Friday, November 18, 2011

SQUID DI UBUNTU

Install Squid

- ketik sudo apt-get install squid
- apt-get install squid squidclient squid-cgi
- apt-get install ccze

Membuat Directory cache

- mkdir /cache1 && mkdir /cache2 && mkdir /cache3 && mkdir /cache4
- touch /var/log/squid/access.log
- touch /var/log/squid/cache.log

Mengaktifkan directory cache

- chown -R proxy.proxy /cache1
- chown -R proxy.proxy /cache2
- chown -R proxy.proxy /cache3
- chown -R proxy.proxy /cache4
- chown -R proxy.proxy /var/log/squid/access.log

Edit Squid.conf
- gedit /etc/squid/squid.conf

http_port 8080 transparent
cache_mgr apriyee@gmail.com
forwarded_for off
visible_hostname arthabanua.com

cache_mem 16 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
reload_into_ims on
pipeline_prefetch on
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache1 40000 94 256
cache_dir aufs /cache2 40000 94 256
cache_dir aufs /cache3 40000 94 256
cache_dir aufs /cache4 40000 94 256
access_log /var/log/squid/access.log
cache_store_log none
cache_log /var/log/squid/cache.log

acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.1.0/24, 192.168.88.0/24, 192.168.4.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_locahost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

http_access allow manager localhost
http_access allow localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all


Pengecekan file Squid.conf

- squid -k parse

membuat direktori swap
- squid -z
- squid -DFY

Reboot Squid Proxy

cek squid apakah sudah berfungsi
- ps -ax|grep squid

Terakhir jalankan perintah :

iptables -t nat -A POSTROUTING -j MASQUERADE

Konfigurasi Tambahan di Mikrotik
/ip firewall nat chain=dstnat in-interface=ToSwitch src-address=!192.168.0.4 protocol=tcp dst-port=80
action=dst-nat to-addresses=192.168.0.4 to-ports=8080
/ip firewall nat chain=srcnat out-interface=ToSwitch src-address=192.168.0.0/24 protocol=tcp
action=src-nat to-addresses=192.168.0.1 to-ports=0-65535

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)