Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 15 12311 ... LastLast
Results 1 to 15 of 221
  1. #1
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    tutorial... cara buat ISP yang gampang dan cepat pake Mikrotik + Squid box

    tutor ini saya buat 10 Tahun yang lalu... Click here to enlarge sudah lama dan sepertinya sudah tidak sesuai lagi dengan kondisi sekarang, mungkin hanya dapat digunakan sebagai pembelajaran

    silahkan...

    Click here to enlarge


    Cara Buat ISP Yang Gampang dan Cepat Pake Mikrotik + Squid box


    topologi jaringan adalah sebagai berikut :

    inet -- cisco --hub -- Squid (slackware) -- mikrotik (bw managr) -- client
    ......................|
    ......................|
    ......................|-- server lain nya

    IP ADDRESS SESUAIKAN DENGAN YANG DI MILIKI

    blok ip yang di dapat adalah : 202.152.100.0/24

    syarat dasar pemahaman :
    1. ip subnetting
    2. perintah dasar linux
    3. perintah dasar mikrotik

    Langkah2...

    1. Liat ip address cisco nya (asumsi menggunakan FO)
    ip address cisco s0/0 202.152.30.1
    netmask 255.255.255.252
    gateway 202.152.30.2

    (biasanya di dapat dari ISP yang di atas isp kita)

    2. Memecah blok ip address yang kita dapat :

    sebelum blok ip address yang kita miliki kita gunakan ada baik nya di pecah dulu. pada contoh berikut akan saya berikan untuk di bagi menjadi 2. BLOK IP SERVER dan blok ip CLIENT.

    BLOK IP SERVER2 :
    network : 202.152.100.0/28
    ip yang dapat di gunakan :202.152.100.1 - 202.152.100.14
    broadcast : 202.152.100.15

    BLOK IP CLIENT :
    selain yang di atas adalah ip yang dapat di gunakan untuk client.

    3. SET IP ETHERNET CISCO

    set ip cisco ethernet0/0
    ip address : 202.152.100.1
    netmask 255.255.255.240


    4. setting Proxy server + TUNE UP :
    Linux yang di gunakan adalah SLACKWARE 9 dapat di download di :

    yang di gunakan adalah :
    komputer P4
    HARD DISK 40 G seagate baracuda 7200 rpm 3 keping dengan RAM 2 G
    keping hardisk pertama di mount ke /
    keping hardisk ke 2 di mount ke /cache1
    keping hard disk ke 3 di mount ke /cache2

    setelah di install isikan ip address berikut :

    interface eth0
    ip address : 202.152.100.2
    netmask 255.255.255.240
    gateway 202.152.100.1

    Interface eth1
    ip address : 202.152.100.17
    netmask 255.255.255.252

    setelah itu ...

    buka file : type.h
    root@proxy:~# vi /usr/include/bits/types.h
    edit bagian ini :

    #define __FD_SETSIZE 1024

    jadi seperti ini

    #define __FD_SETSIZE 8192

    ==> kemudian keluar dari VI EDITOR

    kemudian ketik perintah ini :

    root@proxy:~# ulimit -HSn 8192

    kemudian download squid 2.5.STABLE9 dari sini :

    wget

    simpan di direktori /usr/local/src

    ekstrak dengan perintah :

    tar -zxvf squid-2.5.STABLE9.tar.gz

    masuk kedirektori squid
    ketik perintah berikut ini :

    ./configure \
    --prefix=/opt/squid \
    --exec-prefix=/opt/squid \
    --enable-gnuregex \
    --enable-async-io=30 \
    --with-aufs-threads=30 \
    --with-pthreads \
    --with-aio \
    --with-dl \
    --enable-storeio=aufs \
    --enable-removal-policies=heap \
    --enable-icmp \
    --disable-wccp \
    --enable-snmp \
    --enable-cache-digests \
    --enable-default-err-languages=English \
    --enable-err-languages=English \
    --enable-linux-netfilter \
    --disable-ident-lookups \
    --disable-hostname-checks \
    --enable-underscores

    karena udah ada mikrotik untuk bw management tidak di perlukan lagi delay pool. Konfigurasi ini adalah untuk komputer dengan spek seperti berikut :

    HARDISK 3 keping 40 G seagate baracuda 7200 rpm, RAM 2 G

    2 keping hard disk untuk cache, 1 keping untuk system. apabila menggunakan hard disk scsi --enable-async-io=30 --with-aufs-threads=30 bisa di naekkan jadi 32.

    ==> selesai install squid. semua file squid akan terletak di direktori /opt/squid

    setelah itu gunakan squid.conf di bawah ini :

    Code:
    http_port 8080
    acl youtube dstdomain .youtube.com
    no_cache allow youtube
    hierarchy_stoplist cgi-bin ? localhost .js .jsp .friendster.com
    acl QUERY urlpath_regex cgi-bin \? localhost   .friendster.com
    no_cache deny QUERY
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    cache_mem 6 MB
    cache_dir aufs /cache1 8000 13 256
    cache_dir aufs /cache2 8000 13 256
    cache_swap_low 98
    cache_swap_high 99
    cache_access_log /cache1/access.log
    cache_log /dev/null
    cache_store_log none
    mime_table /opt/squid/etc/mime.conf
    pid_filename /var/run/squid.pid
    client_netmask 255.255.255.0
    refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
    refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
    redirect_rewrites_host_header off
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localnet src 202.152.100.0/255.255.255.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 8443 563 777
    acl Safe_ports port 25 80 81 110 443 563 6667 7000 777 210 119 70 21 1025-65535
    acl Safe_ports port 280 6668 6669
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl lewat dst_as 4622 4761 4787 4795 4796 4855 4800 7587 7597 7713 9326 9340 9448 9657 9791 9794 9875 9905 9228 9251 10114 10137 10208 10217 17440 17450 17451 17538 17658 17671 17670  17725  17727  17769  4832 4833 17817 17884 17907  17910  17922  17800  10220  17974  17826  17885  18052  18056  18059  7632 4821  18103  17996  18004  18153  18156  18189  18237  18251  18347  3583    3382    4382 4434 18364 18365  18379  9341    9785    18393  17995  23651  23666  23671  23679  23691  23756  23945  24052  24057  24194
    always_direct allow lewat
    always_direct deny all
    #header_access Accept-Encoding deny all
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny CONNECT
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    http_access deny all
    maximum_object_size  128 MB
    maximum_object_size_in_memory 8 KB
    ipcache_size 4096
    ipcache_low 98
    ipcache_high 99
    quick_abort_min 0
    quick_abort_max 0
    quick_abort_pct 75
    fqdncache_size 4096
    shutdown_lifetime 10 seconds
    cache_mgr hendraarif@yahoo.com
    cache_effective_user squid
    cache_effective_group squid
    memory_pools off
    buffered_logs off
    log_icp_queries off
    logfile_rotate 1
    log_fqdn off
    forwarded_for off
    icp_hit_stale on
    query_icmp on
    reload_into_ims on
    emulate_httpd_log off
    negative_ttl 2 minutes
    pipeline_prefetch on
    vary_ignore_expire on
    half_closed_clients off
    high_page_fault_warning 2
    visible_hostname proxy@dodol.org
    nonhierarchical_direct on
    prefer_direct off
    perhatikan ip address yang di izinkan. sesuaikan dengan ip yang di gunakan.
    perhatikan juga penggunaan cache direktori. maksimal untuk 1 keping adalah 18 Giga.

    setelah itu tambahkan user squid di linux :

    root@proxy:~# useradd squid

    tambahkan juga group squid

    root@proxy:~# groupadd squid


    bentuk direktori cache di squid :

    root@proxy:~# /opt/squid/sbin/squid -z

    ketik perintah ini sekali lagi :

    root@proxy:~# ulimit -HSn 8192

    kemudian jalankan squid dengan perintah :

    root@proxy:~# /opt/squid/sbin/squid -DY &

    ================================================== ==============

    okeee.. kita lanjut :

    5. Setting mikrotik :

    masukin ip address ether 1 :
    /ip address add address=202.152.100.18/30 interface=ether1

    karena seluruh ip yang di gunakan adalah ip public maka perlu subnetting di pisah-pisah :
    masukin ip address untuk pasangan ip client :
    misalkan ip client adalah 202.152.100.22 maka yang di masukkan di mikrotik ethr2 adalah 202.152.100.21/30

    demikian pula untuk pasangan ip client2 yang lain.

    /ip address add address=202.152.100.21/30 interface=ether2



    untuk lebih jelasnya dapat di liat pada tablel berikut :
    Code:
       network      first avail           last avail         broadcast
    202.152.100.20	202.152.100.21	202.152.100.22	202.152.100.23
    202.152.100.24	202.152.100.25	202.152.100.26	202.152.100.27
    202.152.100.28	202.152.100.29	202.152.100.30	202.152.100.31
    202.152.100.32	202.152.100.33	202.152.100.34	202.152.100.35
    202.152.100.36	202.152.100.37	202.152.100.38	202.152.100.39
    202.152.100.40	202.152.100.41	202.152.100.42	202.152.100.43
    202.152.100.44	202.152.100.45	202.152.100.46	202.152.100.47
    202.152.100.48	202.152.100.49	202.152.100.50	202.152.100.51
    202.152.100.52	202.152.100.53	202.152.100.54	202.152.100.55
    202.152.100.56	202.152.100.57	202.152.100.58	202.152.100.59
    202.152.100.60	202.152.100.61	202.152.100.62	202.152.100.63
    202.152.100.64	202.152.100.65	202.152.100.66	202.152.100.67
    202.152.100.68	202.152.100.69	202.152.100.70	202.152.100.71
    202.152.100.72	202.152.100.73	202.152.100.74	202.152.100.75
    202.152.100.76	202.152.100.77	202.152.100.78	202.152.100.79
    202.152.100.80	202.152.100.81	202.152.100.82	202.152.100.83
    202.152.100.84	202.152.100.85	202.152.100.86	202.152.100.87
    202.152.100.88	202.152.100.89	202.152.100.90	202.152.100.91
    202.152.100.92	202.152.100.93	202.152.100.94	202.152.100.95
    202.152.100.96	202.152.100.97	202.152.100.98	202.152.100.99
    202.152.100.100	202.152.100.101	202.152.100.102	202.152.100.103
    202.152.100.104	202.152.100.105	202.152.100.106	202.152.100.107
    202.152.100.108	202.152.100.109	202.152.100.110	202.152.100.111
    202.152.100.112	202.152.100.113	202.152.100.114	202.152.100.115
    202.152.100.116	202.152.100.117	202.152.100.118	202.152.100.119
    202.152.100.120	202.152.100.121	202.152.100.122	202.152.100.123
    202.152.100.124	202.152.100.125	202.152.100.126	202.152.100.127
    202.152.100.128	202.152.100.129	202.152.100.130	202.152.100.131
    202.152.100.132	202.152.100.133	202.152.100.134	202.152.100.135
    202.152.100.136	202.152.100.137	202.152.100.138	202.152.100.139
    202.152.100.140	202.152.100.141	202.152.100.142	202.152.100.143
    202.152.100.144	202.152.100.145	202.152.100.146	202.152.100.147
    202.152.100.148	202.152.100.149	202.152.100.150	202.152.100.151
    202.152.100.152	202.152.100.153	202.152.100.154	202.152.100.155
    202.152.100.156	202.152.100.157	202.152.100.158	202.152.100.159
    202.152.100.160	202.152.100.161	202.152.100.162	202.152.100.163
    202.152.100.164	202.152.100.165	202.152.100.166	202.152.100.167
    202.152.100.168	202.152.100.169	202.152.100.170	202.152.100.171
    202.152.100.172	202.152.100.173	202.152.100.174	202.152.100.175
    202.152.100.176	202.152.100.177	202.152.100.178	202.152.100.179
    202.152.100.180	202.152.100.181	202.152.100.182	202.152.100.183
    202.152.100.184	202.152.100.185	202.152.100.186	202.152.100.187
    202.152.100.188	202.152.100.189	202.152.100.190	202.152.100.191
    202.152.100.192	202.152.100.193	202.152.100.194	202.152.100.195
    202.152.100.196	202.152.100.197	202.152.100.198	202.152.100.199
    202.152.100.200	202.152.100.201	202.152.100.202	202.152.100.203
    202.152.100.204	202.152.100.205	202.152.100.206	202.152.100.207
    202.152.100.208	202.152.100.209	202.152.100.210	202.152.100.211
    202.152.100.212	202.152.100.213	202.152.100.214	202.152.100.215
    202.152.100.216	202.152.100.217	202.152.100.218	202.152.100.219
    202.152.100.220	202.152.100.221	202.152.100.222	202.152.100.223
    202.152.100.224	202.152.100.225	202.152.100.226	202.152.100.227
    202.152.100.228	202.152.100.229	202.152.100.230	202.152.100.231
    202.152.100.232	202.152.100.233	202.152.100.234	202.152.100.235
    202.152.100.236	202.152.100.237	202.152.100.238	202.152.100.239
    202.152.100.240	202.152.100.241	202.152.100.242	202.152.100.243
    202.152.100.244	202.152.100.245	202.152.100.246	202.152.100.247
    202.152.100.248	202.152.100.249	202.152.100.250	202.152.100.251
    202.152.100.252	202.152.100.253	202.152.100.254	202.152.100.255
    kemudian masukan gateway nya ke arah proxy :

    /route add gateway=202.152.100.17


    atur route di proxy agar mengizinkan network end mikrotik dapat lewat :

    route add -net 202.152.100.20/30 gateway 202.152.100.18

    selesai urusan ip address...

    6. dapat di uji coba client
    menggunakan ip address :
    202.152.100.22
    netmask 255.255.255.252
    gateway 202.152.100.21

    karena menggunakan subnetting selain ip address 22 tidak akan dapat melewati router mikrotik yang di buat

    7. iptables di proxy
    semua traffic harus di paksa lewat proxy server yang kita buat dengan perintah :

    Code:
    iptables -A PREROUTING -t nat -p tcp -s 202.152.100.0/24 -i eth2 -d \! 202.152.100.0/24 --dport 80 -j REDIRECT --to 8080
    9. DNS SERVER
    jalankan dns server yang telah ada secara defaul di slackware dengan perintah :

    root@proxy:~# named -d1

    tinggal masukin di /etc/resolv.conf

    nameserver 127.0.0.1

    dan seluruh client pake dns ip 202.152.100.17

    TANPA NAT/MASQUERADE .................. ip public terdistribusi ke client

    jadi deeeehhhhhh gampang dan cepat kan ? Click here to enlarge Click here to enlarge
    Last edited by d3v4; 15-06-2016 at 17:41.

  2. The Following 78 Users Say Thank You to d3v4 For This Useful Post:

    + Show/Hide list of the thanked


  3. #2
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    tararengkyu bro Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge


  4. The Following User Says Thank You to [a] For This Useful Post:


  5. #3
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    klo ada pertanyaan, comment dll silahkan post di sini Click here to enlarge

  6. The Following User Says Thank You to d3v4 For This Useful Post:


  7. #4
    Status
    Offline
    Dody's Avatar
    Newbie
    Join Date
    Jul 2007
    Location
    Madiun - East Java
    Posts
    40
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kok di sebut "SQUID BOX" kenapa ya ???

  8. #5
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    apa yg kutunggu2 akhirnya datang. thx banget deh

  9. #6
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kok di sebut "SQUID BOX" kenapa ya ???
    ya fungsinya cuman sebagai proxyweb... nama programnya squid.

    kl program yg dipake mikrocoft namanya pasti mikrocoft box

    squidnya mending pake squid 2.6stable11 lebih baru...
    Last edited by okto_2005; 07-08-2007 at 13:25.

  10. #7
    Status
    Offline
    freekers's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    167
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    manteb dah tutorialnya Click here to enlarge

  11. #8
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    ya fungsinya cuman sebagai proxyweb... nama programnya squid.

    kl program yg dipake mikrocoft namanya pasti mikrocoft box

    squidnya mending pake squid 2.6stable11 lebih baru...
    gw aga kurang sreg pake yang squid 2.6 a

    terkadang ada aja masalahnya... aneh2... begitu juga dengan versi2 di atas 2.5 stable 9. tergantung kebiasaan aja bos.. di enakin aja Click here to enlarge Click here to enlarge

  12. #9
    Status
    Offline
    hakeem's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,079
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    klo ada pertanyaan, comment dll silahkan post di sini Click here to enlarge
    Terima kasiiiiiiiiiiiiiiiih ...
    Sangat membantu...sangat menolong ...
    Patut dicoba ...Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

    BR,
    hakeem

  13. #10
    Status
    Offline
    ponywaterhouse's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Posts
    1,507
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bro, klo misalnya topologi nya begini :

    inet -- mikrotik (bw managr) -- client
    ......................|
    ......................|
    ......................|-- squid

    bisa tinggal dibalik doang yah urutannya?

  14. #11
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kek gitu boleh2 aja bro..

    klo yang di atas dst-nat nya pake iptables di linux.. jadi traffic yang melewati squid box di belokin ke proxy.

    klo yang di bawah (punya elo) dst-nat nya pake mikrotik.. traffic web nya di belokin ke proxy server oleh mikrotik.

    klo menurut gw bakalan bikin ngaco di bw manager mikrotik. apalagi klo di parent proxy nya.. suka jebol bw managernya.

    tp... ya di enakin aja broo Click here to enlarge

  15. #12
    Status
    Offline
    desukajo's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    124
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    wah bisa di coba nech..

    matur nuwun sanget....!!

  16. #13
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    tolong dong kasih tutor bikin squid di linux nya yang lengkap dan jelas. maklum newbie di linux nih. nih aja bikin squid di ubuntu ga kelar2

  17. #14
    Status
    Offline
    dgreenmania's Avatar
    Baru Gabung
    Join Date
    Jul 2007
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    tutorial mantap.

    bro keterangannya cukup bagus, yang ditanyakan

    1. Pada saat client browsing keinternet melalui port 80 apakah di proxy server keliatan atau tidak ip client di access.log squidnya ? atau hanya ip mikrotik boxnya ?

    2. apakah bisa box mikrotiknya meredirect port 25 (smtp) ke server lain?

    Makasih Bro,
    J.

  18. #15
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dgreenmania Click here to enlarge
    bro keterangannya cukup bagus, yang ditanyakan

    1. Pada saat client browsing keinternet melalui port 80 apakah di proxy server keliatan atau tidak ip client di access.log squidnya ? atau hanya ip mikrotik boxnya ?

    2. apakah bisa box mikrotiknya meredirect port 25 (smtp) ke server lain?

    Makasih Bro,
    J.
    jawab :
    no.1
    klo model kek gini keliatan ip client nya yang browsing di squid box karena semuanya model end2end :

    ketik ini di linux nya :

    /opt/squid/bin/squidclient -p 8080 mgr:filedescriptors


    no.2
    bisa. mikrotik bisa meredirect port 25 ke server lain :

    ganti port 80 jadi port 25 di tutorial ini :

    Last edited by d3v4; 12-08-2007 at 23:34.

  19. The Following 3 Users Say Thank You to d3v4 For This Useful Post:


 

 
Page 1 of 15 12311 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •