facebook group :
https://www.facebook.com/groups/Mikrotik.Squid.Indonesia
================================================================================
(TELITI DULU SEBELUM DI COPAS MENTAH MENTAH)
1.siapkan proxy yang sudah di install ubuntu 12.04
untuk tut install ubuntu sy skipp dan tentunya
sudah tau..proses install ubuntu sebagai proxy..
2.siapkan kopi panas segelas serta rokok kalau perokok :D
buat teman kerja sj biar gk jenuh...
3.winscp+puty+mikrotik
sesudah siap dan jadi instal ubuntunya ganti dulu seperti di bawah ini
EDIT DI FOLDER /ETC/APT/SOURCES.LIST DULU
ATAU DENGAN KETIK DI TERMINAL
nano /etc/apt/sources.list hapus semua dan copas pilih lain web repositorinya
tekan ctrl o enter ctrl x done
Ubuntu Repository 12.04 LTS di KLJ
deb http://repo.linuxjambi.org/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di Kambing
deb http://kambing.ui.ac.id/ubuntu/ precise-proposed main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-security main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-updates main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di UKDW
deb http://repo.ukdw.ac.id/ubuntu precise main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-updates main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-security main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-backports main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-proposed main restricted universe multiverse
Ubuntu Repository 12.04 LTS di Komo
deb http://komo.padinet.com/ubuntu/ precise-proposed main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-security main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-updates main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di ITB
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-proposed main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-security main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-updates main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise main restricted universe multiverse
setelah selesai ganti sources.list
install paket update yg ada di bawah ini
apt-get update
apt-get install devscripts
apt-get install build-essential
apt-get install openssl
apt-get install libssl-dev
apt-get install fakeroot
apt-get install libcppunit-dev
apt-get install libsasl2-dev
apt-get install cdbs
apt-get install ccze
apt-get install libfile-readbackwards-perl
apt-get install libcap2
apt-get install libcap-dev
apt-get install libcap2-dev
apt-get install sysv-rc-conf
setelah selesai instal paket update lanjut ke bawah
1.buka putty di terminal dengan mengetik sebagai berikut...
mkdir squid3 [enter]
cd /squid3 [enter
file squid 3.4.2 yg sdh sy download bisa di copas di folder di buat tadi....file sudah sy sertakan jg
ataupun bisa melalu web aslinya langsung seperti di bawah ini
download file squid 3.4.2 yg mana sudah sy lampirkan link nya...
####copas di bawah ini ke terminal puty######
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.2-20131231-r13067.tar.gz
2.setelah proses downlaod selesai..
ketik di terminal sebagai berikut..
tar -xzvf squid-3.4.2-20131231-r13067.tar.gz [enter]
3.setelah proses extract selesai ketik lagi
cd squid-3.4.2-20131231-r13067 [enter]
4.setelah masuk directory squid-3.4.2-20131231-r13067
masukkan compile config di bawah ini copas semaunya ke terminal ....compile sy tandai garis dan
garis jgn di ikut sertakan juga.....
5.compile config bawah ini dari bang Syaifudin Jw silahkan di pakai...buat compile squid 3
======================================================================================================================
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc --sysconfdir=/etc/squid \
--localstatedir=/var --includedir=/usr/include --datadir=/usr/share/squid --infodir=/usr/share/info --mandir=/usr/share/man --srcdir=. \
--disable-dependency-tracking --disable-strict-error-checking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap \
--enable-icmp --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --disable-snmp --enable-cachemgr-hostname=proxy \
--enable-ssl --enable-cache-digests --disable-select --enable-http-violations --enable-linux-netfilter \
--enable-follow-x-forwarded-for --disable-ident-lookups --enable-ssl-crtd --disable-auth-basic --enable-x-accelerator-vary \
--enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid \
--with-swapdir=/var/spool/squid --with-aufs-threads=100 --with-dl --with-large-files --with-filedescriptors=65536 \
CFLAGS="-march=native -O2 -pipe"CXXFLAGS="${CFLAGS}"--enable-ltdl-convenience
=======================================================================================================================
6.setelah proses compile selesai yg di atas kemudian ketik
make [tunggu dulu sampai selesai,setelah selesai] ketik lagi
make install
7.kemudian pasang squid.conf+store-id.pl yg sudah sy sertakan
copas ke etc/squid....terserah mau di pakai ap tidak...
8 untuk file yg ada di etc/init.d....ganti yg sudah sy sertakan
copas ke /etc/init.d/......
plus file squid berada di usr/sbin....ganti yg sdh sy sertakan
9.untuk squid.conf sesuaikan dengan keaadaan memory ram serta cache dir hd dan tuning tuning lainnya
setelah semua sesuai..baru buat certificate dulu....
usahakan kalau buat certificate kasih nama seperti ktp
biar mudah kalau kita mau menghapusnya...di mozila maupun di google crome..
KLIK iklan dibawah untuk langganan Materi Jaringan di web ini !!
10.buat cert SSL Bump
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db
NB: CERTIFICATE YG DIBUAT TADI NANTI DI IMPORT KE MOZILA/CROME
11.setelah membuat certificate selesai tinggal semua di beri hak permission
buat jaga jaga sj :D
chown proxy:proxy /etc/squid/squid.conf
chown proxy:proxy /etc/squid/store-id.pl
chown proxy:proxy /etc/squid/ssl_cert/myCA.der
chown proxy:proxy /etc/squid/ssl_cert/myCA.pem
chmod 777 /etc/squid/squid.conf
chmod 777 /etc/squid/store-id.pl
chmod 777 /etc/squid/ssl_cert
chmod 777 /etc/squid/ssl_cert/myCA.der
chmod 777 /etc/squid/ssl_cert/myCA.pem
chmod 777 /etc/init.d/squid
chmod 777 /usr/sbin/squid
12.mumbuat cache dir swap
squid -z atau squid -f /etc/squid/squid.conf -z
13.setelah semuanya selesai..cek squid proxy dgn mengetik..
squid -k parse...[bila terjadi ada error teliti notica eerror tersebut]
squid -k reconfigure lalu lanjut ke bawah
14.kemudian...
squid -NDd1 atau squid -D
setelah berjalan lancar dan sukses dan tidak ada yg error sm sekali lanjut ke bawah
tambah iptable berada di /etc/rc.local (teliti dl sebelum di copas)
=========================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
#######Ganti XXX dengan ip si proxy##########
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d XXX.XXX.XXX.X/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d XXX.XXX.XXX.X/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
====================================================================================================================
restart proxy
bawah ini di tambahkan di mikrotik
15. script tproxy di mikrotik
ganti xxx dgn ip proxy
Mangle dan Routing TPROXY
=========================
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY" disabled=no dst-port=80,443 in-interface=local new-routing-mark=proxy passthrough=no
protocol=tcp dst-address=!xxx.xxx.xxx.x
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=proxy new-connection-mark=tproxy passthrough=yes protocol=tcp
src-address=!xxx.xxx.xxx.x
add action=mark-routing chain=prerouting connection-mark=tproxy disabled=yes in-interface=!proxy new-routing-mark=tproxy passthrough=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx routing-mark=tproxy scope=30 target-scope=10
=====================================================================================================================
terakhir cek log access bekerja atau tidaknya sambil membuka web..
tail -f /var/log/squid/access.log | grep HIT | ccze
tail -f /var/log/squid/access.log | grep TCP_HIT
tail -f /var/log/squid/access.log | grep HIT
tail -f /var/log/squid/access.log | ccze
tail -f /var/log/squid/access.log | grep HIT
jika sudah ada tanda tanda log access berjalan...
saya ucapkan selamat dan sukses....
NB :
sedikit tambahan supaya youtube setelah di putar ke 2 x full bar atau no range..
mozila bisa makai ver 18.0.2 serta addon mozila smart video atau youtube center atau magic action youtube
serta addon ads block yooutube
================================================================================
(TELITI DULU SEBELUM DI COPAS MENTAH MENTAH)
1.siapkan proxy yang sudah di install ubuntu 12.04
untuk tut install ubuntu sy skipp dan tentunya
sudah tau..proses install ubuntu sebagai proxy..
2.siapkan kopi panas segelas serta rokok kalau perokok :D
buat teman kerja sj biar gk jenuh...
3.winscp+puty+mikrotik
sesudah siap dan jadi instal ubuntunya ganti dulu seperti di bawah ini
EDIT DI FOLDER /ETC/APT/SOURCES.LIST DULU
ATAU DENGAN KETIK DI TERMINAL
nano /etc/apt/sources.list hapus semua dan copas pilih lain web repositorinya
tekan ctrl o enter ctrl x done
Ubuntu Repository 12.04 LTS di KLJ
deb http://repo.linuxjambi.org/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di Kambing
deb http://kambing.ui.ac.id/ubuntu/ precise-proposed main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-security main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-updates main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di UKDW
deb http://repo.ukdw.ac.id/ubuntu precise main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-updates main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-security main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-backports main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-proposed main restricted universe multiverse
Ubuntu Repository 12.04 LTS di Komo
deb http://komo.padinet.com/ubuntu/ precise-proposed main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-security main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-updates main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise main restricted universe multiverse
Ubuntu Repository 12.04 LTS di ITB
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-proposed main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-security main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-updates main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise main restricted universe multiverse
setelah selesai ganti sources.list
install paket update yg ada di bawah ini
apt-get update
apt-get install devscripts
apt-get install build-essential
apt-get install openssl
apt-get install libssl-dev
apt-get install fakeroot
apt-get install libcppunit-dev
apt-get install libsasl2-dev
apt-get install cdbs
apt-get install ccze
apt-get install libfile-readbackwards-perl
apt-get install libcap2
apt-get install libcap-dev
apt-get install libcap2-dev
apt-get install sysv-rc-conf
setelah selesai instal paket update lanjut ke bawah
1.buka putty di terminal dengan mengetik sebagai berikut...
mkdir squid3 [enter]
cd /squid3 [enter
file squid 3.4.2 yg sdh sy download bisa di copas di folder di buat tadi....file sudah sy sertakan jg
ataupun bisa melalu web aslinya langsung seperti di bawah ini
download file squid 3.4.2 yg mana sudah sy lampirkan link nya...
####copas di bawah ini ke terminal puty######
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.2-20131231-r13067.tar.gz
2.setelah proses downlaod selesai..
ketik di terminal sebagai berikut..
tar -xzvf squid-3.4.2-20131231-r13067.tar.gz [enter]
3.setelah proses extract selesai ketik lagi
cd squid-3.4.2-20131231-r13067 [enter]
4.setelah masuk directory squid-3.4.2-20131231-r13067
masukkan compile config di bawah ini copas semaunya ke terminal ....compile sy tandai garis dan
garis jgn di ikut sertakan juga.....
5.compile config bawah ini dari bang Syaifudin Jw silahkan di pakai...buat compile squid 3
======================================================================================================================
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc --sysconfdir=/etc/squid \
--localstatedir=/var --includedir=/usr/include --datadir=/usr/share/squid --infodir=/usr/share/info --mandir=/usr/share/man --srcdir=. \
--disable-dependency-tracking --disable-strict-error-checking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap \
--enable-icmp --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --disable-snmp --enable-cachemgr-hostname=proxy \
--enable-ssl --enable-cache-digests --disable-select --enable-http-violations --enable-linux-netfilter \
--enable-follow-x-forwarded-for --disable-ident-lookups --enable-ssl-crtd --disable-auth-basic --enable-x-accelerator-vary \
--enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid \
--with-swapdir=/var/spool/squid --with-aufs-threads=100 --with-dl --with-large-files --with-filedescriptors=65536 \
CFLAGS="-march=native -O2 -pipe"CXXFLAGS="${CFLAGS}"--enable-ltdl-convenience
=======================================================================================================================
6.setelah proses compile selesai yg di atas kemudian ketik
make [tunggu dulu sampai selesai,setelah selesai] ketik lagi
make install
7.kemudian pasang squid.conf+store-id.pl yg sudah sy sertakan
copas ke etc/squid....terserah mau di pakai ap tidak...
8 untuk file yg ada di etc/init.d....ganti yg sudah sy sertakan
copas ke /etc/init.d/......
plus file squid berada di usr/sbin....ganti yg sdh sy sertakan
9.untuk squid.conf sesuaikan dengan keaadaan memory ram serta cache dir hd dan tuning tuning lainnya
setelah semua sesuai..baru buat certificate dulu....
usahakan kalau buat certificate kasih nama seperti ktp
biar mudah kalau kita mau menghapusnya...di mozila maupun di google crome..
KLIK iklan dibawah untuk langganan Materi Jaringan di web ini !!
10.buat cert SSL Bump
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db
NB: CERTIFICATE YG DIBUAT TADI NANTI DI IMPORT KE MOZILA/CROME
11.setelah membuat certificate selesai tinggal semua di beri hak permission
buat jaga jaga sj :D
chown proxy:proxy /etc/squid/squid.conf
chown proxy:proxy /etc/squid/store-id.pl
chown proxy:proxy /etc/squid/ssl_cert/myCA.der
chown proxy:proxy /etc/squid/ssl_cert/myCA.pem
chmod 777 /etc/squid/squid.conf
chmod 777 /etc/squid/store-id.pl
chmod 777 /etc/squid/ssl_cert
chmod 777 /etc/squid/ssl_cert/myCA.der
chmod 777 /etc/squid/ssl_cert/myCA.pem
chmod 777 /etc/init.d/squid
chmod 777 /usr/sbin/squid
12.mumbuat cache dir swap
squid -z atau squid -f /etc/squid/squid.conf -z
13.setelah semuanya selesai..cek squid proxy dgn mengetik..
squid -k parse...[bila terjadi ada error teliti notica eerror tersebut]
squid -k reconfigure lalu lanjut ke bawah
14.kemudian...
squid -NDd1 atau squid -D
setelah berjalan lancar dan sukses dan tidak ada yg error sm sekali lanjut ke bawah
tambah iptable berada di /etc/rc.local (teliti dl sebelum di copas)
=========================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
#######Ganti XXX dengan ip si proxy##########
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d XXX.XXX.XXX.X/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d XXX.XXX.XXX.X/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
====================================================================================================================
restart proxy
bawah ini di tambahkan di mikrotik
15. script tproxy di mikrotik
ganti xxx dgn ip proxy
Mangle dan Routing TPROXY
=========================
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY" disabled=no dst-port=80,443 in-interface=local new-routing-mark=proxy passthrough=no
protocol=tcp dst-address=!xxx.xxx.xxx.x
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=proxy new-connection-mark=tproxy passthrough=yes protocol=tcp
src-address=!xxx.xxx.xxx.x
add action=mark-routing chain=prerouting connection-mark=tproxy disabled=yes in-interface=!proxy new-routing-mark=tproxy passthrough=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx routing-mark=tproxy scope=30 target-scope=10
=====================================================================================================================
terakhir cek log access bekerja atau tidaknya sambil membuka web..
tail -f /var/log/squid/access.log | grep HIT | ccze
tail -f /var/log/squid/access.log | grep TCP_HIT
tail -f /var/log/squid/access.log | grep HIT
tail -f /var/log/squid/access.log | ccze
tail -f /var/log/squid/access.log | grep HIT
jika sudah ada tanda tanda log access berjalan...
saya ucapkan selamat dan sukses....
NB :
sedikit tambahan supaya youtube setelah di putar ke 2 x full bar atau no range..
mozila bisa makai ver 18.0.2 serta addon mozila smart video atau youtube center atau magic action youtube
serta addon ads block yooutube
Post a Comment