HARAP DI TELITI DENGAN BENAR AGAR SUPAYA TIDAK TERJADI MASALAH MASALAH ERROR
sebelumnya dicompile dulu yg lama..
KLIK iklan dibawah untuk langganan Materi Jaringan di web ini !!
caranya :
buang squid/lusca yang terinstall.
apt-get purge squid squid-common squid-cgi
apt-get purge squid
apt-get autoremove
buang juga
rm -rf /etc/squid {dihapus atau di backup}
rm -f /usr/sbin/squid
buang cache dan hapus log
rm -rf /cache <<sesuai folder yg d buat pertama buat cache
rm -rf /var/log/squid/
update paket ubuntu sperti biasanya
setelah itu download squidnya yg di bawah ini
wget https://olex-secure.openlogic.com/content/openlogic/squid-cache/3.4.2/squid-3.4.2.tar.gz
compile berikut tidak ada jebakan sama sekali dan non cflags....
./configure --prefix=/usr --bindir=/usr/bin \
--sbindir=/usr/sbin --libexecdir=/usr/lib/squid \
--sysconfdir=/etc --sysconfdir=/etc/squid \
--localstatedir=/var --includedir=/usr/include \
--datadir=/usr/share/squid --infodir=/usr/share/info \
--mandir=/usr/share/man --srcdir=. --disable-dependency-tracking \
--disable-strict-error-checking --enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap --enable-icmp --disable-wccp \
--disable-wccpv2 --enable-kill-parent-hack \
--disable-snmp --enable-cachemgr-hostname=proxy \
--enable-ssl --enable-cache-digests --disable-select \
--enable-http-violations --enable-linux-netfilter \
--enable-follow-x-forwarded-for --disable-ident-lookups \
--enable-ssl-crtd --disable-auth-basic --enable-x-accelerator-vary \
--enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid --with-swapdir=/var/spool/squid \
--with-aufs-threads=35 --with-large-files \
--enable-ltdl-convenience --with-filedescriptors=65536
selanjutnya stelah compile selesai...
make (tunggu sampai selesai dulu...)
lanjut...
make install
setelah selesai
buat cert ssl
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db
setelah buat cert selesai
buat permission antara lain :
chown -R proxy:proxy /etc/squid
chmod -R 777 /etc/squid
chown -R proxy:proxy /var/log/squid
chmod -R 777 /var/log/squid
chown -R proxy:proxy /var/squid
chmod -R 777 /var/squid
copaz script mangle di bawah ini ke rc.local setelah exit 0
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d xxx.xxx.xxx.x/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d xxx.xxx.xxx.x/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
Mangle Routing TPROXY SESUAIKAN DGN IP PROXY
HARAP JGN LANGSUNG COPAS BUAT MANUAL SJ
------------------------------------------------
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY" disabled=no dst-port=80,443 in-interface=Lan new-routing-mark=TPROXY-M passthrough=no \
protocol=tcp dst-address=!XXX.XXX.XXX.XXX
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=eproxy new-connection-mark=TPROXY-T passthrough=yes protocol=tcp \
src-address=!XXX.XXX.XXX.XXX
add action=mark-routing chain=prerouting connection-mark=TPROXY-T disabled=yes in-interface=!proxy new-routing-mark=TPROXY-M passthrough=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.XXX.XXX.XXX routing-mark=TPROXY-M scope=30 target-scope=10
CATATAN DI MIKROTIK IP FIREWALL
MANGLE MANGLE LAIN LAINNYA DI DISABLE SEMUA DULU KECUALI 3 TPROXY
AGAR SUPAYA LEBIH ENAK DALAM PENGECEKAN TPROXY
DAN JUGA BILA ADDON HTTPS EVERYWARE MASIH NEMPEL MAUPUN REGEX007 DI BUANG ALIAS DI HAPUS
SUPAYA TIDAK TERJADI ERORR ATAU LAIN SEBAGAINYA..
cek squid di terminal
Jika sudah semuanya proses selesai kemudian stop dulu servisnya
agar kita bisa membuat cache_dir
/etc/init.d/squid stop
Cek apakah ada configurasi yang error dengan perintah
squid -k parse
squid -k reconfigure
Membuat folder-folder swap dan cache di dalam folder /cache yang telah ditentukan dg perintah
squid -f /etc/squid/squid.conf -z
Jika sudah oke, jalankan servicesnya
/etc/init.d/squid restart
atau
squid -NDd1
reboot squidnya..
cek iptables dgn perintah
iptables -L -t mangle
Jika ada penampakan seperti di bawah ini artinya sudah jalan:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DIVERT tcp -- anywhere anywhere socket
TPROXY tcp -- anywhere !localnet/24 tcp dpt:http TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1
TPROXY tcp -- anywhere !localnet/24 tcp dpt:https TPROXY redirect 0.0.0.0:3127 mark 0x1/0x1
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain DIVERT (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x1
ACCEPT all -- anywhere anywhere
Cek apakah squid sudah berjalan dengan perintah :
ps ax | grep squid
Jika ada penampakan seperti di bawah ini artinya sudah jalan:
7109 pts/0 T 0:00 tail -f /var/log/squid/access.log
28201 ? Ss 0:00 /usr/sbin/squid -YC -f /etc/squid/squid.conf
28205 ? Sl 5:26 (squid-1) -YC -f /etc/squid/squid.conf
28206 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
28207 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
28208 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
28209 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
28210 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
28211 ? S 0:07 /usr/bin/perl /etc/squid/store-id.pl
28212 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28213 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28214 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28215 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28216 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28217 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28218 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28219 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
28220 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
29036 pts/0 S+ 0:00 grep --color=auto squid
setelah semuanya berjalan normal tanpa error
cek log accesss
tail -f /var/log/squid/access.log | grep HIT | ccze
tail -f /var/log/squid/access.log | grep TCP_HIT
tail -f /var/log/squid/access.log | grep HIT
tail -f /var/log/squid/access.log | ccze
semoga berhasil dan sukses..
tested semalam lancar no gatot (y)
squid.conf+store-id.pl pakai sebelumnya...
Breaking News
[recent][newsticker]
Author Name
Powered by Blogger.
Post a Comment