Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ask]tolong di koreksi

    salam kepada para master forum mikrotik
    sebelumnya saya mohon maaf kepada pihak admin forum karena postingan ini sudah sering di bahas sebelumnya
    saya mempunyai masalah dalam settingan web proxy dengan menggunakan SquidNT

    konfigurasi jaringan saya seperti ini

    internet
    |
    |
    mikrotik = Internet= 192.10.11.1
    | Lan = 192.168.0.1
    |
    |
    switch/hub----Client = 192.168.0.2-192.168.0.11
    |
    |
    Web proxy SquidNT= 192.168.0.12 (multi fungsi dengan billing server)

    dan ini settingan Mikrotik saya
    Code:
    [admin@XXXXX] > ip firewall nat pr
    Flags: X - disabled, I - invalid, D - dynamic
     0   ;;; Sharing Internet
         chain=srcnat out-interface=WAN_eth1 src-address=192.168.0.0/24
         action=masquerade
     1   ;;; Web Proxy 
         chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
         src-address-list=Ip_List_Web_ProXy action=redirect to-ports=8080
    #=============================
    [admin@XXXXX] > ip web-proxy pr
                     enabled: yes
                 src-address: 0.0.0.0
                        port: 8080
                    hostname: "BagusNet"
           transparent-proxy: yes
                parent-proxy: 192.168.0.1:3128
         cache-administrator: "Situs_Porno_Ngak_Dapat_Di_Akses_Selama_Bulan_Puasa_
                              By_sherayusuf@localhost"
             max-object-size: 10000KiB
                 cache-drive: system
              max-cache-size: unlimited
          max-ram-cache-size: unlimited
                      status: running
          reserved-for-cache: 5269504KiB
      reserved-for-ram-cache: 25600KiB
    #=============================
    [admin@XXXXX] > ip proxy pr
                        enabled: yes
                           port: 3128
                   parent-proxy: 0.0.0.0:1
      maximal-client-connecions: 1000
      maximal-server-connectons: 1000
    dan ini settingan Squid.conf saya
    Code:
    http_port 8080
    http_port 3128
    #http_port 80
    icp_port 3130
    
    #====================================================
    # TAG: hierarchy_stoplist
    # A list of words which, if found in a URL, cause the object to
    # be handled directly by this cache. In other words, use this
    # to not query neighbor caches for certain objects. You may
    # list this option multiple times.
    #We recommend you to use at least the following line.
    #=====================================================
    hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
    acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
    no_cache deny QUERY
    #============================================================$
    # OPTION UKURAN CACHE
    #============================================================$
    cache_mem 64 MB
    maximum_object_size 16 MB
    maximum_object_size_in_memory 128 KB
    minimum_object_size 2 KB
    fqdncache_size 1024
    cache_swap_low 98%
    cache_swap_high 99%
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF
    high_memory_warning 70 MB
    ipcache_size 4096
    ipcache_low 98
    ipcache_high 99
    #============================================================$
    # DIREKTORI LOG DAN CACHE
    #============================================================$
    cache_access_log c:/squid/var/logs/access.log
    cache_log c:/squid/var/logs/cache.log
    cache_store_log c:/squid/var/logs/store.log
    mime_table c:/squid/etc/mime.conf
    pid_filename c:/squid/var/logs/squid.pid
    log_fqdn off
    log_icp_queries off
    buffered_logs off
    emulate_httpd_log off
    #============================================================$
    # TIMEOUT
    #============================================================$
    half_closed_clients off
    #============================================================$
    # FTP section
    #============================================================$
    ftp_passive on
    ftp_sanitycheck on
    #============================================================$
    # DNS resolution section
    #============================================================$
    dns_nameservers 127.0.0.1/8 202.72.208.8/29 202.149.69.254/24
    #============================================================$
    # AUTH section
    #============================================================$
    #auth_param basic children 5
    #auth_param basic realm Squid proxy-caching web server
    #auth_param basic credentialsttl 2 hours
    #auth_param basic casesensitive off
    #============================================================$
    # Refresh Rate TUNING CACHE PROXY
    #============================================================$
    refresh_pattern \.gif 4320 50% 43200
    refresh_pattern \.jpg 4320 50% 43200
    refresh_pattern \.tif 4320 50% 43200
    refresh_pattern \.png 4320 50% 43200
    refresh_pattern \.jpeg 4320 50% 43200
    refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
    refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
    refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
    refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
    refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
    refresh_pattern ^http://*.google.*/.* 720 100% 4320
    refresh_pattern ^http://*korea.*/.* 720 100% 4320
    refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
    refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
    refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
    refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
    refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
    refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod
    negative_ttl 1 minutes
    
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    quick_abort_pct 100%
    
    #============================================================$
    # ACL section AKSES KONTROL
    #============================================================$
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl mikrotik src 192.168.0.1
    acl localnet src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
    acl localhost src 127.0.0.1/255.255.255.255
    #acl our_networks src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 5004 # telnet Mikrotik bima dan bagus net
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    acl blokdomain dstdomain -i regex "C:\squid\etc\blocklist.txt"
    #acl blokdomain dstdomain  "C:\squid\etc\blocklist.txt"
    acl blocker dstdomain  -i regex "c:\squid\etc\blocklist.txt"
    #acl ipblok dst  "C:\squid\etc\blocklist.txt"
    acl porno url_regex -i "C:\squid\etc\blocklist.txt"
    no_cache deny porno
    acl noporno url_regex -i "C:\squid\etc\nonporno.txt"
    http_access deny porno all
    #http_access deny ipblok 
    http_access deny blokdomain
    #http_access deny files
    http_access allow manager localhost
    http_access deny manager
    http_access allow noporno all
    http_access allow localnet
    http_access allow localhost
    #http_access deny blocker
    http_access allow mikrotik
    
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny CONNECT
    #http_access deny all
    
    maximum_object_size 10240 KB
    maximum_object_size_in_memory 32 KB
    minimum_object_size 4 KB
    ipcache_size 4096
    ipcache_low 98
    ipcache_high 99
    quick_abort_min 0
    quick_abort_max 0
    quick_abort_pct 100
    fqdncache_size 4096
    shutdown_lifetime 10 second
    cachemgr_passwd flashdisk
    cache_effective_user squid
    cache_effective_group squid
    memory_pools off
    buffered_logs off
    log_icp_queries off
    logfile_rotate 0
    log_fqdn off
    forwarded_for on
    icp_hit_stale on
    query_icmp on
    reload_into_ims on
    emulate_httpd_log off
    negative_ttl 2 minutes
    pipeline_prefetch on
    vary_ignore_expire on
    half_closed_clients off
    high_memory_warning 32 MB
    high_response_time_warning 2000
    high_page_fault_warning 2
    cache_mgr Selama_Bulan_Puasas_Situs_Porno_tidak_dapat_Di_Akses_By_yusuf_sexerchivest@yahoo.com
    visible_hostname bagusnet_proxy_web_filter_by_yusuf
    header_access Accept-Encoding deny all
    #============================================================$
    # Transparent proxy setting
    #============================================================$
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    httpd_accel_no_pmtu_disc on
    httpd_accel_single_host off
    half_closed_clients off
    #forwarded_for on
    
    #============================================================$
    # MISCELLANEOUS
    #============================================================$
    logfile_rotate 3
    negative_ttl 2 minutes
    #digest_rebuild_period 30 minute
    #digest_rewrite_period 30 minute
    #digest_swapout_chunk_size 4096 bytes
    client_persistent_connections on
    server_persistent_connections on
    pipeline_prefetch on
    vary_ignore_expire on
    reload_into_ims on
    store_dir_select_algorithm round-robin
    nonhierarchical_direct off
    prefer_direct off
    memory_pools off
    shutdown_lifetime 5 seconds
    cachemgr_passwd flashdisk
    ie_refresh on
    cache_effective_user proxy
    cache_effective_group proxy
    yang ingin saya tanyakan
    1. kenapa simple queue saya dari client 192.168.0.2-192.168.0.11 semuanya
    menuju ke simple queue 192.168.0.12 (web proxy dan billing server)
    sehingga saya tidak bisa melimit BW ke client masing2
    2. tolong para master mikrotik mencek settingan saya, karena saya sendiri
    masih belajar
    3. kenpa akses internet berjalan lambat sekali

  2. #2
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bw nya berapa gede ??

    coba paste /que sim pr di sini

  3. The Following User Says Thank You to d3v4 For This Useful Post:


  4. #3
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Code:
    [admin@XXXXXXqueue simple> pr
    Flags: X - disabled, I - invalid, D - dynamic
     0 X  name="Operator-iix" target-addresses=192.168.0.12/32
          dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-iix
          direction=both priority=8 queue=default-small/default-small
          limit-at=0/0 max-limit=0/0 total-queue=default-small
    
     1 X  name="Operator-intl" target-addresses=192.168.0.12/32
          dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-intl
          direction=both priority=8 queue=default-small/default-small
          limit-at=0/0 max-limit=0/0 total-queue=default-small
    
     2    name="bagus1-iix" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
     3    name="bagus1-intl" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small time=0s-0s,
    
     4    name="bagus2-iix" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
     5    name="bagus2-intl" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small
          time=0s-0s,sun,mon,tue,wed,thu,fri,sat
    
     6    name="bagus3-iix" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
     7    name="bagus3-intl" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small
          time=0s-0s,sun,mon,tue,wed,thu,fri,sat
    
     8    name="bagus4-iix" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
     9    name="bagus4-intl" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small
          time=0s-0s,sun,mon,tue,wed,thu,fri,sat
    
    10    name="bagus5-iix" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    11    name="bagus5-intl" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small time=0s-0s,
    
    12    name="bagus6-iix" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    13    name="bagus6-intl" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small
    
    14    name="bagus7-iix" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    15    name="bagus7-intl" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small
    
    16    name="bagus8-iix" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    17    name="bagus8-intl" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small time=0s-0s,
    
    18    name="bagus9-iix" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    19    name="bagus9-intl" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/>
          interface=all parent=none packet-marks=paket-intl direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=64000/64000 total-queue=default-small time=0s-0s,
    
    20    name="bagus10-iix" target-addresses=192.168.0.11/32 dst-address=0.0.0.0/>
          interface=all parent=none packet-marks=paket-iix direction=both
          priority=8 queue=default-small/default-small limit-at=0/0
          max-limit=256000/384000 total-queue=default-small
    
    21    name="bagus10-intl" target-addresses=192.168.0.11/32
          dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-intl
          direction=both priority=8 queue=default-small/default-small
          limit-at=0/0 max-limit=64000/64000 total-queue=default-small
    nih om deva queue nya
    terus ko di sisi client browsing nya lama bgt yah, apa karena semua request client pada port 80 di arahin ke web proxy yah (192.168.0.12)

    makasih ya om sebelumnya
    Last edited by sherayusuf; 15-09-2007 at 06:49. Reason: ada yg salah

  5. #4
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    duh ada yang lupa /ip fire mangle pr coba paste juga.

    yang lambat apa internet pa iix ?

  6. The Following User Says Thank You to d3v4 For This Useful Post:


  7. #5
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Code:
    [admin@xxxxxx] ip firewall mangle> pr
    Flags: X - disabled, I - invalid, D - dynamic
     0   ;;; Pisahin INT sama IIX
         chain=prerouting in-interface=LOKAL LAN_eth3 dst-address-list=nice
         action=mark-connection new-connection-mark=con-iix passthrough=yes
    
     1   chain=prerouting connection-mark=con-iix action=mark-packet
         new-packet-mark=paket-iix passthrough=no
    
     2   chain=prerouting action=mark-packet new-packet-mark=paket-intl
         passthrough=no
    
     3 X ;;; ICMP
         chain=forward protocol=icmp action=mark-connection
         new-connection-mark=icmp_conn passthrough=yes
    
     4 X chain=prerouting connection-mark=icmp_conn action=mark-packet
         new-packet-mark=icmp passthrough=yes
    
     5 X chain=prerouting packet-mark=icmp action=mark-packet
         new-packet-mark=icmp_other passthrough=yes
    yang lambat seperti buka yahoo.com dan friendster.com
    padahal site tersebut dah di buka beberapa kali
    harusnya kan dah di simpen di chace nya Squid yah om?
    tapi tetep aja lama bukanya
    Last edited by sherayusuf; 15-09-2007 at 06:48. Reason: forget

  8. #6
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    bw nya berapa gede ??
    IIX nya 1 mb, Internasionlanya 128

  9. #7
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yang pertama coba beberapa perubahan pada squid.conf di parent proxy

    Code:
    http_port 8080
    #http_port 3128 <--- ini di tutup aja 
    #http_port 80
    icp_port 3130 
    
    hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
    acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
    no_cache deny QUERY
    
    cache_mem 8 MB <----- ini jadi 8 aja
    maximum_object_size 16 MB <-- ini di jadiin 1024 KB saja jika ingin respon lebih baik
    maximum_object_size_in_memory 128 KB <-- ini 32 KB saja
    #minimum_object_size 2 KB  <=== ini di hilangkan saja 
    fqdncache_size 1024
    cache_swap_low 98&#37;
    cache_swap_high 99%
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF
    #high_memory_warning 70 MB  <-- ini ga perlu
    ipcache_size 4096 
    ipcache_low 98
    ipcache_high 99
    
    cache_access_log c:/squid/var/logs/access.log
    cache_log c:/squid/var/logs/cache.log
    cache_store_log c:/squid/var/logs/store.log
    mime_table c:/squid/etc/mime.conf
    pid_filename c:/squid/var/logs/squid.pid
    log_fqdn off
    log_icp_queries off
    buffered_logs off
    emulate_httpd_log off
    half_closed_clients off
    
    ftp_passive on
    ftp_sanitycheck on
    #============================================================$
    # DNS resolution section
    #============================================================$
    dns_nameservers 127.0.0.1/8 202.72.208.8/29 202.149.69.254/24 <-- ini yang 127.0.0.1 di hilangkan 
    #============================================================$
    # AUTH section
    #============================================================$
    #auth_param basic children 5
    #auth_param basic realm Squid proxy-caching web server
    #auth_param basic credentialsttl 2 hours
    #auth_param basic casesensitive off
    #============================================================$
    # Refresh Rate TUNING CACHE PROXY
    #============================================================$
    refresh_pattern \.gif 4320 50% 43200
    refresh_pattern \.jpg 4320 50% 43200
    refresh_pattern \.tif 4320 50% 43200
    refresh_pattern \.png 4320 50% 43200
    refresh_pattern \.jpeg 4320 50% 43200
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320 di hilangkan saja yang di blok
    refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod
    negative_ttl 1 minutes <-- ini juga 
    
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    quick_abort_pct 100%
    
    #============================================================$
    # ACL section AKSES KONTROL
    #============================================================$
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl mikrotik src 192.168.0.1
    acl localnet src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
    acl localhost src 127.0.0.1/255.255.255.255
    #acl our_networks src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 5004 # telnet Mikrotik bima dan bagus net
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    acl blokdomain dstdomain -i regex "C:\squid\etc\blocklist.txt"
    #acl blokdomain dstdomain  "C:\squid\etc\blocklist.txt"
    acl blocker dstdomain  -i regex "c:\squid\etc\blocklist.txt"
    #acl ipblok dst  "C:\squid\etc\blocklist.txt"
    acl porno url_regex -i "C:\squid\etc\blocklist.txt"
    no_cache deny porno
    acl noporno url_regex -i "C:\squid\etc\nonporno.txt"
    http_access deny porno all
    #http_access deny ipblok 
    http_access deny blokdomain
    #http_access deny files
    http_access allow manager localhost
    http_access deny manager
    http_access allow noporno all
    http_access allow localnet
    http_access allow localhost
    #http_access deny blocker
    http_access allow mikrotik
    
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny CONNECT
    #http_access deny all
    
    maximum_object_size 10240 KB
    maximum_object_size_in_memory 32 KB
    minimum_object_size 4 KB
    ipcache_size 4096
    ipcache_low 98
    ipcache_high 99
    quick_abort_min 0
    quick_abort_max 0
    quick_abort_pct 100
    fqdncache_size 4096
    shutdown_lifetime 10 second
    cachemgr_passwd flashdisk
    cache_effective_user squid
    cache_effective_group squid
    memory_pools off
    buffered_logs off
    log_icp_queries off
    logfile_rotate 0
    log_fqdn off
    forwarded_for on
    icp_hit_stale on
    query_icmp on
    reload_into_ims on
    emulate_httpd_log off
    negative_ttl 2 minutes
    pipeline_prefetch on
    vary_ignore_expire on
    half_closed_clients off
    high_memory_warning 32 MB
    high_response_time_warning 2000
    high_page_fault_warning 2
    cache_mgr Selama_Bulan_Puasas_Situs_Porno_tida...vest@yahoo.com
    visible_hostname bagusnet_proxy_web_filter_by_yusuf
    header_access Accept-Encoding deny all
    #============================================================$
    # Transparent proxy setting
    #============================================================$
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    httpd_accel_no_pmtu_disc on
    httpd_accel_single_host off
    half_closed_clients off
    #forwarded_for on
    
    #============================================================$
    # MISCELLANEOUS
    #============================================================$
    logfile_rotate 3
    negative_ttl 2 minutes
    #digest_rebuild_period 30 minute
    #digest_rewrite_period 30 minute
    #digest_swapout_chunk_size 4096 bytes
    client_persistent_connections on
    server_persistent_connections on
    pipeline_prefetch on
    vary_ignore_expire on
    reload_into_ims on
    store_dir_select_algorithm round-robin
    nonhierarchical_direct off
    prefer_direct off
    memory_pools off
    shutdown_lifetime 5 seconds
    cachemgr_passwd flashdisk
    ie_refresh on
    cache_effective_user proxy
    cache_effective_group proxy
    setelah di coba apabila tidak ada perubahan

    coba di disable NAT nya bandingkan ada proxy dengan tidak ada proxy .. bedakan hasilnya di enable sama di disable..

    jika yang ini di disable hasil lebih baik maka kemungkinan di proxy ya yang bottle neck

  10. The Following User Says Thank You to d3v4 For This Useful Post:


  11. #8
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tambahan:
    coba priority queue dinaikin utk ip squidnya. terus.....

    1 ;;; Web Proxy
    chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
    src-address-list=Ip_List_Web_ProXy action=redirect to-ports=8080

    coba buat gini:
    1 ;;; Web Proxy
    chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
    src-address=!ip_squid action=redirect to-ports=8080

    tambahan lagi:
    squidNT memory nya berapa????? soalnya kl pake NT resourcenya abis duluan sama OS nya....
    kl pake parent proxy.. /ip proxy diidupin buat apa???? nanti malah di"curi" dari luar bw nya abis. kl ada rule firewall yg blokir request ke port proxy/web-proxy sih gpp.

    tambahan lagi
    maksimum koneksi winxp pro = 10 koneksi per detik
    maksimum koneksi winxp home = 5 koneksi per detik
    ini yg nyebabin bottleneck..... disaranin ga pake NT kl buat squidbox. apalagi client >3
    Last edited by okto_2005; 17-09-2007 at 09:18.

  12. The Following User Says Thank You to okto_2005 For This Useful Post:


  13. #9
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah makasih ya om d3va sama om okto 2005
    saya coba dulu yah...Click here to enlarge

  14. #10
    Status
    Offline
    Dtqqrjqh's Avatar
    Baru Gabung
    Join Date
    Dec 2008
    Location
    Ridiqifi
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Very interesting photos

    Hey, i save funny photos

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Tolong di Bantu ya........
    By Rifq in forum Wireless Networking
    Replies: 24
    Last Post: 28-02-2008, 23:22
  2. Tolong donk
    By sone in forum Wireless Networking
    Replies: 4
    Last Post: 09-09-2007, 23:19
  3. [minta tolong] traffic shape
    By xamdah in forum General Networking
    Replies: 1
    Last Post: 29-08-2007, 13:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •