source :
http://www.forummikrotik.com/guide/18550-%5Bshare-htproxy%5D-cara-mudah-install-proxy-videocache-pada-ubuntu-htproxy.html
https://code.google.com/p/squid-proxy-pkg/
http://www.hikmah-teknologi.com
Topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
MODEM
|
MT
|
Swicth ———- Proxy Ubunt 12.04
|
Client
Client = 192.168.2.1-192.168.2.19
proxy = 192.168.2.20
Gateway = 192.168.2.30
/ip firewall nat
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.20 to-addresses=192.168.2.20 to-ports=3128
add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.1 to-ports=0-65535
/ip firewall address-list add address=192.168.2.2-192.168.2.19 list=Local-Address
Mesin proxy menggunakan biostar A740G M2L+ Ver. 6.x dengan prossesor X-3, OS Debian 6.06 , HD Seagate 250 G, Memory 6 Giga
ip 192.168.2.20
host = proxy domain = proxy.local.war.net
Memory = 1024 MB; HDD 120 Giga
partisi
/ 18 G
/cache-1 30 G
/cache-2 30 G
/cache-3 30 G
SWAP 2 G
login pake non root user dgn putty dan enable kan root access
sudo passwd
login remote pake account root tambah repo webmin, dotdeb dan installasi build-essential supaya extract tar.bz2 tidak error
echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
cd /root
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | apt-key add -
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
apt-get update && apt-get install build-essential
Install squid bila pake ubuntu 32 bit
cd /home
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
tar xvf deb-htproxy_14942_i386.tar.bz2
dpkg -i *.deb
/etc/init.d/squid stop
Install squid bila pake ubuntu 64 bit
wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
dpkg -i *.deb
/etc/init.d/squid stop
kemudian bila selesei pake winscp edit file /etc/squid/squid.conf
sesuaikan dengan port, cache_mem, cache directory dan dns punyanya mas bro terus diubah kepemilikan folder cachenya
untuk 1 GB memory besaran cache_mem gak usah dirubah kayanya kalo partisi cache ama dnsnya bisa kaya gini
cache_dir aufs /cache-1 20000 20 256
cache_dir aufs /cache-2 20000 20 256
cache_dir aufs /cache-3 20000 20 256
#CONTOH DNS GOOGLE
dns_nameservers 203.130.208.18
dns_nameservers 203.130.193.74
dns_nameservers 203.130.196.5
dns_nameservers 222.124.204.34
dns_nameservers 203.130.196.6
dns_nameservers 208.67.222.222
dns_nameservers 208.67.220.220
dns_nameservers 180.131.144.144
dns_nameservers 180.131.145.145
Ubah kepemilikan directory cache
chown proxy:proxy /cache*
Optimalkan file system cache & ubah opsi untuk partisi cache
Disabled fsck (file system check)
nano /etc/fstab
Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
Opsi Directory /cache :
Apabila menggunakan reiserfs gunakan opsi noatime,notail 0 0
Apabila menggunakan ext4 gunakan opsi noatime,barrier=0 0 0
Apabila menggunakan btrfs gunakan opsi noatime,compress,noacl 0 0
cek config bila ada yang error dan menjalankan squid pertama kali
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
edit sysctl.conf
nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 245000
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save,
sysctl -p
edit squid.conf sesuai kondisi
chown proxy:proxy /cache-1 && chmod 777 /cache-1 && chown proxy:proxy /cache-2 && chmod 777 /cache-2 && chown proxy:proxy /cache-3 && chmod 777 /cache-3
squid -z
squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p tcp –-dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -m state –-state NEW -p udp –-dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.2.0/24 -–dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 8080 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -–dport 80 -j REDIRECT -–to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p udp -–dport 80 -j REDIRECT -–to-port 3128
iptables-save -c > /etc/iptables.up.rules
Tidak ada komentar:
Posting Komentar