Mikrotik | Forum Mikrotik Indonesia   Mikrotik Manual Mikrotik iSPY Mikrotik RSS Feed
This Logo is a Courtesy from RumahDowty

Go Back   Mikrotik | Forum Mikrotik Indonesia > Diskusi Mikrotik RouterOS > General Networking
Reload this Page [ask]tolong di koreksi
iSpy My iTrade Register FAQ Members List Calendar Mark Forums Read

Diskusi [ask]tolong di koreksi pada General Networking | Mikrotik | Forum Mikrotik Indonesia : salam kepada para master forum mikrotik sebelumnya saya mohon maaf kepada pihak admin forum karena ...


Official Board Announcements
NEW
Kunjungi Forum Diskusi PROXY Linux di FMI
donasi



 
Reply
 
LinkBack Thread Tools
  #1 (permalink)  
Old 13-09-2007, 19:32
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
[ask]tolong di koreksi



salam kepada para master forum mikrotik
sebelumnya saya mohon maaf kepada pihak admin forum karena postingan ini sudah sering di bahas sebelumnya
saya mempunyai masalah dalam settingan web proxy dengan menggunakan SquidNT

konfigurasi jaringan saya seperti ini

internet
|
|
mikrotik = Internet= 192.10.11.1
| Lan = 192.168.0.1
|
|
switch/hub----Client = 192.168.0.2-192.168.0.11
|
|
Web proxy SquidNT= 192.168.0.12 (multi fungsi dengan billing server)

dan ini settingan Mikrotik saya
Code:
[admin@XXXXX] > ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; Sharing Internet
     chain=srcnat out-interface=WAN_eth1 src-address=192.168.0.0/24
     action=masquerade
 1   ;;; Web Proxy 
     chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
     src-address-list=Ip_List_Web_ProXy action=redirect to-ports=8080
#=============================
[admin@XXXXX] > ip web-proxy pr
                 enabled: yes
             src-address: 0.0.0.0
                    port: 8080
                hostname: "BagusNet"
       transparent-proxy: yes
            parent-proxy: 192.168.0.1:3128
     cache-administrator: "Situs_Porno_Ngak_Dapat_Di_Akses_Selama_Bulan_Puasa_
                          By_sherayusuf@localhost"
         max-object-size: 10000KiB
             cache-drive: system
          max-cache-size: unlimited
      max-ram-cache-size: unlimited
                  status: running
      reserved-for-cache: 5269504KiB
  reserved-for-ram-cache: 25600KiB
#=============================
[admin@XXXXX] > ip proxy pr
                    enabled: yes
                       port: 3128
               parent-proxy: 0.0.0.0:1
  maximal-client-connecions: 1000
  maximal-server-connectons: 1000
dan ini settingan Squid.conf saya
Code:
http_port 8080
http_port 3128
#http_port 80
icp_port 3130

#====================================================
# TAG: hierarchy_stoplist
# A list of words which, if found in a URL, cause the object to
# be handled directly by this cache. In other words, use this
# to not query neighbor caches for certain objects. You may
# list this option multiple times.
#We recommend you to use at least the following line.
#=====================================================
hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
no_cache deny QUERY
#============================================================$
# OPTION UKURAN CACHE
#============================================================$
cache_mem 64 MB
maximum_object_size 16 MB
maximum_object_size_in_memory 128 KB
minimum_object_size 2 KB
fqdncache_size 1024
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
#============================================================$
# DIREKTORI LOG DAN CACHE
#============================================================$
cache_access_log c:/squid/var/logs/access.log
cache_log c:/squid/var/logs/cache.log
cache_store_log c:/squid/var/logs/store.log
mime_table c:/squid/etc/mime.conf
pid_filename c:/squid/var/logs/squid.pid
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off
#============================================================$
# TIMEOUT
#============================================================$
half_closed_clients off
#============================================================$
# FTP section
#============================================================$
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
dns_nameservers 127.0.0.1/8 202.72.208.8/29 202.149.69.254/24
#============================================================$
# AUTH section
#============================================================$
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#============================================================$
# Refresh Rate TUNING CACHE PROXY
#============================================================$
refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern \.png 4320 50% 43200
refresh_pattern \.jpeg 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod
negative_ttl 1 minutes

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100%

#============================================================$
# ACL section AKSES KONTROL
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl mikrotik src 192.168.0.1
acl localnet src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl localhost src 127.0.0.1/255.255.255.255
#acl our_networks src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 5004 # telnet Mikrotik bima dan bagus net
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl blokdomain dstdomain -i regex "C:\squid\etc\blocklist.txt"
#acl blokdomain dstdomain  "C:\squid\etc\blocklist.txt"
acl blocker dstdomain  -i regex "c:\squid\etc\blocklist.txt"
#acl ipblok dst  "C:\squid\etc\blocklist.txt"
acl porno url_regex -i "C:\squid\etc\blocklist.txt"
no_cache deny porno
acl noporno url_regex -i "C:\squid\etc\nonporno.txt"
http_access deny porno all
#http_access deny ipblok 
http_access deny blokdomain
#http_access deny files
http_access allow manager localhost
http_access deny manager
http_access allow noporno all
http_access allow localnet
http_access allow localhost
#http_access deny blocker
http_access allow mikrotik

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT
#http_access deny all

maximum_object_size 10240 KB
maximum_object_size_in_memory 32 KB
minimum_object_size 4 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
fqdncache_size 4096
shutdown_lifetime 10 second
cachemgr_passwd flashdisk
cache_effective_user squid
cache_effective_group squid
memory_pools off
buffered_logs off
log_icp_queries off
logfile_rotate 0
log_fqdn off
forwarded_for on
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 2 minutes
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_memory_warning 32 MB
high_response_time_warning 2000
high_page_fault_warning 2
cache_mgr Selama_Bulan_Puasas_Situs_Porno_tidak_dapat_Di_Akses_By_yusuf_sexerchivest@yahoo.com
visible_hostname bagusnet_proxy_web_filter_by_yusuf
header_access Accept-Encoding deny all
#============================================================$
# Transparent proxy setting
#============================================================$
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
httpd_accel_single_host off
half_closed_clients off
#forwarded_for on

#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
negative_ttl 2 minutes
#digest_rebuild_period 30 minute
#digest_rewrite_period 30 minute
#digest_swapout_chunk_size 4096 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 5 seconds
cachemgr_passwd flashdisk
ie_refresh on
cache_effective_user proxy
cache_effective_group proxy
yang ingin saya tanyakan
1. kenapa simple queue saya dari client 192.168.0.2-192.168.0.11 semuanya
menuju ke simple queue 192.168.0.12 (web proxy dan billing server)
sehingga saya tidak bisa melimit BW ke client masing2
2. tolong para master mikrotik mencek settingan saya, karena saya sendiri
masih belajar
3. kenpa akses internet berjalan lambat sekali

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 14-09-2007, 00:31
d3v4's Avatar
d3v4 d3v4 is offline
VIP Member
  
Join Date: Jul 2007
Location: di alam baka
Posts: 982
iTrader: (0)
Thanks: 49
Thanked 391 Times in 150 Posts
d3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant future
bw nya berapa gede ??

coba paste /que sim pr di sini

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to d3v4 For This Useful Post:
  #3 (permalink)  
Old 14-09-2007, 17:03
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
Code:
[admin@XXXXXXqueue simple> pr
Flags: X - disabled, I - invalid, D - dynamic
 0 X  name="Operator-iix" target-addresses=192.168.0.12/32
      dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-iix
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=0/0 total-queue=default-small

 1 X  name="Operator-intl" target-addresses=192.168.0.12/32
      dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-intl
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=0/0 total-queue=default-small

 2    name="bagus1-iix" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

 3    name="bagus1-intl" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small time=0s-0s,

 4    name="bagus2-iix" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

 5    name="bagus2-intl" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small
      time=0s-0s,sun,mon,tue,wed,thu,fri,sat

 6    name="bagus3-iix" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

 7    name="bagus3-intl" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small
      time=0s-0s,sun,mon,tue,wed,thu,fri,sat

 8    name="bagus4-iix" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

 9    name="bagus4-intl" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small
      time=0s-0s,sun,mon,tue,wed,thu,fri,sat

10    name="bagus5-iix" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

11    name="bagus5-intl" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small time=0s-0s,

12    name="bagus6-iix" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

13    name="bagus6-intl" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small

14    name="bagus7-iix" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

15    name="bagus7-intl" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small

16    name="bagus8-iix" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

17    name="bagus8-intl" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small time=0s-0s,

18    name="bagus9-iix" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

19    name="bagus9-intl" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/>
      interface=all parent=none packet-marks=paket-intl direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=64000/64000 total-queue=default-small time=0s-0s,

20    name="bagus10-iix" target-addresses=192.168.0.11/32 dst-address=0.0.0.0/>
      interface=all parent=none packet-marks=paket-iix direction=both
      priority=8 queue=default-small/default-small limit-at=0/0
      max-limit=256000/384000 total-queue=default-small

21    name="bagus10-intl" target-addresses=192.168.0.11/32
      dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-intl
      direction=both priority=8 queue=default-small/default-small
      limit-at=0/0 max-limit=64000/64000 total-queue=default-small
nih om deva queue nya
terus ko di sisi client browsing nya lama bgt yah, apa karena semua request client pada port 80 di arahin ke web proxy yah (192.168.0.12)

makasih ya om sebelumnya

Last edited by sherayusuf : 15-09-2007 at 06:49. Reason: ada yg salah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 14-09-2007, 23:08
d3v4's Avatar
d3v4 d3v4 is offline
VIP Member
  
Join Date: Jul 2007
Location: di alam baka
Posts: 982
iTrader: (0)
Thanks: 49
Thanked 391 Times in 150 Posts
d3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant future
duh ada yang lupa /ip fire mangle pr coba paste juga.

yang lambat apa internet pa iix ?

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to d3v4 For This Useful Post:
  #5 (permalink)  
Old 15-09-2007, 06:46
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
Code:
[admin@xxxxxx] ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; Pisahin INT sama IIX
     chain=prerouting in-interface=LOKAL LAN_eth3 dst-address-list=nice
     action=mark-connection new-connection-mark=con-iix passthrough=yes

 1   chain=prerouting connection-mark=con-iix action=mark-packet
     new-packet-mark=paket-iix passthrough=no

 2   chain=prerouting action=mark-packet new-packet-mark=paket-intl
     passthrough=no

 3 X ;;; ICMP
     chain=forward protocol=icmp action=mark-connection
     new-connection-mark=icmp_conn passthrough=yes

 4 X chain=prerouting connection-mark=icmp_conn action=mark-packet
     new-packet-mark=icmp passthrough=yes

 5 X chain=prerouting packet-mark=icmp action=mark-packet
     new-packet-mark=icmp_other passthrough=yes
yang lambat seperti buka yahoo.com dan friendster.com
padahal site tersebut dah di buka beberapa kali
harusnya kan dah di simpen di chace nya Squid yah om?
tapi tetep aja lama bukanya

Last edited by sherayusuf : 15-09-2007 at 06:48. Reason: forget
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 15-09-2007, 06:50
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
Quote:
Originally Posted by d3v4 View Post
bw nya berapa gede ??
IIX nya 1 mb, Internasionlanya 128

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 15-09-2007, 23:39
d3v4's Avatar
d3v4 d3v4 is offline
VIP Member
  
Join Date: Jul 2007
Location: di alam baka
Posts: 982
iTrader: (0)
Thanks: 49
Thanked 391 Times in 150 Posts
d3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant futured3v4 has a brilliant future
yang pertama coba beberapa perubahan pada squid.conf di parent proxy

Code:
http_port 8080
#http_port 3128 <--- ini di tutup aja 
#http_port 80
icp_port 3130 

hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
no_cache deny QUERY

cache_mem 8 MB <----- ini jadi 8 aja
maximum_object_size 16 MB <-- ini di jadiin 1024 KB saja jika ingin respon lebih baik
maximum_object_size_in_memory 128 KB <-- ini 32 KB saja
#minimum_object_size 2 KB  <=== ini di hilangkan saja 
fqdncache_size 1024
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
#high_memory_warning 70 MB  <-- ini ga perlu
ipcache_size 4096 
ipcache_low 98
ipcache_high 99

cache_access_log c:/squid/var/logs/access.log
cache_log c:/squid/var/logs/cache.log
cache_store_log c:/squid/var/logs/store.log
mime_table c:/squid/etc/mime.conf
pid_filename c:/squid/var/logs/squid.pid
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off
half_closed_clients off

ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
dns_nameservers 127.0.0.1/8 202.72.208.8/29 202.149.69.254/24 <-- ini yang 127.0.0.1 di hilangkan 
#============================================================$
# AUTH section
#============================================================$
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#============================================================$
# Refresh Rate TUNING CACHE PROXY
#============================================================$
refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern \.png 4320 50% 43200
refresh_pattern \.jpeg 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 di hilangkan saja yang di blok
refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod
negative_ttl 1 minutes <-- ini juga 

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100%

#============================================================$
# ACL section AKSES KONTROL
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl mikrotik src 192.168.0.1
acl localnet src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl localhost src 127.0.0.1/255.255.255.255
#acl our_networks src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 5004 # telnet Mikrotik bima dan bagus net
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl blokdomain dstdomain -i regex "C:\squid\etc\blocklist.txt"
#acl blokdomain dstdomain  "C:\squid\etc\blocklist.txt"
acl blocker dstdomain  -i regex "c:\squid\etc\blocklist.txt"
#acl ipblok dst  "C:\squid\etc\blocklist.txt"
acl porno url_regex -i "C:\squid\etc\blocklist.txt"
no_cache deny porno
acl noporno url_regex -i "C:\squid\etc\nonporno.txt"
http_access deny porno all
#http_access deny ipblok 
http_access deny blokdomain
#http_access deny files
http_access allow manager localhost
http_access deny manager
http_access allow noporno all
http_access allow localnet
http_access allow localhost
#http_access deny blocker
http_access allow mikrotik

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT
#http_access deny all

maximum_object_size 10240 KB
maximum_object_size_in_memory 32 KB
minimum_object_size 4 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
fqdncache_size 4096
shutdown_lifetime 10 second
cachemgr_passwd flashdisk
cache_effective_user squid
cache_effective_group squid
memory_pools off
buffered_logs off
log_icp_queries off
logfile_rotate 0
log_fqdn off
forwarded_for on
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 2 minutes
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_memory_warning 32 MB
high_response_time_warning 2000
high_page_fault_warning 2
cache_mgr Selama_Bulan_Puasas_Situs_Porno_tida...vest@yahoo.com
visible_hostname bagusnet_proxy_web_filter_by_yusuf
header_access Accept-Encoding deny all
#============================================================$
# Transparent proxy setting
#============================================================$
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
httpd_accel_single_host off
half_closed_clients off
#forwarded_for on

#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
negative_ttl 2 minutes
#digest_rebuild_period 30 minute
#digest_rewrite_period 30 minute
#digest_swapout_chunk_size 4096 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 5 seconds
cachemgr_passwd flashdisk
ie_refresh on
cache_effective_user proxy
cache_effective_group proxy
setelah di coba apabila tidak ada perubahan

coba di disable NAT nya bandingkan ada proxy dengan tidak ada proxy .. bedakan hasilnya di enable sama di disable..

jika yang ini di disable hasil lebih baik maka kemungkinan di proxy ya yang bottle neck

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to d3v4 For This Useful Post:
  #8 (permalink)  
Old 17-09-2007, 07:35
okto_2005's Avatar
okto_2005 okto_2005 is offline
Member Super Senior
  
Join Date: Jul 2007
Posts: 642
iTrader: (0)
Thanks: 10
Thanked 468 Times in 129 Posts
okto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond reputeokto_2005 has a reputation beyond repute
Send a message via Yahoo to okto_2005 Send a message via Skype™ to okto_2005
tambahan:
coba priority queue dinaikin utk ip squidnya. terus.....

1 ;;; Web Proxy
chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
src-address-list=Ip_List_Web_ProXy action=redirect to-ports=8080

coba buat gini:
1 ;;; Web Proxy
chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
src-address=!ip_squid action=redirect to-ports=8080

tambahan lagi:
squidNT memory nya berapa????? soalnya kl pake NT resourcenya abis duluan sama OS nya....
kl pake parent proxy.. /ip proxy diidupin buat apa???? nanti malah di"curi" dari luar bw nya abis. kl ada rule firewall yg blokir request ke port proxy/web-proxy sih gpp.

tambahan lagi
maksimum koneksi winxp pro = 10 koneksi per detik
maksimum koneksi winxp home = 5 koneksi per detik
ini yg nyebabin bottleneck..... disaranin ga pake NT kl buat squidbox. apalagi client >3

Last edited by okto_2005 : 17-09-2007 at 09:18.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to okto_2005 For This Useful Post:
  #9 (permalink)  
Old 19-09-2007, 21:53
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
wah makasih ya om d3va sama om okto 2005
saya coba dulu yah...

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 23-12-2008, 03:14
Dtqqrjqh Dtqqrjqh is offline
Baru Gabung
  
Join Date: Dec 2008
Location: Ridiqifi
Posts: 1
iTrader: (0)
Thanks: 0
Thanked 0 Times in 0 Posts
Dtqqrjqh is on a distinguished road
Send a message via ICQ to Dtqqrjqh
Very interesting photos
Hey, i save funny photos
here

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« (ask)patch game online lewat lan | membagi bandwith di load balancing menggunakan Queue tree »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tolong di Bantu ya........ Rifq Wireless Networking 24 28-02-2008 23:22
Tolong donk sone Wireless Networking 4 09-09-2007 23:19
[minta tolong] traffic shape xamdah General Networking 1 29-08-2007 13:34


This Forum is Powered by Orion Net.

All times are GMT +8. The time now is 05:46.

Contact Us - Forum Mikrotik Indonesia - Top