=dstnat comment="DNS Resolver" disabled=no dst-port=\
53 protocol=udp to-ports=53
add action=redirect chain=dstnat comment="" disabled=no dst-port=53 protocol=\
tcp to-ports=53

/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no


/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0

/interface
add disabled=no interface=Modem type=external
add disabled=no interface=Local type=internal
add disabled=no interface=Proxy type=internal
add disabled=no interface=ether4-local-slave type=internal
add disabled=no interface=Proxy1 type=internal

/queue interface
set Modem queue=ethernet-default
set Local queue=ethernet-default
set Proxy queue=ethernet-default
set ether4-local-slave queue=ethernet-default
set Proxy1 queue=ethernet-default
set Public queue=default


++++++++++


dan squid con f sy ini:


# Proxy Server Versi 2.7.Stable7
# by cikruk21
#-----------------------------------#

#---------------------------------------------------------------#
# Port
#---------------------------------------------------------------#

http_port 3128 transparent

#---------------------------------------------------------------#
#untuk facebook
#---------------------------------------------------------------#

server_http11 on

acl speedtest dstdomain .speedtest.cbn.net
acl speedtest dstdomain .speedtest.net
cache allow speedtest

#icp_port 3130
#prefer_direct off
#tambahan
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#---------------------------------------------------------------#
# Cache & Object
#---------------------------------------------------------------#

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 125 KB

ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF


mime_table /usr/share/squid/mime.conf
#----------------------------------------------------------------#
# cache_dir
#----------------------------------------------------------------#

cache_dir aufs /cache1 25000 30 256
cache_dir aufs /cache2 25000 30 256
cache_dir aufs /cache3 25000 30 256
cache_dir aufs /cache4 25000 30 256

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_fqdn off
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers 127.0.0.1
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#anyar
positive_dns_ttl 1 hours

#ftp mode pasif

ftp_passive on
ftp_sanitycheck on

#---------------------------------------------------------------#
# Rules: Safe Port
#---------------------------------------------------------------#

#tambahan
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
shutdown_lifetime 10 seconds


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel


acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

#---------------------------------------------------------------#
# Refresh Pattern
#---------------------------------------------------------------#

# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims

#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload

# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth


refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320
#refresh_pattern ^http://pb.gemscool.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://ayodance.megaxus.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://luna.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://www.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://kaskus.us/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://perfectworld.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
#refresh_pattern ^http://seal.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern ^http://*.indowebster.*/.* 720 100% 4320
refresh_pattern ^http://*.4shared.*/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.boleh.*/.* 720 100% 4320
#refresh_pattern ^http://*.detik.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320
#refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320
#refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320
#refresh_pattern ^http://*.kompas.*/.* 180 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.texas_holdem.*/.* 720 100% 4320
refresh_pattern ^http://*.zynga.com.*/.* 720 100% 4320
refresh_pattern ^http://*.ninjasaga.*/.* 720 100% 4320
refresh_pattern ^http://*.texas.poker.*/.* 720 100% 4320
refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320
refresh_pattern ^http://*.mivo.tv.*/.* 720 100% 4320

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

#---------------------------------------------------------------#
# SNMP
#---------------------------------------------------------------#

snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all

#---------------------------------------------------------------#
# ALLOWED ACCESS
#---------------------------------------------------------------#


acl mutiara src 192.168.0.0/24
acl localhost
http_access allow localhost
http_access allow mutiara
http_access deny all
http_reply_access allow all
icp_access allow mutiara
icp_access allow localhost
icp_access allow all
always_direct deny all

#---------------------------------------------------------------#
# Cache CGI & Administrative
#---------------------------------------------------------------#

cache_mgr Mutiara@mutiara.net
cahcemgr passw 123 all
visible_hostname mutiara
cache_effective_user proxy
cache_effective_group proxy
coredump dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 7

#tambahan
memory_pools on #biasanya off
icp_hit_stale on
query_icmp on
reload_into_ims on
coredump_dir /var/spool/squid
pipeline_prefetch on
vary_ignore_expire on

request_body_max_size 1048 KB



#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136




=========================================
ketika say liat log kok diam aja dan banyak yang mis, mohon masukan bangeet om, makasih


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 06 Oct 2011, 13:44

maaf bos, terlalu banyak routing bos,jgn selalu bikin mark agar gak terjadi double NAT,udah ada di squid.conf ngapain masih ngarahin tiap2 port pake iptables?
untuk marking aq lihat 0x30 berarti marking 30 trus paket apa yg dimarking definisikan di iptables
dibawah squid.conf cuku
zph_mode tos
zph_local 0x30
trus yg di refresh_pattern cukup ekstensi file, url gak usah krn udah otomatis tercache


User avatar
ahzamsesya
Posts: 31
Joined: 05 Oct 2011, 19:00
Location: Bekasi
Contact:

Post by ahzamsesya » 06 Oct 2011, 22:45

makasih om, atas responnya, untuk MT nya kira2 mana yang harus sy pakai dan sy buang mohon dikasih masukan.

refresh pattern url, maksud sy biar patching pb ma ayodance tercache, 1 x lagi mohon masukan dan solusi, maklum newbie abis


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 07 Oct 2011, 08:36

MT buang semua kecuali yang packet proxy sehingga packet proxy bisa dapet full koneksi krn yg dipake adalah koneksi lokal, saran aj kasih DNS server lokal contoh iptables lokal :
iptables -t mangle -A OUTPUT -m tos --tos Maximize-Reliability -j MARK --set-mark 0x30


User avatar
ahzamsesya
Posts: 31
Joined: 05 Oct 2011, 19:00
Location: Bekasi
Contact:

Post by ahzamsesya » 07 Oct 2011, 14:24

waduh makin bingung dah gn, soalnya sy setiing apketan dari sononya tuh, belum berani oprek lagi, pas sekali oprek malah eror tus squid


User avatar
sta
Posts: 2003
Joined: 27 Apr 2010, 09:49
Contact:

Post by sta » 07 Oct 2011, 14:39

sebelom di oprek di backup dulu, misal
cp squid.conf squid20111008

baru oprek2 kalo bingung tinggal pake squid20111008 lagi
cp squid20111008 squid.conf


User avatar
ahzamsesya
Posts: 31
Joined: 05 Oct 2011, 19:00
Location: Bekasi
Contact:

Post by ahzamsesya » 09 Oct 2011, 17:11

ada ga software ghost untuk linux, jika suatu saat proxyku eror, aku tinggal restore imagenya


User avatar
ilham2930
Posts: 1123
Joined: 02 Jan 2010, 19:30
Location: /indonesia/tangerang/bonank_city
Contact:

Post by ilham2930 » 10 Oct 2011, 08:59

ahzamsesya wrote:ada ga software ghost untuk linux, jika suatu saat proxyku eror, aku tinggal restore imagenya

pake ghost live CD kan bisa bro,
ato kloning aja HD proxy-nya, gampang ko..
nih tutorialnya, buat referensi..
Cloning HD with ubuntu


User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Post by sipelaut » 10 Oct 2011, 19:25

OOT dikit
broo... ada gak tutorial buat squid proxy ubuntu dan mikrotik
proxy pakek ubuntu sedangkan mikrotik untuk routernya
habisnya udah gatel mata ini tiap hari liat temen2 pada posting ngecache websites pakek squid (ubuntu) + mikrotik
pengen nyoba juga buat diterapin di kantor
atau ada yang bersedia buat tutorial di forum ini
hee...
sori OOT


User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Post by yudiarbi » 12 Oct 2011, 09:10

sayang, aq kl bikin2 gitu gak terdokumentasi(sisi kelemahahanq) :D


User avatar
bulugading
Posts: 217
Joined: 09 Jan 2010, 13:23
Location: Jember, Jawa Timur
Contact:

Post by bulugading » 12 Oct 2011, 14:55

sipelaut wrote: OOT dikit
broo... ada gak tutorial buat squid proxy ubuntu dan mikrotik
proxy pakek ubuntu sedangkan mikrotik untuk routernya
habisnya udah gatel mata ini tiap hari liat temen2 pada posting ngecache websites pakek squid (ubuntu) + mikrotik
pengen nyoba juga buat diterapin di kantor
atau ada yang bersedia buat tutorial di forum ini
hee...
sori OOT
salam sore, di kantor ana sudah implementasi itu mas broe, dokumentasi masih acak2an belum sempet rapih-rapih.

mudah2 an ada waktu untuk sekedar membagii.. contact2 aja ana takut kelupaan ..


User avatar
sta
Posts: 2003
Joined: 27 Apr 2010, 09:49
Contact:

Post by sta » 12 Oct 2011, 15:27



Post Reply

Who is online

Users browsing this forum: No registered users and 13 guests