IKLAN

Pelatihan
&
Jasa Setting Proxy High Perfomance

Di Jamin Youtube tercache & Game online terupdate cepat
  • Pelatihan & Setting On the site
Mobile Phone:085868788968
Pin BB:52595EA2
BUTUH MOBIL BARU/BEKAS?

DP minimal 30 % dari harga mobil baru atau bekas. Syarat untuk karyawan/pns: Fotokopi KTP pemohon, Kartu Keluarga, Rincian Gaji, Rekening Listrik, Surat/Akta nikah, Telepon, PDAM, PBB, Rekening Tabungan & NPWP
Syarat untuk wiraswata:Plus SIUP/TDP, Laporan keuangan terakhir
Contact Person : Eka (082227594993)
Pin BB : 52595EA2

Jasa Pembuatan RT RW Net dan Warnet

Modal Hanya 5 JT-an..!!!

Meliputi:

=>Radio Access Point TP-LINK

=>Antena OMNI

=>Pigtail

=>Kabel UTP 25 meter

=>CPU P3 Mikrotik 2nd, CPU Dual COre Proxy Server 2nd dan Tower 3 Pipa Galvanis

Keuntungan

=>Lebih Murah dalam 1 paket komplit

=>RT/RW-Net Siap Pakai

=>PJK akan membantu promosi

Call/SMS = 085868788968
Pin BB :52595EA2


SEWA MOBIL PEKALONGAN DAN BATANG
Sewa/Carter Mobil Dalam Kota / Luar Kota (Se-Jawa) + Sopir.
Hubungi: Eka HP: 085868788968 / 082227594993
Pin BB : 52595EA2
Alamat:
Jl. Akasia Raya No.5 Perumahan Kalisalak Batang
Jl. Trapesium 3 No.15 Perumahan Limas Indah Pekalongan


SPACE INI DI SEWAKAN UNTUK IKLAN

Hubungi :

Mobile Phone:085868788968
Pin BB:52595EA2




About Me

My photo

I was born on 11th July 1978 in Pekalongan,Central Java Province,Indonesia.I have been running my own business (Putra Jaya Komputer) for mor 15 years in Pekalongan city and Batang Regency. On 2014 I am starting a new business is a rent a car. If any one who has a plan to visit Indonesia don't hesitate contact me.

Blog Archive

Popular Posts

Home » » UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND

UBUNTU 10.10 64 BIT + LUSCA_HEAD + DNS UNBOUND

Paket yang Dibutuhkan :
untuk lusca r14809 : http://untuk-kita-semua.googlecode.com/files/SQUID%202%20LUSCA.zip
Untuk lusca FMI : http://untuk-kita-semua.googlecode.com/files/SQUID-CONF.zip
Link Dw UBUNTU 10.10 64 bit http://ubuntu.pesat.net.id/releases/…rver-amd64.iso
Bahan-bahan :
- Ubuntu 10.10 64 bit
- Ip proxy 192.168.2.2
- Gatewai 192.168.2.1
- Ip mikrotik ke arah proxy 192.168.2.1/24
- Ram 2 GB
- HDD Sata 320 GB
1. Partisi HDD
Dari harddisk 320 Gb dibagi dg type partisi primary sebagai berikut:
256 Mb ext4 /boot ( Flag Boot) jika Flag Boot masih off setelah pilihan on ABAIKAN SAJA
16 Gb ext4 /
2.0 Gb swap swap sesuaikan dengan RAM fisik cpu anda
sisanya gb btrfs /cache
2. Install Paket
OPTIMALKAN partisi btrfs nya :
# lsmod |grep -i btrfs
# nano /etc/fstab
/cache btrfs noatime,compress,noacl 0 2
OPTIMALKAN juga kernelnya :
default FD 1024
cek di console
# ulimit -n
cara merubah :
# ulimit -HSn 65536
# echo “root soft nofile 65536″ >> /etc/security/limits.conf
# echo “root hard nofile 65536″ >> /etc/security/limits.conf
# nano /etc/pam.d/common-session
session required pam_limits.so
# modprobe ip_conntrack
kemudian tambahkan ip_contrack di /etc/modules
# nano /etc/modules
Tambahkan kalimat berikut :
ip_conntrack
DNS Unbound High Performance
apt-get install unbound
cd /etc/unbound
wget ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*
sesuaikan config /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok)
# nano
server:
verbosity: 1
statistics-interval: 120
statistics-cumulative: yes
num-threads: 1
interface: 0.0.0.0
outgoing-range: 512
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-max-ttl: 86400
infra-host-ttl: 60
infra-lame-ttl: 120
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
#access-control: 0.0.0.0/0 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 0.0.0.0/0 refuse
chroot: “/etc/unbound”
username: “unbound”
directory: “/etc/unbound”
#logfile: “/etc/unbound/unbound.log”
#use-syslog: yes
logfile: “”
use-syslog: no
pidfile: “/etc/unbound/unbound.pid”
root-hints: “/etc/unbound/named.cache”
identity: “DNS”
version: “1.4″
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “iterator”
#zone localhost
local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800″
local-data: “localhost. 10800 IN A 127.0.0.1″
local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800″
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”
#zone zoky.net
local-zone: “zoky.net.” static
local-data: “zoky.net. 86400 IN NS ns1.zoky.net.”
local-data: “zoky.net. 86400 IN SOA zoky.net. hostmaster.zoky.net. 3 3600 1200 604800 86400″
local-data: “zoky.net. 86400 IN A 192.168.2.2″
local-data: “www.zoky.net. 86400 IN A 192.168.2.2″
local-data: “ns1.zoky.net. 86400 IN A 192.168.2.2″
local-data: “mail.zoky.net. 86400 IN A 192.168.2.2″
local-data: “zoky.net. 86400 IN MX 10 mail.zoky.net.”
local-data: “zoky.net. 86400 IN TXT v=spf1 a mx ~all”
local-zone: “2.168.192.in-addr.arpa.” static
local-data: “2.168.192.in-addr.arpa. 10800 IN NS zoky.net.”
local-data: “2.168.192.in-addr.arpa. 10800 IN SOA zoky.net. hostmaster.zoky.net. 4 3600 1200 604800 864000″
local-data: “2.2.168.192.in-addr.arpa. 10800 IN PTR zoky.net.”
forward-zone:
name: “.”
forward-addr: 192.168.2.1
forward-addr: 116.254.99.254
forward-addr: 202.134.0.155
forward-addr: 203.130.196.5
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”
lalu save di /etc/unbound/unbound.conf
forward-zone: sesuaikan dengan DNS ISP anda
cek configure unbound :
# unbound-checkconf /etc/unbound/unbound.conf
edit file di /etc/resolv.conf :
# nano /etc/resolv.conf
nameserver 127.0.0.1
edit file /etc/network/interfaces
# nano /etc/network/interfaces
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 122.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
untuk cek apakah d jalan :
# /etc/init.d/unbound restart
# nslookup 192.168.2.2
Server: 127.0.0.1
Address: 127.0.0.1#53
2.2.168.192.in-addr.arpa name = zoky.net
# nslookup zoky.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: Q.net
Address: 192.168.2.2
Untuk monitor :
# unbound-control stats
# sudo unbound-control stats | tail -16
# sudo apt-get update
# sudo apt-get install squid
# nano /etc/default/squid
SQUID_MAXFD=8192
# sudo apt-get install squid squidclient squid-cgi
# sudo apt-get install gcc
# grep -E “#define\W+__FD_SETSIZE” /usr/include/*.h /usr/include/*/*.h
# nano /usr/include/linux/posix_types.h
#define __FD_SETSIZE 65536
# nano /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
# nano /etc/pam.d/login
Session required /lib/security/pam_limits.so
# sudo apt-get install build-essential
# sudo apt-get install sharutils
# sudo apt-get install ccze
# sudo apt-get install libzip-dev
# sudo apt-get install automake1.9
3.Download Lusca
download lusca r14809 lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
download lusca FMI lewat terminal ubuntu dengan perintah :
# wget http://untuk-kita-semua.googlecode.com/files/LUSCA_FMI.tar.gz
lalu ekstrak :masuk ke foldernya :
jika memakai lusca r14809 :
# tar xzvf LUSCA_HEAD-r14809.tar.gz
jika memakai lusca FMI :
# tar tar xzvf LUSCA_FMI.tar.gz
jika menggunakan lusca r14809 :
copy file imr.diff ke /home/proxyku dengan menggunakan winscp..
winscp bisa didownload di : 4shared.com /file/KlAfa3dQ/winscp428.html
kemudian copy dengan menggunakan putty…
putty bisa didownload di : 4shared.com /file/16tJyvlq/putty.html
# sudo cp /home/proxyku/imr.diff /home/proxyku/LUSCA_HEAD-r14809
masuk ke foldernya :
jika menggunakan lusca r14809 :
# cd LUSCA_HEAD-r14809/
@ patch dulo revalidate dgn cara : patch -p0 < imr.diff jika menggunakan lusca FMI : # cd LUSCA_FMI/ jika menggunakan lusca FMI di unbuntu 64 sebelum compile lakukan perintah ini didalam folder lusca FMI : # make distclean ok..!! sekarang dimulai tahap compile nya : cat /proc/cpuinfo : untuk mengetahui info cpu proxy nya dan sesuaikan dengan processor yang anda pakai Link untuk mengetahui CHOST dan CFLAGS ; # untuk AMD http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD # untuk INTEL http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel sebagai contoh saya menggunakan amd x2 7750 BE : CHOST=”x86_64-pc-linux-gnu” \ CFLAGS=”-march=amdfam10 -msse3 -O2 -pipe” \ ./configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \ –localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \ –enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \ –enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \ –enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536 selanjutnya, ketik perintah berikut di terminal ubuntu : # make # sudo make install Edit squid.conf agar perintah sudo /etc/init.d/squid stop jalan di ubuntu 10.10 #copy file squid yg di download tadi ke /etc/init.d/ # sudo cp /home/proxyku/squid /etc/init.d/ jgn lupa di : #sudo chmod +x /etc/init.d/squid # stop dulu squidnya : sudo /etc/init.d/squid stop #copy file squid.conf, dan storeur.pl yg di download tadi kedalam folder /etc/squid —-> edit sesuai network juragan
sudo cp /home/proxyku/squid.conf /etc/squid
sudo cp /home/proxyku/storeurl.pl /etc/squid
4. Langkah selanjutnya
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
# Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
# Restart squid
sudo /etc/init.d/squid restart
# nano /etc/sysctl.conf
fs.file-max=65536
vm.drop_caches = 3
vm.swappiness = 3
net.netfilter.nf_conntrack_acct= 1
net.ipv4.netfilter.ip_conntrack_max = 16777216
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65535
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_fin_timeout = 3
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save=1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
setelah di save, baru di sysctl -p
catatan : utk ram 512Mb kurangi saja parameter *mem di kolom ke dua dan tiga menjadi setengahnya, kolom ke satu biarkan saja
Reboot CPU nya…
tambahan :
Menghitung memory yang sedang digunakan oleh aplikasi di Linux :
# wget http://www.pixelbeat.org/scripts/ps_mem.py
# chmod +x ps_mem.py
# ./ps_mem.py
Install Squidmon :
# wget http://squidmon.googlecode.com/svn/trunk/squidmon.py
# chmod +x squidmon.py
untuk monitor squid :
# cat /var/log/squid/access.log | ./squidmon.py
# cat /var/log/squid/access.log | python squidmon.py
MEMBUAT SQUIDSTATS
1. apt-get install librrds-perl libsnmp-session-perl snmpd rrdtool snmp apache2 -y
2. perl -MCPAN -e ‘install Config::IniFiles’
3. wget http://jaringanwarnet.com/downloads/squidstats-r54.tar
4. tar -xvf squidstats-r54.tar
5. cd squidstats-r54
5. cp mib.txt /etc/squid/
6. cp snmpd.conf /etc/snmp/
8. untuk squid.conf tambahkan berikut ini :
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
9. make && make install
10. snmpwalk -v 1 -c public localhost
11. squidstats.pl createdb
12. squidstats.pl gather
13. crontab -e (kemudian copy rule dibawah ini)
*/5 * * * * /usr/local/bin/squidstats.pl gather >/dev/null
14. cp squidstats.conf /etc/apache2/conf.d
15. reboot
16. cek hasilnya ke http://isi dg ipproxy/squidstats/graph-summary.cgi
Agar bias di akses dari luar buat spt ini :
/ip firewall nat
add action=dst-nat chain=dstnat comment=redir-squidtasq disabled=no \
dst-address=xxx.xxx.xxx.xxx dst-port=8080 protocol=tcp to-addresses=192.168.2.2 to-ports=80
Untuk memonitor SQUID :
sudo /etc/init.d/squid stop
sudo /etc/init.d/squid restart
/etc/init.d/unbound restart
unbound-control stats
sudo unbound-control stats | tail -16
squidclient mgr:info
squidclient mgr:client_list
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log
tail -n 80 /var/log/squid/cache.log
squidclient mgr:storedir
cat /var/log/squid/access.log | ./squidmon.py
cat /var/log/squid/access.log | python squidmon.py
http://192.168.2.2/squidstats/graph-summary.cgi
./ps_mem.py
credit to teukurizal
http://forummikrotik.com
This entry was posted in Uncategorized. Bookmark the permalink.