Install Ubuntu Server untuk Proxy dengan Squid

Topologi Jaringan:

Modem DSL------------Mikrotik------------Hub-----------Client
                                            |
                                            |
                                       Proxy Ubuntu (harddisk-nya minimal 80GB)

Langkah2:

1. Download Ubuntu Server 10.04 (untuk intel download disini!!!, untuk AMD download disini!!!)
2. Booting lewat CD-ROM
3. Pilih language english (enter)
4. Pilih install ubuntu server (enter)
5. Tekan enter pada choose langguage english
6. Pilih united states
7. Klik no pada detect keyboard layout?
8. Klik USA pada ubuntu installer main menu
9. Klik USA pada keyboard layout
10. Klik continue pada configure the network
11. Pilih configure network manually isi ip address dengan 192.168.7.2 pilih continue enter
12. Netmask 255.255.255.0 pilih continue enter
13. Gateway 192.168.7.1 terus klik continue
14. Name server addresses 192.168.7.1 8.8.8.8 pilih continue enter
15. Hotsname : isi dg fanizar terus pilih continue enter
16. Domain name: di kosongin saja, pilih continue enter
17. Pada configure the clok pilih select from worldwide list terus cari jakarta terus enter
18. Pada menu partition disk pilih manual
19. Hapus partisi lama dulu (pilih delete the partion)
20. Pilih partisi baru terus (arahkan pada FREE SPACE kemudian enter)
21. Pilih manual

22. Pilih Create new partition (enter)

- isi 1gb enter
- Primary enter
- Begining enter
- use as = Ext4
- Mount point = /boot
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition

23. Pilih Create new partition (enter)

- isi 16gb
- Secondary
- Begining
- use as = Ext4
- Mount point = /
- Mount options = noatime
- Pilih Done setting up the partition

24. Pilih Create new partition (enter)

- isi 2gb (2x besaran RAM)
- Secondary
- Begining
- use as = swap area
- Pilih Done setting up the partition

25. Pilih Create new partition (enter)

- isi berdasarkan sisa hasil partisi dikurangi 2gb untuk direktori home continue
- Secondary
- use as = ReiserFS
- Mount point = Enter manually dan rubah menjadi /cache
- Mount options = notail dan noatime
- Pilih Done setting up the partition

26. Pilih Create new partition (enter)

- isi 2gb (atau sisa dari direktori cache) enter
- Secondary enter
- Begining enter
- use as = Ext4
- Mount point = /home
- Mount options = noatime
- Bootable flag = on
- Pilih Done setting up the partition

27. Kemudian pilih finis partitioning and write changes to disk, write the changes to disk pilih yes
28. pada full name for the new user isi dg fanizar, terus continue & enter
29. pada Username for your account isi dg fanizar, terus continue & enter
30. pada a password for the new user isi dg fanizar, terus continue & enter
31. pada re-enter password to verify isi dg fanizar, terus continue & enter
32. pada use weak password pilih yes
33. pada encrypt your home directory pilih no
34. pada HTTP proxy information KOSONGIN SAJA
35. pada configurasi apt 43% tekan enter, juga pada 81% tekan enter pilih no automatic update
36.pada choose software to install pilih OpenSSH server pilih continus pd finis the installation dan
restart

37. Remote pake putty, setelah berhasil login ketik perintah:
- sudo su kemudian isikan password yang tadi dibuat waktu ngistall
- sudo apt-get update
- sudo apt-get install squid
- sudo apt-get install squid squidclient squid-cgi
- sudo apt-get install ccze
- passwd (isikan password untuk root)
- squid stop

Siapkan Softwre Winscp kemudian install. Masuk ke proxy dengan username root dan password yang dibuat tadi.

masuk ke direktori /etc/squid dan backup dulu suid.conf ke flashdisk kemudian buka squid.conf tersebut. Hapus semua isinya dan ganti dengan konfigurasi di bawah ini:

# Proxy Server Versi 2.7.Stable7

# by fanizar

# Port

http_port 3128 transparent

server_http11 on

acl speedtest dstdomain .speedtest.cbn.net

acl speedtest dstdomain .speedtest.net

cache allow speedtest

#icp_port 3130

#prefer_direct off

#tambahan

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

# Cache & Object

cache_mem 8 MB

cache_swap_low 98

cache_swap_high 99

max_filedesc 8192

maximum_object_size 512 MB

minimum_object_size 0 KB

maximum_object_size_in_memory 125 KB

ipcache_size 4096

ipcache_low 98

ipcache_high 99

fqdncache_size 4096

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

mime_table /usr/share/squid/mime.conf

# cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options>

cache_dir aufs /cache 49000 30 256

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log none

log_fqdn off

pid_filename /var/run/squid.pid

cache_swap_log /var/log/squid/swap.state

dns_nameservers 192.168.7.1 8.8.8.8

emulate_httpd_log off

hosts_file /etc/hosts

half_closed_clients off

negative_ttl 1 minutes

#anyar

positive_dns_ttl 1 hours

#ftp mode pasif

ftp_passive on

ftp_sanitycheck on

# Rules: Safe Port

#tambahan

quick_abort_min 0

quick_abort_max 0

quick_abort_pct 98

shutdown_lifetime 10 seconds

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 873 # https snews rsync

acl Safe_ports port 80 # http

acl Safe_ports port 20 21 # ftp

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 631 # cups

acl Safe_ports port 10000 # webmin

acl Safe_ports port 901 # SWAT

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 873 # rsync

acl Safe_ports port 110 # POP3

acl Safe_ports port 25 # SMTP

acl Safe_ports port 2095 2096 # webmail from cpanel

acl Safe_ports port 2082 2083 # cpanel

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports !SSL_ports

http_access deny CONNECT !SSL_ports !Safe_ports

# Refresh Pattern

# pictures & images

# refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ign$

# refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims ignore-re$

#sound, video multimedia

# refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ign$

# refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload igno$

# files

refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-auth

refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-auth

refresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-auth

refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth

refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth

refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320

refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://*.google.*/.* 720 100% 4320

#refresh_pattern ^http://pb.gemscool.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

#refresh_pattern ^http://ayodance.megaxus.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

#refresh_pattern ^http://luna.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://www.facebook.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://kaskus.us/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

#refresh_pattern ^http://perfectworld.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

#refresh_pattern ^http://seal.lytogame.com/.* 720 100% 4320 override-expire override-lastmod reload-into-ims

refresh_pattern ^http://*.indowebster.*/.* 720 100% 4320

refresh_pattern ^http://*.4shared.*/.* 720 100% 4320

refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320

refresh_pattern ^http://*.yimg.*/.* 720 100% 4320

refresh_pattern ^http://*.boleh.*/.* 720 100% 4320

#refresh_pattern ^http://*.detik.*/.* 180 100% 4320

#refresh_pattern ^http://*.detikinet.*/.* 180 100% 4320

#refresh_pattern ^http://*.detikhot.*/.* 180 100% 4320

#refresh_pattern ^http://*.detiportal.*/.* 180 100% 4320

#refresh_pattern ^http://*.kompas.*/.* 180 100% 4320

refresh_pattern ^http://*.facebook.*/.* 720 100% 4320

refresh_pattern ^http://*.texas_holdem.*/.* 720 100% 4320

refresh_pattern ^http://*.zynga.com.*/.* 720 100% 4320

refresh_pattern ^http://*.ninjasaga.*/.* 720 100% 4320

refresh_pattern ^http://*.texas.poker.*/.* 720 100% 4320

refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320

refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320

refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320

#default option

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

# SNMP

snmp_port 3401

acl snmpsquid snmp_community public

snmp_access allow snmpsquid localhost

snmp_access deny all

# ALLOWED ACCESS

acl fanizar src 192.168.1.0/24

acl fanizar src 192.168.7.0/24

acl fanizar src 192.168.0.0/24

http_access allow fanizar

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow fanizar

icp_access allow localhost

icp_access allow all

always_direct deny all

# Cache CGI & Administrative

cache_mgr alfanet

visible_hostname fanizar-speedy

cache_effective_user proxy

cache_effective_group proxy

logfile_rotate 7

#tambahan

memory_pools on #biasanya off

icp_hit_stale on

query_icmp on

reload_into_ims on

coredump_dir /var/spool/squid

pipeline_prefetch on

vary_ignore_expire on

request_body_max_size 1048 KB

#tcp_outgoing_tos 0x30 localnet

zph_mode tos

zph_local 0x30

zph_parent 0

zph_option 136

simpan dan tutup.

ketik perintah lagi di putty
- chown -R proxy.proxy /cache
- chown -R proxy.proxy /var/log/squid/access.log
- squid -f /etc/squid/squid.conf -z
- restart squid

reboot cpu nya.

Konfigurasi mikrotik agar bisa sinkron dengan ubuntu
/ip firewall nat
add chain=dstnat action=dst-nat to-addresses=192.168.7.2 to-ports=3128 protocol=tcp \
dst-port=80,8080.3128 src-address==!192.168.7.0/24

/ip firewall mangle
add chain=postrouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12 

/queue tree
add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 


Coba browsing ke http://www.whatismyip.com/
di webpage harus terdeteksi squid stable 2.7