Cara setting transparent proxy clearos dalam mode standalone

Topologi :

modem ----------- Router ------------ Switch ---------- Client.....
...................................|..............................................
...................................|..............................................
....................ClearOS proxy server....................................
......................(Standalone mode).....................................
...................................................................

Alokasi IP
WAN Mikrotik 115.124.xx.xx
LAN Mikrotik 192.168.1.254
PROXY Mikrotik 192.168.3.2
ClearOS 192.168.3.1

Kebetulan saya menggunakan Mikrotik RB450

OK kita setting interfaces dan ip untuk mikrotik terlebih dahulu

/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes mac-address=00:0C:42:3D:XX:XX master-port=\
none mtu=1500 name=WAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes mac-address=00:0C:42:3D:XX:XX master-port=\
none mtu=1500 name=LAN speed=100Mbps
set 3 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
mac-address=00:0C:42:3D:XX:XX mtu=1500 name=proxy speed=100Mbps

/ip address
add address=115.124.XX.XX/30 broadcast=115.124.xx.xx comment="" disabled=no \
interface=WAN network=115.124.XX.XX
add address=192.168.1.254/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=LAN network=192.168.1.0
add address=192.168.3.2/30 broadcast=192.168.3.3 comment="" disabled=no \
interface=proxy network=192.168.3.0

Setelah kita set DNS,NAT untuk LAN

/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no dst-address=0.0.0.0/0 \
out-interface=to_isp src-address=192.168.1.0/24 to-addresses=\
115.124.XX.XX to-ports=0-65535

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=202.182.XX.XX secondary-dns=\
202.159.XX.XX
/ip dns static
add address=192.168.3.1 disabled=no name=proxy ttl=1d


Setting IP Address Client
misal untuk client1

IP : 192.168.1.1
netmask : 255.255.255.0
gateway : 192.168.1.254
dns1 : 192.168.1.254
dns2 : 202.182.XX.XX

Test client untuk Browsing seharusnya sudah bisa kalau belum bisa periksa kembali
setting di atas sampai client bisa browsing


OK selanjutnya persiapan untuk proxy
buat NAT di Mikrotik untuk Proxy

/ip firewall nat
add action=src-nat chain=srcnat comment="link proxy" disabled=no dst-address=\
0.0.0.0/0 out-interface=WAN src-address=192.168.3.0/30 to-addresses=\
115.124.XX.XX to-ports=0-65535
add action=dst-nat chain=dstnat comment="transproxy" disabled=\
no dst-port=80,8080 in-interface=to_swicht protocol=tcp src-address=\
!192.168.3.1 to-addresses=192.168.3.1 to-ports=3128

setelah itu install CLearOS
install ClearOS Server Standalone Mode - No Firewall
edit file /etc/firewall, cari dan ganti parameter berikut
SQUID_TRANSPARENT="on"

[root@proxy etc]# cat firewall | grep SQUID
SQUID_TRANSPARENT="on"

edit file /etc/resolv.conf, tambahkan nameserver (DNS) ISP anda

[root@proxy etc]# cat resolv.conf
nameserver 202.182.xx.xx

pastikan gateway proxy sudah ke IP PROXY Mikrotik, jika menggunakan ClearOS
sudah ada di menu network->ip setting klik edit ikuti wizardnya dan jangan
lupa gateway dan dns nya sudah benar, untuk memastikan bisa lihat file ifcfg-eth0
ada di direktory /etc/sysconfig/network-scripts

[root@proxy network-scripts]# cat ifcfg-eth0
DEVICE=eth0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
IPADDR="192.168.3.1"
NETMASK="255.255.255.0"
HWADDR="00:50:da:93:4c:53"
GATEWAY="192.168.3.2"

Jalankan Web Proxy ada di menu
gateway -> Web Proxy
klik start dan buat automatic

Jangan lupa buat acl nya dulu yah di Squid bisa dari webconfignya kok

Sekarang Proxy kita sudah siap di uji coba

Read more »

Lusca di ClearOs 5.2

Tutorial ini telah diuji di server Clearos 5.2, mode : gateway
Perhatian, simpan/backup squid.conf asli Anda sebelum melakukan perubahan, karena mungkin masih diperlukan untuk setingan delaypool.
Langkah-langkahnya :
Jalankan putty dan winscp.Masuk ke PUTTY (salin-tempel perintah dibawah ini perbaris lalu enter.

yum remove squid (jawab : y)

yum remove squid (sengaja… untuk memastikan gak ada yg tersisa)

yum install automake gcc glibc-devel e2fsprogs-devel sharutils (jawab : y)

wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz

tar -zxvf LUSCA_HEAD-r14809.tar.gz

cd LUSCA_HEAD-r14809

ulimit -n 8192

./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups

make all && make install

cd /usr/local/squid/etc/

wget http://v1.tiberias.or.id/downloads/squid.conf

wget http://v1.tiberias.or.id/downloads/storeurl.pl.conf

wget http://www.hendraarif.web.id/wp-content/uploads/2011/02/tunning.conf

(cat. jika tunning.conf gagal diundah, salin semua isi dibawah ini, lalu paste ke notepad)

acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}

acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET


storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all

storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 100

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 180 95% 43200 override-lastmod reload-into-ims store-stale

global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB

header_access Accept-Encoding deny all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
#range_offset_limit 50 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

#cachemgr_passwd none info
cachemgr_passwd none all
client_db on
max_filedescriptors 4096
n_aiops_threads 24
#client_socksize 16 MB
load_check_stopen on
load_check_stcreate on
download_fastest_client_speed on

dengan nama : tunning.conf, lalu copykan ke /usr/local/squid/etc/ , gunakan winscp)

dilanjutkan dengan buka winscp :

masuk ke folder/directory : /usr/local/squid/etc/
ganti nama file : storeurl.pl.conf menjadi storeurl.pl (klik kanan rename)
hapus file : squid.conf (atau ganti dg nama lain)
ganti nama file : squid.conf.1 menjadi squid.conf
buka file squid.conf, untuk melakukan pengeditan. diedit.
tambahkan tanda # didepan baris offline_mode on (hasilnya : #offline_mode on)
menyesuaikan IP, cari baris perintah berikut :
acl localnet src 10.0.2.0/24 # RFC1918 possible internal network
ganti dg ip LAN kita, contoh : 10.0.2.0/24 ganti dengan 192.168.2.0/24)
ganti juga ip 10.0.2.0/24 yg berada dikelompok delaypool (digulung/scroll kebawah sampai mentok) ganti dengan IP LAN kita tadi.


kembali lagi ke…… PUTTY copas perintah berikut satu-satu:

dengan nama : tunning.conf, lalu copykan ke /usr/local/squid/etc/ , gunakan winscp)

dilanjutkan dengan buka winscp :

masuk ke folder/directory : /usr/local/squid/etc/
ganti nama file : storeurl.pl.conf menjadi storeurl.pl (klik kanan rename)
hapus file : squid.conf (atau ganti dg nama lain)
ganti nama file : squid.conf.1 menjadi squid.conf
buka file squid.conf, untuk melakukan pengeditan. diedit.
tambahkan tanda # didepan baris offline_mode on (hasilnya : #offline_mode on)
menyesuaikan IP, cari baris perintah berikut :
acl localnet src 10.0.2.0/24 # RFC1918 possible internal network
ganti dg ip LAN kita, contoh : 10.0.2.0/24 ganti dengan 192.168.2.0/24)
ganti juga ip 10.0.2.0/24 yg berada dikelompok delaypool (digulung/scroll kebawah sampai mentok) ganti dengan IP LAN kita tadi.


kembali lagi ke…… PUTTY copas perintah berikut satu-satu:

jika tampil tulisan : Finished rebuilding storage from disk.
bla.. bla.. bla
bla.. bla.. bla
storeLateRelease: released 0 objects.

artinya lusca berhasil ditanamkan di server anda..
tutup putty

kembali lagi ke… WINSCP :

masuk ke direktori /etc/rc.d
buka file : rc.local
hapus semua dan gantikan dengan script dibawah ini:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/usr/local/squid/sbin/squid -NDd1 &
# This file is executed by the firewall on stop/start/restart.

Simpan, tutup.

Masuk ke folder : /etc

Buka file : firewall
Cari baris berikut :

# Squid configuration
#--------------------------
SQUID_TRANSPARENT="" ( ganti menjadi ) SQUID_TRANSPARENT="on"
SQUID_FILTER_PORT="" ( ganti menjadi ) SQUID_FILTER_PORT="3128"

Simpan, tutup.


Saatnya uji coba..

disalin dari Forum ClearOS

Read more »

menghapus Cache proxy di clear os

Untuk menghapus Cache proxy di clear os dapat dilakukan dengan dua cara yaitu lewat web-base dan mode terminal.

Dari mode web base lakukan printah berikut ini :
Stop dahulu proses service proxynya
Pilih Reset Cache

Dari mode terminal masukkan perintah berikut ini :
terlebih dahulu service squid di nonaktifkan karena jika diaktifkan proses penghapusan cachenya akan gagal.
/sbin/service squid stop

Selanjutkan lakukan proses penghapusan cache di squid untuk proses penghapusan ini akan memakan waktu sekitar 2 s/d 5 menit.
/bin/rm -rf /var/spool/squid/*

masukkan perintah dibawah ini untuk membangun kembali swap squidnya
/squid -z

Restart squid
/sbin/service squid start

Nah proses penghapusan cache proxy squidnya sudah beressss

Read more »

ClearOS sebagai PROXY External Mikrotik

Setelah ClearOS terinstall, supaya transparent proxy

Cari Baris Squid Configurasi

# Squid configuration

#——————–

SQUID_TRANSPARENT=”off”

SQUID_FILTER_PORT=”"

Jangan lupa disimpan hasil editan tadi dengan menekan tombol CTR+O, setelah itu jangan lupa Squidnya di Restart dengan cara perintah #service squid restart

Kemudian jangan lupa di NAT Mikrotik Pasang script dibawah ini, supaya semua pc client secara otomatis lewat ke Proxy ClearOS

/ip firewall nat add chain=dstnat src-address=!ip-lokal protocol=tcp dst-port=80 action=dst-nat to-addresses=ip-proxy to-ports=3128 comment=”TransParent PROXY” disabled=no

Sebagai Tool tambahan ketikan:

/tool netwatch add comment=”" disabled=no down-script=”/ip firewall nat disable 18″ host=\

ip-proxy interval=30s timeout=1s up-script=\

“/ip firewall nat enable 18″

Read more »

Update Squid Clear Os

service squid stop
mkdir /tmp/squid
cd /tmp/squid
wget http://download.clearfoundation.com/com … s.i686.rpm
rpm -U squid-3.1.3-2.clearos.i686.rpm
cp /etc/squid/squid.conf /etc/squid/squid.conf.backup
cp /etc/squid/squid.conf.rpmnew /etc/squid/squid.conf
service squid start

Read more »

Upgrade Squid ClearOs ke versi 2.7

Seperti kita telah ketahui, ClearOS v.5.2 masih memakai squid ver 2.6. Jika anda ingin mengoprek lebih jauh dengan mengupgrade squid ke ver 2.7 ikuti langkah berikut.Hal ini memerlukan kemampuan penguasaan perintah CLI yang baik, jadi jika anda belum bisa, JANGAN COBA-COBA !. Catatan, Clearfoundation dan ClearOS Indonesia tidak merekomendasikan hal ini, jadi semua resiko yang terjadi menjadi tanggung jawab anda. Gunakan hanya untuk eksperimen, jangan diterapkan ke mesin produksi/server utama.

NOTE : Pengaturan squid baru sepenuhnya melalui CLI,baik untuk setting maupun untuk mengaktifkan fitur transparent nya, fitur setting proxy server di webconfig tidak berlaku lagi..!!! Perhatikan, maksud dan tujuan setiap perintah yang ada. Lakukan penyesuaian dengan kondisi server anda (jangan asal COPAS !!! )

Tahap 1 : Remove pengaturan squid via webconfig

Kode: [Pilih]
#service squid stop

#yum remove app-squid

Tahap 2: Install squid 2.7
Kode: [Pilih]
mkdir /tmp/squid

cd /tmp/squid

wget http://people.redhat.com/jskala/squid/squid-2.7.STABLE9-1.el5/i386/squid-2.7.STABLE9-1.el5.i386.rpm

rpm -Uvh –nodeps squid-2.7.STABLE9-1.el5.i386.rpm

PERBAIKAN :
Jika squid anda bermasalah fatal setelah upgrade, coba lakukan downgrade berikut :
(server anda harus terkoneksi dengan internet)

Kode: [Pilih]
#yum remove squid

#yum install squid app-squid

sumber : http://clearos-indonesia.com/index.php?topic=114.0

Read more »

install SARG (ClearOS 5.2)

wget http://dag.wieers.com/rpm/packages/sarg/sarg-2.2.3.1-1.el4.rf.i386.rpm
rpm --test -Uhv sarg-2*
if no errors


rpm -Uhv sarg-2*
Sarg is now installed

get a permission
cd /etc/httpd/conf.d

edit sarg.conf
change the permissions from
deny from all -> allow from all

restart apache
service httpd restart

Now you can make your first report
sarg -ix wil make a ONE-SHOT report

Visit Site http://serverip/sarg

Read more »

Cara setting ClearOs Squid External Proxy Mikrotik

Transparent Proxy adalah Proxy yang tidak terlihat oleh Client. Dengan menggunakan Transparent Proxy client dipaksa untuk memakai Proxy tanpa melakukan setting-an di browser. Squid adalah salah satu jenis Proxy yang paling umum dipakai.

Ip address Mikroik:
Ether0 =192.168.1.2------------------Ke internet
Ether1 =192.168.2.1------------------Ke Client
Ether2 =192.168.3.1------------------Ke Squid External ClearOs

Ip Address ClearOs:
eth0 =192.168.3.2------------------ip ClearOs

--Set Mikrotik

----Untuk interface Mikrotik:
/interface set 0 name=internet
/interface set 1 name=client
/interface set 2 name=squid

----Untuk ip address Mikrotik:
/ip address add address=192.168.1.2 netmask=255.255.255.0 interface=internet
/ip address add address=192.168.2.1 netmask=255.255.255.0 interface=client
/ip address add address=192.168.3.1 netmask=255.255.255.0 interface=squid

----Untuk Gateway Mikrotik:
/ip route add gateway=192.168.1.1

----Untuk DNS Mikrotik:
/ip dns set primary-dns=203.130.193.74,203.130.206.250 allow-remote-requests=yes

----Untuk Nat Mikrotik:
/ip firewall nat add chain=srcnat out-interface=internet action=masquerade
/ip firewall nat add chain=dstnat src-address=!192.168.3.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.3.2 to-ports=3128 comment="" disabled=no

--Set ClearOs

----Install ClearOS Server Standalone Mode – No Firewall
edit file /etc/firewall, cari dan ganti parameter berikut

SQUID_TRANSPARENT="off"

ubah menjadi :
SQUID_TRANSPARENT="on"

#service squid restart

----edit file /etc/resolv.conf, tambahkan nameserver (DNS) ISP anda

cat resolv.conf

nameserver 203.130.193.74


----pastikan gateway proxy sudah ke IP PROXY Mikrotik,lihat file ifcfg-eth0
ada di direktory /etc/sysconfig/network-scripts


cat ifcfg-eth0

DEVICE=eth0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
IPADDR="192.168.3.2"
NETMASK="255.255.255.0"
HWADDR="00:80:da:24:6c:73"
GATEWAY="192.168.3.1"


Jalankan Webproxy di ClearOS, yang ada pada menu Gateway>Web Proxy
Klik Start dan buat Automatic

---Selamat Mencoba---

Read more »

Ip adress dns server udah diisi , tapi tetap tidak dapat browsing, padahal di ping bisa..

IP DNS server (biasanya speedy memakai 202.134.1.10 dan 202.134.0.155) isikan di server ClearOS(bagian ip setting) dan di client windowsnya juga diisikan ip address DNS yang sama.Jangan lupa matikan DHCP server di modem

Read more »

ClearOs-nya memakai mode STANDALONE jika digabungkan Mikrotik

Ada plik/warnet yang menggabungan ClearOs dengan mikrotik sebagai routernya.Cuma nanti ClearOs-nya memakai mode STANDALONE bukan GATEWAY.Topologinya sbb :

modem -- mikrotik (RB 750) -- Client
|
proxy (ClearOS)

Hanya Anda harus bisa settingan di mikrotiknya, yang mengalihkan destination port 80 ke port 3128 milik ClearOS.

Read more »

Partisi Default ClearOS

Sebenarnya partisi default dari clearOS sudah bagus pembagiannya,tapi kalau berkeinginan mencoba partisi manual bisa aja.

Biasanya saya buat :

/boot = 100MB
/cache = 12GB
/home = 20GB
swap = 2x memori fisik jika RAM <1GB, tapi kalau diatas 1GB, buat swapnya 1GB aja sudah cukup /root = sisanya (tapi biasanya root saya kasih 20GB saja,sisanya ga saya pakai smile ) itu /cache buat partisi cache proxy server, agak rumit juga pengaturannya,mesti diberi hak akses dan merubah cache_dir di squid.conf, edit manual pakai CLI (Command Line Interface) Kalau pakai partisi defaultnya, tinggal klak-klik sedikit di web config,sudah jadi itu server big_smile

Read more »

Squid

Salah satu contoh aplikasi proxy/cache server adalah Squid. Squid dikenal sebagai aplikasi proxy dan cache server yang handal. Pada pihak klien bekerja apliaksi browser yang meminta request http pada port 80. Browser ini setelah dikonfigurasi akan meminta content, yang selanjutnya disebut object, kepada cache server, dengan nomor port yang telah disesuaikan dengan milik server, nomor yang dipakai bukan port 80 melainkan port 8080 3130 (kebanyakan cache server menggunakan port itu sebagai standarnya).
Pada saat browser mengirimkan header permintaan, sinyal http request dikirimkan ke server. Header tersebut diterima squid dan dibaca. Dari hasil pembacaan, squid akan memparsing URL yang dibutuhkan, lali URL ini dicocokkan dengan database cache yang ada.
Database ini berupa kumpulan metadata (semacam header) dari object yang sudah ada didalam hardisk. Jika ada, object akan dikirimkan ke klien dan tercatat dalam logging bahwa klien telah mendapatkan object yang diminta. Dalam log kejadian tersebut akan dicatat sebagai TCP_HIT. Sebaliknya, jika object yang diminta ternyata tidak ada, squid akan mencarinya dari peer atau langsung ke server tujuan. Setelah mendapatkan objectnya, squid akan menyimpan object tersebut ke dalam hardisk. Selama dalam proses download object ini dinamakan “object in transit” yang sementara akan menghuni ruang memori. Dalam masa download tadi, object mulai dikirimkan ke klien dan setelah selesai, kejadian ini tercatat dalam log sebagai TCP_MISS.
Hubungan antar cache atau nantinya disebut peer itu sendiri ada dua jenis, yaitu parent dan sibling. Sibling kedudukannya saling sejajar dengan sibling lainnya, sedangkan parent adalah berada diatas sibling, dua jenis peer ini yang selanjutnya akan bergandengan membentuk jaringan hirarki cache
ICP sebagai protokol cache berperan dalam menanyakan ketersediaan object dalam cache. Dalam sebuah jaringan sebuah cache yang mempunyai sibling, akan mencoba mencari yang dibutuhkan ke peer sibling lainnya, bukan kepada parent, cache akan mengirimkan sinyal icp kepada sibling dan sibling membalasnya dengan informasi ketersediaan ada atau tidak. Bila ada, cache akan mencatatkan ICP_HIT dalam lognya. Setelah kepastian object bias diambil dari sibling, lalu cache akan mengirimkan sinyal http ke sibling untuk mengambil object yang dimaksud. Dan setelah mendapatkannya, cache akan mencatat log SIBLING_HIT.
Jika ternyata sibling tidak menyediakan object yang dicari, cache akan memintanya kepada parent. Sebagai parent, ia wajib mencarikan object yang diminta tersebut walaupun ia sendiri tidak memilikinya (TCP_MISS). Setelah object didapatkan dari server origin, object akan dikirimkan ke cache child tadi, setelah mendapatkannya cache child akan mencatatnya sebagai PARENT_HIT.


Konfigurasi, penggunaan dan metode Squid
Konfigurasi-konfigurasi mendasar squid antara lain :

1. http_port nomor port. Ini akan menunjukkan nomor port yang akan dipakai untuk menjalankan squid. Nomor port ini akan dipakai untuk berhubungan dengan klien dan peer.
2. icp_port nomor port. Ini akan menunjukkan nomor port yang akan dipakai untuk menjalankan squid. Nomor port ini akan dipakai untuk berhubungan dengan klien dan peer.
3. cache_peer nama_peer tipe_peer nomor_port_http nomor_port_icp option. Sintask dari cache peer ini digunakan untuk berhubungan dengan peer lain, dan peer lain yang dikoneksikan ini tipenya bergantung dari tipe peer yang telah dideklarasikan ini, bias bertipe sibling maupun bertipe parent,dan port yang digunakan untuk hubungan ICP maupun HTTP juga dideklarasikan disini, sedangakan untuk parameter option disini ada bermacam-macam salah satunya adalah default yang berarti dia adalah satu-satunya parent yang harus dihubungi (jika bertipe parent) dan proxy-only yang berarti bahwa object yang dipata dari peer tersebut tidak perlu disimpan dalam hardisk local.
4. Dead_peer_timeout jumlah_detik seconds. Masing-masing peer yang telah didefinisikan sebelumnya mempunyai waktu timeout sebesar yang ditentukan dalam konfigurasi ini, Jika peer tidak menjawab kiriman sinyal ICP dalam batas waktu yang telah ditentukan, peer akan dianggap tidak akan dapat dijangkau, dan cache server tidak akan mengambil object dari server yang bersangkutan dalam interval waktu tertentu.
5. Hierarcy_stoplist pola1 pola2 Sintaks ini digunakan untuk menyatakan apa yang harus tidak diminta dari peer, melainkan harus langsung dari web server origin, jika pola1 dan pola 2 adalah parameter cgi-bin, ?, dan lain-lain maka jika ada request URL yang mengandung karakter tersebut maka akan diambilkan langsung ke server origin.
6. Cache_mem jumlah_memori (dalam bytes) Sintaks ini akan menentukan batas atas jumlah memori yang digunakan untuk menyimpan antara lain : intransit object yaitu object yang dalam masa transisi antara waktu cache mendownload sampai object disampaikan ke klien, dan hot object, yaitu object yang sering diakses.
7. Cache_swap_low/high jumlah (dalam persen) Squid akan menghapus object yang ada didalam hardisknya jika media tersebut mulai penuh. Ukuran penuh ini yang diset pada cache_swap_low dan cache_swap_high. Bila batas swap_low telah tercapai maka squid mulai menghapus dan jika batas swap_high tercapai maka squid akan semakin sering menghapus.
8. Cache_dir jenis_file_sistem direktori kapasitas_cache dir_1 jumlah dir_2 Sintaks ini akan menjelaskan direktori cache yang dipakai, pertama adalah jenis file sistemnya, lalu didirektori mana cache tersebut akan disimpan, selanjutnya ukuran cache tersebut dalam MegaBytes lalu jumlah direktori level 1 dan direktori level 2 yang akan digunakan squid untuk menyimpan objectnya.



ACL (Access Control List)
Selanjutnya konfigurasi-konfigurasi lanjutan squid, selain sebagai cache server, squid yang memang bertindak sebagai “parent” untuk meminta object dari kliennya dapat juga dikonfigurasi untuk pengaturan hak akses lebih lanjut, untuk pertama kali yang dibicarakan adalah ACL (access control list), ACL sendiri terdiri dari beberapa tipe antara lain :

* Src - IP Address asal yang digunakan klien
* Dst - IP Address tujuan yang diminta klien
* Myip - IP Address local dimana klien terhubung
* srcdomain - Nama domain asal klien
* dstdomain - Nama domain tujuan klien
* srcdom_regex- Pencarian pola secara string dari nama domain asal klien
* dstdom_regex - Pencarian pola secara string dari nama domain tujuan klien
* Time - Waktu dinyatakan dalam hari dan jam
* Proto - Protokol transfer (http, ftp, gopher)
* Method - Metode permintaan http (get, post, connect)

Berikutnya adalah control list yang akan digunakan untuk mengatur control dari ACL, control list tersebut antara lain :

* http_access - memperbolehkan acess http
* icp_access - memperbolehkan peer untuk mengirimkan icp untuk menquery object
* miss_access - memperbolehkan klien meminta object yang belum ada (miss) didalam cache
* no_cache - object yang diminta klien tidak perlu disimpan ke hardisk
* always_direct - permintaan yang ditangani langsung ke server origin
* never direct - permintaan yang ditangani secara tidak langsung ke server origin.

Sebagai contoh diberikan sintaks konfigurasi ACL seperti dibawah ini :

#bagian ACL
ACL localnet src 192.168.100.0/24
ACL localkomp 127.0.0.1/255.255.255.255
ACL isp dst 202.59.206.65/30
ACL allsrc src 0.0.0.0/0.0.0.0
ACL alldst dst 0.0.0.0/0
ACL other src 10.10.11.11/32
ACL domainku srcdomain .jatara.net
#bagian control list
http_access deny other
http_access allow localnet
http_access allow lokalkomp
http_access allow domainku
http_access deny allsrc
always_direct allow isp
always_direct deny alldst

Pada konsep sintaks konfigurasi squid adalah bahwa sesuatu yang telah dieksekusi pada baris yang lebih atas maka dia tidak dieksekusi lagi dibaris yang paling bawah, walaupun dalam parameter ACL yang dibawah tersebut dia juga termasuk, untuk lebih jelasnya, jika ada IP Address 192.168.100.0/24 maka IP Address yang berkisar dari 192.168.100.1 – 192.168.100.254 (ACL localnet) telah diijinkan untuk mengakses http yang ditunjukkan oleh http_access allow localnet, dan dibawahnya ada ACL allsrc yang itu adalah mencakup semua daftar IP Address dan ACL itu tidak diperbolehkan mengakses http, yaitu http_access_deny allsrc, tapi karena pada ACL localnet dia telah dieksekusi untuk sebagai IP Address yang boleh mengakses, maka walaupun dibaris bwahnya di dieksekusi lagi, itu tidak akan berpengaruh,hal-hal seperti itu digunakan untuk seorang administrator cache server untuk melakukan pengontrolan agar tidak akan terlalu detail melakukan pengaturan jika baris atas dan bawah sama-sama saling mempengaruhi.


Peering
Kembali membicarakan tentang konfigurasi peering. Maka di squid option atau parameter-parameter untuk pengaturan squid banyak sekali variasinya antara lain terdapat dalam contoh dibawah ini :

Cache_peer ugm.ac.id sibling 8080 3130 proxy-only
Cache_peer itb.ac.id parent 3128 3130 no-digest round-robin
Cache_peer ui.ac.id parent 3128 3139 weight=2 no-digest

Untuk pengaturan diatas, tipe peer baik sibling maupun parent, nomor port untuk hubungan icp maupun http telah dijelaskan pada bab sebelumnya, disini akan dibahas tentang option yang ada yaitu proxy-only, round-robin, dan no-digest.
Pada bagian sibling cache peer itu didefinisikan sebagai proxy-only yang berarti seluruh object yang didapatkan dari sibling tidak akan disimpan ke dalam hardsik, begitu object selesai didownload maka object tersebut akan langsung diserahkan kepada klien dan object akan dihapus dari memori, option selanjutnya adalah weight, option weight adalah digunakan untuk pengaturan prioritas yang semakin tinggi nilainya maka dia adalah cache parent yang akan dihubungi terlebih dahulu, option round-robin berfungsi untuk memutar giliran parent mana yang akan diminta mencarikan object, pada kasus ini jika ada terdapat banyak parent yang tidak diberi option weight untuk prioritas maka option round-robin digunakan untuk menggilir cache yang akan dihubungi secara bergantian.
Sedang option no-digest adalah merupakan salah satu alternative squid berbicara dengan peer. Cache digest menggunakan cara mengumpulkan header masing-masing object yang telah disimpan kedalam sebuah file. File ini yang nantinya akan diforward atau didownload oleh peer dengan menggunakan protokol http. Header ini dikumpulkan dalam versi terkompres dengan rasio tinggi.
Dengan memperoleh cache-digest dari peer, squid memperoleh kejelasan status ada tidaknya object yang diminta, tanpa perlu bertanya dulu sebelumnya lewat protokol ICP, Jelas dari sini squid dapat mengoptimisasi banwitdh, terutama jika peer terletak dalam jarak logika hoop yang cukup jauh. Cache digest itu sendiri degenerate secara berkala dan besarnya tergantung dari jumlah setiap object, masing-masing object tersebut disimpan dalam header sebanyak 10 bits.


Object Cache
Pengaturan object sebuah cache server merupakan salah satu hal yang perlu diperhatikan disini. Telah diketahui sebelumnya bahwa object disimpan pada dua level cache_dir yang besar levelnya didefinisikan pada konfigurasi utama squid. Object itu sendiri berisikan content URL yang diminta klien dan disimpan dalam bentuk file binary, masing-masing object mempunyai metadata yang sebagian dari isinya disimpan didalam memori untuk memudahkan melacak dimana letak object dan apa isi dari object tersebut. Banyak sifat-sifat yang perlu diamati untuk optimasi squid ini, antara lain :
Umur object Umur obect merupakan sebuah ukuran waktu yang dihabiskan sebuah object untuk tinggal didalam hardisk cache. Umur object dibatasi oleh beberapa factor, yaitu :
metode penghapusan object object dihapus bisa melalui beberap algoritma penghapusan :

1. Logistic Regression : yaitu menghapus object dengan kemungkinan logistic regression terkecil. Kemungkinan logistic regression bisa diartikan sebagai besarnya kemungkinan object tersebut akan diakses diwaktu yang akan dating.
2. Least Recently Used : yaitu metode penghapusan object berdasarkan waktu kapan object tersebut terakhir diakses. Semakin lama (besar) waktunya, kemungkin dihapus juga akan semakin besar.
3. Least Frequently Used : Metode penghapusan object yang paling jarang diakses.
4. First In First Out : Penghapusan yang merunut metode berdasarkan waktu masuk ke dalam cache_dir, yaitu object yang paling awal masuk, berarti itu adalah object yang akan dihapus terlebih dahulu.
5. Random : Menghapus object secara random.



Kapasitas hardisk cache
Semakin besar kapasitas cache, berarti semakin lama umur object tersebut bisa disimpan, jika pemakaian hardisk sudah mendekati batas atas (cache_swap_high) penghapusan akan semakin sering dilakukan.


Memori
Memori dipakai squid dalam banyak hal. Salah satu contoh pemakaiannya adalah untuk disimpannya object yang popular, lazimnya disebut hot object. Jumlah hot object yang disimpan dalam memori bisa diatur dengan option cache_mem pada squid.conf
Sebenarnya yang paling memakan memori adalah metadata object, karena kebanyakan object sendiri sebenarnya disimpan dalam direktori cache_dir hardsik local. Semakin banyak kapasitas cache_dir, semakin banyak pula metadata dan semakin membebani pemakaian memori. Pada kebanyakan kasus untuk setiap 1.000.000 jumlah object, rata-rata dibutuhkan sebesar 72 MB memori untuk keseluruhan object dan 1,25 MB untuk metadata. Jumlah object ini bisa didapatkan dari besar cache_dir dibagi dengan jumlah rata-rata kapasitas object, biasanya setiap object bernilai 13 KB.
Mengingat pentingnya ketersediaan memori, penting untuk melihat sebagus apa aplikasi pengalokasian memori yang ada pada sistem operasi yang sedang bekerja. Secara default pada sistem operasi sudah tersedia rutin program untuk alokasi memori atau malloc (memory allocation). Namun pada beban yang sangat besar dan tanpa diimbangi penambahan memori yang memadai, malloc akan mencapai batas atas performansi dan kemudian mencapai status ketidakstabilan, dan squid akan menuliskan banyak pesan error pada log, misalnya seperti : “xmalloc : Unable to allocate 4096 bytes!”.
Jika ini terjadi, langkah yang dapat dilakukan adalah melakukan penambahan memori, dan langkah kedua jika ingin lebih stabil adalah menginstall library untuk rutin program malloc yang lebih baru.

Read more »

Buku Tutorial Mengupas Tuntas Mikrotik & Squid Ubuntu proxy

Didalam buku tersebut dibahas secara kronologi tahap instalasi Mikrotik dan menkonfigurasi Mikrotik Box untuk beberapa kegunaan.Konfigurasi 1 speedy, 2 speedy, 3 speedy...dst.Konfigurasi "Loadbalance" atau "Fail over" serta konfigurasi untuk Squid Ubuntu proxy.

Selain itu juga membahas secara tuntas instalasi Squid Ubuntu proxy sampai dengan mengkonfigurasinya.
Buku tutorial ini sangat bermanfaat bagi pemula atau pelajar yang ingin memperdalam tentang Mikrotik dan Squid Ubuntu proxy.

Dengan hanya mentransfer uang sebesar Rp 250.000,- (dua ratus lima puluh ribu rupiah) buku tutorial tersebut sudah ditangan Anda, dimanapun Anda bertempat tinggal di wilayah NKRI

PJK juga mengadakan kursus singkat tentang Mikrorik & Squid Ubuntu Proxy.

KCP Bank Mandiri Pekalongan Imam Bonjol
Nomor Rekening: 139-00-1134610-7
An.Falentino Eka Laksana Putra.


Setelah Anda mentransfer uang, segera konfirmasi ke nomor selular kami diatas.

Read more »

Ubuntu Networking Configuration Using Command Line

The basics for any network based on *nix hosts is the Transport Control Protocol/ Internet Protocol (TCP/IP) combination of three protocols. This combination consists of the Internet Protocol (IP),Transport Control Protocol (TCP), and Universal Datagram Protocol (UDP).

By Default most of the users configure their network card during the installation of Ubuntu. You can however, use the ifconfig command at the shell prompt or Ubuntu’s graphical network configuration tools, such as network-admin, to edit your system’s network device information or to add or remove network devices on your system

Configure Network Interface Using Command-Line

You can configure a network interface from the command line using the networking utilities. You configure your network client hosts with the command line by using commands to change your current settings or by editing a number of system files.

Configuring DHCP address for your network card

If you want to configure DHCP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don’t have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

# The primary network interface - use DHCP to find our address
auto eth0
iface eth0 inet dhcp

Configuring Static IP address for your network card

If you want to configure Static IP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don’t have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

# The primary network interface

auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

Setting up Second IP address or Virtual IP address in Ubuntu

If you are a server system administrator or normal user some time you need to assign a second ipaddress to your Ubuntu machine.For this you need to edit the /etc/network/interfaces file and you need to add the following syntax.Below one is the only example you need to chnage according to your ip address settings

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don’t have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x

You need to enter all the details like address,netmask,network,broadcast and gateways values after entering all the values save this file and you need to restart networking services in debian using the following command to take effect of our new ipaddress.

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

Setting your ubuntu stytem hostname

Setting up your hostname upon a ubuntu installation is very straightforward. You can directly query, or set, the hostname with the hostname command.

As an user you can see your current hostname with

sudo /bin/hostname

Example

To set the hostname directly you can become root and run

sudo /bin/hostname newname

When your system boots it will automatically read the hostname from the file /etc/hostname

If you want to know more about how to setup host name check here

Setting up DNS

When it comes to DNS setup Ubuntu doesn’t differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups.

To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf.

For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this

sudo vi /etc/resolv.conf

Note :- Use vi editor if you don’t have GUI installed

If you have GUI use the following command

gksudo gedit /etc/resolv.conf

enter the following details

search test.com
nameserver 192.168.3.2

Read more »

Cache Youtube videos using Squid in Ubuntu Linux

It is well known fact that nowadays more and more ISPs in the world use Ubuntu driven servers as proxies, domain name servers, routers etc. Squid is one the major open source web caching proxy software for Ubuntu and Linux as a whole. Term ‘caching‘ means a way to store Internet objects on locally deployed proxy server for sake of reducing bandwidth consumption and access time to popular web content. You may read more about squid caching software at wikipedia or squid-cache.org.

Youtube videos can also be cached and squid web caching proxy under Ubuntu is reasonable choice for this purpose. It’s common practice when one user downloads some very popular youtube video and then shares its URL to other users withing the same organization. Caching of such youtube video using squid will definitely save Internet connection bandwidth and traffic as every time users download that video it will be fetched from local web cache rather than from youtube servers.

Use Synaptic package manager to install squid package, here is the line to get it installed using terminal:

sudo aptitude install squid

(please notice that youtube caching requires squid of at least 2.7STABLE6 version).

Once installed you should edit /etc/squid/squid.conf (main configuration of squid proxy) to apply configuration necessary to cache video from youtube. Below is an example of such configuration file for squid-2.7STABLE9 so you are welcome to open squid.conf with your favorite text file editor and copy/paste below config into it.

1. Open terminal and type the following commands to get started:

sudo echo -n > /etc/squid/squid.conf

(this cleans default squid.conf configuration file)

sudo gedit /etc/squid/squid.conf

(paste below configuration example and save changes)

http_port 3128
access_log none
coredump_dir none
cache_dir ufs /var/spool/squid/ 10000 16 256

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl ssl_ports port 443
acl safe_ports port 80 21 443 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !safe_ports
http_access deny CONNECT !ssl_ports
http_access allow all
icp_access deny all
acl QUERY2 urlpath_regex get_video\? videoplayback\? videodownload\?
cache allow QUERY2
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl youtube dstdomain .youtube.com
cache allow youtube
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999% 5259487 override-expire ignore-reload negative-ttl=0
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320

quick_abort_min -1 KB
maximum_object_size 4 GB
minimum_object_size 512 bytes

acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
storeurl_access allow store_rewrite_list
storeurl_access deny all

storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 1
storeurl_rewrite_concurrency 10

2. Create /etc/squid/storeurl.pl file:

sudo gedit /etc/squid/storeurl.pl

(paste below configuration example and then save changes)

#!/usr/bin/perl

$|=1;
while (<>) {
@X = split;
$x = $X[0];
$_ = $X[1];

if (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=[0-9]*).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";

} else {
print $x . $_ . "\n";
}
}

3. Apply execution bit to /etc/squid/storeurl.pl, here is terminal command for this:

sudo chmod +x /etc/squid/storeurl.pl

4. Now it’s time to start squid daemon:

sudo service squid start

In order to check it squid was started successfully type the following command:

sudo netstat -lnp | grep 3128

It should show one line in case of success. You can also point Ubuntu browser to 127.0.0.1:3128 as a proxy and try loading some web page like www.ubuntuka.com which could also set as a start page there :-)

Read more »

Setup Ubuntu squid proxy server - Introduction, installation and basic configuration guide for beginner

Squid is an open source caching proxy server. As a cache proxy server, squid accepts request data from client and passes it to appropriate Internet server. It keeps a copy of the returned data, especially hot objects cached in RAM. Squid also caches DNS lookups and supports non-blocking DNS lookups. Even when a client terminates a request, squid continues to fetch and complete the requested data. When it receives the same request again from other client, it just passes the stored data in its cache. This is the basic concept of how squid works, speeding up the Internet access and saving bandwidth.

Other than http protocol, squid supports FTP, gopher, and HTTP data objects. Squid also supports other caching protocols too, such as:

Internet cache protocol (ICP)
Cache digests
Simple network management protocol (SNMP)
Hyper text caching protocol (HTCP)

A cache proxy server can greatly improve Internet performance and squid cache proxy server is very fast and well known for high performance caching proxy server in Linux world. A normal firewall proxy does not store copy of returned data like squid does. Squid cache proxy server works great with firewall on the upper level and squid in the lower level protecting local network from each other.
Setup squid cache proxy server in Ubuntu

Before setting up a squid cache proxy server, you should consider several things that will influence the performance of the caching server later. The most important things are server hardware.
Basic hardware requirements

As we already know, squid stores meta data especially hot objects cached in RAM. So having a big RAM will improve squid performance and overall server performances. However, cpu power doesn't really effect squid performance.

While keeping all caches in the hard disk, having a fast random-seek-time hard disk would boost squid performances. A high rpm hard disk is good but the price is higher. You would better consider adding extra hard disk with fast random-seek-time because having many hard disk also improve squid performances.
Install squid proxy in Ubuntu

You can check whether squid is already installed by checking squid service with ps command. To simply grab a running squid service with ps command, add | (pipe) and grep option like the example below:

luzar@ubuntu:~$ ps aux | grep squid
luzar 5667 0.0 0.1 3236 796 pts/0 S+ 16:45 0:00 grep squid
luzar@ubuntu:~$

So there is no squid process running in our system. Then we can install squid package using apt-get package management system. Example of squid package installation in Ubuntu using apt-get:

luzar@ubuntu:~$ sudo apt-get install squid
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
openssl-blacklist squid-common ssl-cert
Suggested packages:
squidclient squid-cgi logcheck-database resolvconf smbclient winbind
The following NEW packages will be installed:
openssl-blacklist squid squid-common ssl-cert
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 7542kB of archives.
After this operation, 19.5MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://us.archive.ubuntu.com intrepid/main openssl-blacklist 0.4.2 [6337kB]
4% [1 openssl-blacklist 360983/6337kB 5%] 4770B/s 25min5s

As you can see, squid file is quite big. So the downloading and installation is going to take some times. After the installation is finished, you can begin configuring squid as a caching proxy server.
Configure squid caching proxy server in Ubuntu

Squid configuration file is in /etc/squid directory. So change directory to /etc/squid and see what we have there.

luzar@ubuntu:~$ cd /etc/squid/
luzar@ubuntu:/etc/squid$ ls
squid.conf
luzar@ubuntu:/etc/squid$

We just have one file, squid.conf, which is the main configuration file for squid. For a safety reason, we will make a copy of squid.conf as a backup before we start editing the file. Here is a command to copy squid.conf:

luzar@ubuntu:/etc/squid$ sudo cp squid.conf squid.conf.bac
luzar@ubuntu:/etc/squid$ ls -l
total 344
-rw------- 1 root root 168394 2008-12-24 16:20 squid.conf
-rw------- 1 root root 168394 2008-12-24 17:07 squid.conf.bac
luzar@ubuntu:/etc/squid$

Here is a step by step guide on how to configure a basic squid caching proxy server. Open squid.conf with your favorite text editor. Here is an example using vim editor :

luzar@ubuntu:/etc/squid$ sudo vim squid.conf
[sudo] password for luzar:

This is an example of squid.conf file when you open it with vim editor:
squid.conf screenshot

Go to the line http_port. We are going to set http port for the squid caching proxy server. You can set port as in example below:

Tips: If you are using vim, in command mode, type /term to search for the term you are looking for. Pres n to find the next occurrence of the search term. Squid.conf is quite a big file for you to scroll.

# Squid normally listens to port 3128
http_port 3128

Next, we are going to set cache directory for our squid caching proxy server. The cache_dir is disabled by default. You can copy that line and add your preferred cache directory size for your caching proxy server. You can set more than one cache directory if you have many partitions and named the cache directory as cache1, cache2, cache3, so forth.

#Default:
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256

The value 100 after cache directory is the size value in MB. Set it according to your need. Remember that the cache directory must be empty. In the example above, I set it to 1000MB. The second and third values (16 256) are sub directory first and second tier.

We can set administrator email address in cache_mgr so email can automatically sent to us if squid dies.

#Default:
# cache_mgr webmaster
cache_mgr webmaster

Another important configuration we need to set is squid log. Squid log can be set in access_log parameter. This is the default path and file used:

# And priority could be any of:
# err, warning, notice, info, debug.
access_log /var/log/squid/access.log squid

Squid automatically create a default user proxy and a group proxy during the installation. Enable those names in the cache_effective_user and cache_effective_group in squid.conf file.

#Default:
# cache_effective_user proxy
cache_effective_user proxy

#Default:
# none
cache_effective_group proxy

Enable ftp anonymous user if you need that.

#Default:
# ftp_user Squid@
ftp_user Squid@

Now we need to set simple access control (acl) to allow ip address in our local network. Search for the acl localnet line and add your local area network ip addresses.

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
# acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl local_itnet src 192.168.0.0/255.255.255.0 # IT network
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network

Enable http_access from local network:

#Allow HTTP queries from local networks only
http_access allow acl local_itnet
http_access allow acl local_admnet
http_access deny all

Tips: Only allow ip address in your network.

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
acl local_itnet src 192.168.0.0/255.255.255.0 # It networkhttp_access allow localnet
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin networkhttp_access allow localnet

Allow icp from local network:

#Allow ICP queries from local networks only
icp_access allow acl local_itnet
icp_access allow acl local_admnet
icp_access deny all

That covers all the basic squid configurations. Now we can restart squid service:

lluzar@ubuntu:/etc/squid$ sudo vim squid.conf
luzar@ubuntu:/etc/squid$ sudo /etc/init.d/squid restart
* Restarting Squid HTTP proxy squid [ OK ]
luzar@ubuntu:/etc/squid$

Read more »

Step by step configuring and monitoring Squid 2.7 STABLE in Ubuntu 10.04

Squid is such us web-caching program running on both Linux or windows operation system. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL (http://www.squid-cache.org/) at this time squid has been up to version 2.7.
To build a successfully proxy server needs a preparation and little it knowledge of server administration, in this article we will explain step by step how to configuring and monitoring Squid Proxy server in Ubuntu 10.04. Before we start to install, setting then tuning Squid 2.7 better if we prepare system environment to support the performance of squid proxy server then.
We need resources at least CPU using processor Intel Pentium 4 (or equivalent), RAM 1 GB (Minimal) and HDD 40 GB (Minimal) ,latest Ubuntu Version (10.04) and internet connection to get/Install Ubuntu package. If all resources is ready let start to make a 'robust' proxy server.

Install Ubuntu 10.04 into Hard drive, Don't forget to use 'advance' mode to setup a partition, then make partition called '/cache' where cache will be placed with size approximately 10 GB (we can re-size latter).
If all installation progress is finished and successfully, go to application > accessories > terminal to install squid proxy server by command.

apt-get install squid

You already have Squid 2.7 installed in your hard-drive now, you can start configuring your proxy server by editing squid configuration file in '/etc/squid/squid.conf', you can download this squid configuration or searching by Google with keywords : high performance squid proxy server setting".
Build a squid caching file *type this command in your terminal

/usr/sbin/squid -z

Running test your squid performance. *type this command in your terminal

/usr/sbin/squid -NCd1

Restart Squid,your proxy server is ready to use now.

/etc/ini.d/squid restart

To get best performance of squid proxy server we have to reconfiguring/tuning several times, we can use application which help us to controlling and monitoring a squid performance, In this section we have 3 different application (same purpose) which can help us to monitoring/controlling a squid performance.

Squid Cache Manager (cachemgr), is default application for squid (not default installed) to monitor and tuning a squid performance, we can install cache-mgr by typing command 'apt-get install squid-cgi' on terminal, before we can use cache-mgr setting user and password in /etc/squid/squid.conf then access via browser by address http://localhost/cgi-bin/cachemgr.cgi.
Calamaris, is not official squid monitoring program but very recommended to use, you can go to this link to see the example of calamaris report sheet. we can install calamaris by typing command 'apt-get install calamaris' on terminal. Before we could read calamaris report sheet we must generate first using command 'calamaris -a -F html /var/log/squid/access.log > /var/www/calamaris/index.html' the access the report in 'http://localhost/calamaris'.
Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. Sarg provides many information about Squid users activities: times, bytes, sites, etc (http://sarg.sourceforge.net/). Sarg is closed to squid monitoring 'activity' program rather than squid performance monitoring tools, as example using Sarg we can see who is the most active client/user and where they going. To install Sarg we can use terminal by typing command 'apt-get install calamaris'.

We can also install third-party application such us webmin to help configuring, tuning, and maintaining a squid proxy server, i hope this article will help you :).

Read more »

Pemantauan Kinerja Squid

Idealnya pemantauan kinerja Squid adalah saat dia kerja keras dg beban terberat, jangan pas sepi atau idle. Sebenarnya statistik per 60 menit lebih mencerminkan kinerjanya tetapi jika pengguna browsing hanya sebentar-2 yg tidak akan terlalu tampak juga. Jadi pas jam padat saja ujicobanya (mungkin warnet 2 jam digratiskan begitu, he he he ... sekalian promosi utk iklan ... hanya usul lho, jangan serius). Kalau mau eksperimen lebih jauh sampai detail kinerja Squid anda terindentifikasi ya pakai saja web polygraph. Tapi konfigurasinya sangat rumit lho ... dan butuh 3 mesin, kalau tidak salah (dulu asisten saya yg mengerjakan, he he he ....).

Request Hit Ratios
Seberapa tinggi Squid bisa menyimpan permintaan akses suatu url (alamat situs) dan faktor ini ditentukan oleh besarnya ipcache_size dan dibantu oleh fqdn_cache, selama memori masih mengijinkan tentunya. Hit ratios ini seharusnya lumayan tinggi utk beberapa situs populer.

Byte Hit Ratios
Hit Ratios ini menentukan faktor penghematan bw anda dg mengambil obyek dari cache swap Squid, baik yg ada di memori atau hardisk. Semakin tinggi hit ratio-nya semakin hemat bw anda tapi hati2 soalnya malah bisa jadi lambat aksesnya jika hardisk anda tidak mampu melayani permintaan obyek yg boleh jadi sangat intensif.

Request Memory Hit Ratios
Permintaan obyek yg di-cache memori, tetapi krn kita juga mengejar responsiveness maka cache_mem kita buat kecil dan hit rasio ini mjd sangat rendah. Jika h/w anda papan atas maka cache_mem bisa ditingkatkan lebih jauh (pengalaman saya pernah ada mesin yg cache_mem sampai 24 MB masih sangat responsif). Siapa tahu dg mesin2 yg sangat hebat bahkan bisa sampai 1/3 memori fisik spt yg disarankan di squid-cache org.

Request Disk Hit Ratios
Hit Rasio ini ditentukan oleh obyek2 yg ditemukan (sudah disimpan) di hardisk dan krn Memory Hit Ratiosnya sangat kecil, disk hit ratio ini biasanya hampir sama dg Byte Hit Ratio (alasannya ya hampir semua obyek cache disimpan di hardisk, dan yg disimpan di memori hanya sbg penggembira saja, ha ha ha ...)

Squid agresif jika hit rasionya kisarannya 50% (di atas lebih baik tapi harus tetap responsif), kecuali memory hit ratio lho. Responsif jika request dilayani dg cepat (kalau bisa angka reratanya dipertahankan di bawah 100ms). Silahkan dilihat di topik 'sharing stats'.

Read more »

Putra Jaya Komputer (PJK)

Jasa-jasa yang di layani :
- Pemeliharaan & reparasi Laptop
- Perbaikan CPU & Monitor
- Instalasi LAN (Jaringan lokal) menggunakan kabel atau nirkabel (WIFI)
- Instalasi MIKROTIK (berbagai konfigurasi)
- Instalasi SQUID PROXY SERVER (untuk mempercepat akses internet)
- Instalasi Sistem Operasi (Linux, Windows dsb.)
- Instalasi pembangunan RTRW-NET,WARNET & HOTSPOT AREA
- Pelatihan singkat tentang MIKROTIK & SQUID PROXY SERVER

PJK juga sebagai pengelola JARINGAN WIFI INTERNET di Kecamatan Batang,Kabupaten Batang & Kecamatan Pekalongan Utara,Kota Pekalongan

Alamat:
Jl.Akasia Raya No.5 Perum.Kalisalak,Kauman,Batang
Flexi: 0285 7990476 Telkomsel: 0852-9390-3200 Indosat:0858-6911-1678

Read more »

LUSCA proxy di CentOS 5.5, Konfigurasi dan Tunning

Lusca bertujuan untuk memperbaiki kekurangan-2 dalam basis kode sementara squid, serta menjaga kestabilan fungsionalitas dan stabilitas Squid.
mendukung mayoritas HTTP/1.1 HTTP/1.0
Mendukung protokol dan caching untuk merekonstruksi : konten load balancing HTTP, kegagalan, permintaan cerdas / jawaban routing, memori dengan kinerja tinggi dan cache disk, sistem kontrol akses yang fleksibel
Peningkatan kinerja yang lebih cepat karena memperbaiki kelemahan squid proxy
Menangani local cache Content dynamic
web proxy / cache platform dengan kinerja lebih stabil, fitur lebih banyak dan skalabilitas yang dynamis.
mendukung cpu single core ataupun multicore
Lusca terus meliputi perbaikan dan perkembangan dari proyek Squid

[root@lusca-proxy ~]# yum install squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons | 951 B 00:00
addons/primary | 202 B 00:00
base | 2.1 kB 00:00
base/primary_db | 1.6 MB 00:02
extras | 2.1 kB 00:00
extras/primary_db | 188 kB 00:00
updates | 1.9 kB 00:00
updates/primary_db | 840 kB 00:01
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be updated
--> Processing Dependency: perl(URI::URL) for package: squid
--> Running transaction check
---> Package perl-URI.noarch 0:1.35-3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
squid i386 7:2.6.STABLE21-6.el5 base 1.3 M
Installing for dependencies:
perl-URI noarch 1.35-3 base 116 k

Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)

Total download size: 1.4 M
Is this ok [y/N]: y


Setelah terinstall maka kita remove lagi


[root@lusca-proxy ~]# yum remove squid
Loaded plugins: fastestmirror
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i386 7:2.6.STABLE21-6.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Removing:
squid i386 7:2.6.STABLE21-6.el5 installed 3.5 M

Transaction Summary
================================================================================
Remove 1 Package(s)
Reinstall 0 Package(s)
Downgrade 0 Package(s)

Is this ok [y/N]: y


Setelah itu kita install paket yang di butuhkan untuk kompilasi LUSCA yaitu :
- automake
- gcc
- glibc-devel
- e2fsprogs-devel
- sharutils


[root@lusca-proxy ~]# yum install automake gcc glibc-devel e2fsprogs-devel sharutils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package automake.noarch 0:1.9.6-2.3.el5 set to be updated
--> Processing Dependency: autoconf >= 2.58 for package: automake
---> Package e2fsprogs-devel.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5_5.1 for package: e2fspro gs-devel
---> Package gcc.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: cpp = 4.1.2-48.el5 for package: gcc
--> Processing Dependency: libgomp >= 4.1.2-48.el5 for package: gcc
---> Package glibc-devel.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-headers = 2.5-49.el5_5.7 for package: glibc-dev el
--> Processing Dependency: glibc = 2.5-49.el5_5.7 for package: glibc-devel
--> Processing Dependency: glibc-headers for package: glibc-devel
---> Package sharutils.i386 0:4.6.1-2 set to be updated
--> Running transaction check
---> Package autoconf.noarch 0:2.59-12 set to be updated
--> Processing Dependency: imake for package: autoconf
---> Package cpp.i386 0:4.1.2-48.el5 set to be updated
--> Processing Dependency: e2fsprogs-libs = 1.39-23.el5 for package: e2fsprogs
---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
--> Processing Dependency: glibc = 2.5-49 for package: nscd
---> Package glibc.i686 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: glibc-common = 2.5-49.el5_5.7 for package: glibc
---> Package glibc-headers.i386 0:2.5-49.el5_5.7 set to be updated
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers
--> Processing Dependency: kernel-headers for package: glibc-headers
---> Package libgomp.i386 0:4.4.0-6.el5 set to be updated
--> Running transaction check
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package glibc-common.i386 0:2.5-49.el5_5.7 set to be updated
---> Package imake.i386 0:1.0.2-3 set to be updated
---> Package kernel-headers.i386 0:2.6.18-194.26.1.el5 set to be updated
---> Package nscd.i386 0:2.5-49.el5_5.7 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
automake noarch 1.9.6-2.3.el5 base 476 k
e2fsprogs-devel i386 1.39-23.el5_5.1 updates 569 k
gcc i386 4.1.2-48.el5 base 5.2 M
glibc-devel i386 2.5-49.el5_5.7 updates 2.0 M
sharutils i386 4.6.1-2 base 201 k
Installing for dependencies:
autoconf noarch 2.59-12 base 647 k
cpp i386 4.1.2-48.el5 base 2.6 M
glibc-headers i386 2.5-49.el5_5.7 updates 602 k
imake i386 1.0.2-3 base 319 k
kernel-headers i386 2.6.18-194.26.1.el5 updates 1.1 M
libgomp i386 4.4.0-6.el5 base 70 k
Updating for dependencies:
e2fsprogs i386 1.39-23.el5_5.1 updates 977 k
e2fsprogs-libs i386 1.39-23.el5_5.1 updates 118 k
glibc i686 2.5-49.el5_5.7 updates 5.3 M
glibc-common i386 2.5-49.el5_5.7 updates 16 M
nscd i386 2.5-49.el5_5.7 updates 166 k

Transaction Summary
================================================================================
Install 11 Package(s)
Upgrade 5 Package(s)

Total download size: 37 M
Is this ok [y/N]:y

selesai install paket-paket di atas kemudian download LUSCA nya dari google

[root@lusca-proxy ~]#wget http://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz


Setelah itu di extrak


[root@lusca-proxy ~]# tar -zxvf LUSCA_HEAD-r14809.tar.gz


Pindah ke dalam direktori lusca, naikkan filedescriptors, dan kemudian configure menggunakan opsi-opsi di bawah ini

[root@lusca-proxy ~]# cd LUSCA_HEAD-r14809
[root@lusca-proxy ~]# ulimit -n 8192
[root@lusca-proxy LUSCA_HEAD-r14809]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-digests --enable-poll --enable-linux-netfilter --enable-removal-policies --with-maxfd=8192 --enable-storeio=aufs --disable-wccp --enable-x-accelerator-vary --enable-kill-parent-hack --enable-async-io=30 --disable-ident-lookups


semua file instalasi terletak di /usr/local/squid/ jadi kita tidak akan repot-repot mencari-cari file squid

Kemudian install

[root@lusca-proxy LUSCA_HEAD-r14809]# make all && make install


menunggu instalasi selesai sekarang waktu nya Konfigurasi.
- Pindah ke direktori /usr/local/squid/etc

[root@lusca-proxy LUSCA_HEAD-r14809]# cd /usr/local/squid/etc/


kemudian config squid nya kaya gini nih,..

##start of config
http_port 3128 transparent
icp_port 0
#icp_port 3130

pid_filename /var/run/squid.pid
cache_effective_user squid
cache_effective_group squid
#error_directory /usr/share/squid/errors/templates
#icon_directory /usr/share/squid/icons
visible_hostname lusca.net
cache_mgr admin@localhost
access_log /cache1/access.log
cache_log /cache1/cache.log
cache_store_log none
logfile_rotate 1
shutdown_lifetime 10 seconds


####################################################################
# Allow local network(s) on interface(s)
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.25.0/24 # RFC1918 possible internal network
####################################################################

uri_whitespace strip
#dns_nameservers
#dns_testnames 127.0.0.1

cache_mem 8 MB
maximum_object_size_in_memory 128 MB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /cache1 32768 64 256

minimum_object_size 512 bytes
maximum_object_size 128000 KB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
#acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet

# Default block all to be sure
http_access deny all

#include /usr/local/squid/etc/storeurl-el5.pl
include /usr/local/squid/etc/tunning.conf

##end of config


terus save.as storeurl.pl


#!/usr/bin/perl5.8.8
# by chudy_fernandez@yahoo.com
# Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
$|=1;
while (<>) {
@X = split;
$X[1] =~ s/&sig=.*//;
$x = $X[0] . " ";
$_ = $X[1];
$u = $X[1];


# compatibility for old cached get_video?video_id
if (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
$z = $2; $z =~ s/video_id=/get_video?video_id=/;
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";

# youtube HD itag=22
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=22).*?\&(id=[a-zA-Z0-9]*)/) {
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $2 . "&" . $3 . "\n";

# youtube Normal screen always HD itag 35, Normal screen never HD itag 34, itag=18 <--normal? } elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?\&(itag=[0-9]*).*?\&(id=[a-zA-Z0-9]*)/) { print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $3 . "\n"; } elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) { print $x . "http://www.google-analytics.com/__utm.gif\n"; #Cache High Latency Ads } elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com)(.*)/) { $y = $3;$z = $2; for ($y) { s/pixel;.*/pixel/; s/activity;.*/activity/; s/(imgad[^&]*).*/\1/; s/;ord=[?0-9]*//; s/;×tamp=[0-9]*//; s/[&?]correlator=[0-9]*//; s/&cookie=[^&]*//; s/&ga_hid=[^&]*//; s/&u_his=[^&]*//; s/&dt=[^&]*//; s/&lmt=[^&]*//; s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/; s/[;&?]ord=[?0-9]*//; s/[;&]mpvid=[^&;]*//; } print $x . "http://" . $1 . $2 . $y . "\n"; #cache high latency ads } elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) { print $x . "http://" . $1 . "/" . $2 . "\n"; # spicific servers starts here.... } elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) { print $x . "http://" . $1 . "\n"; # # indowebster added by fahmi[at]airputih.or.id #} elsif (($u =~ /indowebster/) && (m/^http:\/\/www[0-9][0-9]\.indowebster.com.*\/(.*?)/)) { # print $x . "http://cdn.indowebster.com/" . $2 . "\n"; #cdn, varialble 1st path } elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) { @y = ($1,$2,$4,$5); $y[0] =~ s/[a-z0-9]{2,5}/cdn./; print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n"; #rapidshare } elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) { print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n"; } elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) { print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n"; #like porn hub variables url and center part of the path, filename etention 3 or 4 with or withour ? at the end } elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) { print $x . "http://cdn." . $3 . $5 . "\n"; #...spicific servers end here. #general purpose for cdn servers. add above your specific servers. } elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) { print $x . "http://squid-cdn-url//" . $2 . "." . $3 . "\n"; #for yimg.com doubled } elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) { print $x . "http://cdn.yimg.com/" . $3 . "\n"; #for yimg.com with &sig= } elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) { @y = ($1,$2); $y[0] =~ s/[a-z]+[0-9]+/cdn/; $y[1] =~ s/&sig=.*//; print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n"; #generic http://variable.domain.com/path/filename."ext" or "exte" with or withour "?" } elsif (m/^http:\/\/(.*)([^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{3,4})(\?.*)?$/) { @y = ($1,$2,$3,$4); $y[0] =~ s/(([a-zA-A-]+[0-9-]+)|(.*cdn.*)|(.*cache.*))/cdn/; print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n"; # generic http://variable.domain.com/... } elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) { print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 . "\n"; # spicific extention that ends with ? } elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)\?(.*)/) { print $x . "http://" . $1 . "/" . $2 . "." . $3 . "\n"; # all that ends with ; } elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) { print $x . "http://" . $1 . "/" . $2 . "\n"; } else { print $x . $_ . "\n"; } } save as lagi tunning.conf acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\? acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe) acl dontrewrite url_regex redbot\.org \.php acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list storeurl_access allow store_rewrite_list_domain storeurl_access allow store_rewrite_list_path storeurl_access deny all storeurl_rewrite_program /usr/local/squid/etc/storeurl.pl storeurl_rewrite_children 7 storeurl_rewrite_concurrency 0 # 1 year = 525600 mins, 1 month = 43800 mins refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire store-stale refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale #refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern \.(ico|video-stats) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern \.etology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern galleries\.video(\?|sz) 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern brazzers\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern \.adtology\? 129600 999999% 129600 override-expire ignore-reload ignore-no-cache store-stale refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10 refresh_pattern ^.*safebrowsing.*google 129600 999999% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 999999% 129600 override-expire ignore-reload ignore-private store-stale negative-ttl=10080 refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern garena\.com 129600 999999% 129600 override-expire reload-into-ims store-stale refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 override-expire ignore-reload store-stale refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 999999% 129600 ignore-no-cache override-expire override-lastmod store-stale refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 999999% 129600 reload-into-ims override-expire ignore-private store-stale refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 999999% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale # ANTI VIRUS refresh_pattern guru.avg.com/.*\.(bin) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern (avgate|avira).*(idx|gz)$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern kaspersky.*\.avc$ 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern kaspersky 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 999999% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale #images facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale #banner IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale #IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth #All File refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 129600 999999% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 129600 999999% 43200 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims store-stale refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale refresh_pattern . 180 95% 43200 override-lastmod reload-into-ims store-stale global_internal_static off max_stale 10 years retry_on_error on buffered_logs on read_ahead_gap 32 KB header_access Accept-Encoding deny all client_persistent_connections off server_persistent_connections on half_closed_clients off strip_query_terms off quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on #range_offset_limit 50 KB read_timeout 30 minutes client_lifetime 6 hours negative_ttl 30 seconds positive_dns_ttl 6 hours negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 1 minute store_avg_object_size 13 KB log_icp_queries off ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off fqdncache_size 16384 memory_pools off forwarded_for on zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 #cachemgr_passwd none info cachemgr_passwd none all client_db on max_filedescriptors 4096 n_aiops_threads 24 #client_socksize 16 MB load_check_stopen on load_check_stcreate on download_fastest_client_speed on – Buat direktori untuk nampung cache di /cache1, – kemudian ubah permission nya untuk squid – kemudian ubah permission file tunning.conf dan storeurl.pl agar bisa di exekusi [root@lusca-proxy etc]# mkdir /cache1 [root@lusca-proxy etc]# chown squid:squid /cache1 [root@lusca-proxy etc]# chmod 777 tunning.conf storeurl.pl Building cache dir squid [root@lusca-proxy etc]# /usr/local/squid/sbin/squid -z edit localnet pada squid.conf. sesuaikan network client kita : potongan squid.conf [root@lusca-proxy etc]# nano -c squid.conf ....................... #################################################################### # Allow local network(s) on interface(s) # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 7.7.9.0/24 # RFC1918 possible internal network #################################################################### Cek apakah ada config error di squid dan apabila tidak ada error Jalankan squid sebagai daemon root@lusca-proxy etc]# /usr/local/squid/sbin/squid -k parse [root@lusca-proxy etc]# /usr/local/squid/sbin/squid -NDd1 & Testing. Silahkan arahkan browser menggunakan proxy ke server LUSCA dengan port 3128 [root@lusca-proxy etc]# tail -f /cache1/access.log catatan : buat ngecek idup apa ngga di nmap saja liat port nya kebuka atau ngga jika ketemu error Filedescriptors blabla, edit di file [root@lusca-proxy ~]# nano -c /usr/local/squid/etc/storeurl.pl pada bagian paling atas #!/usr/bin/perl5.8.8 <===== edit menjadi "#!/usr/bin/perl" tanpa tanda kutip # by chudy_fernandez@yahoo.com # Updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/D iscussion $|=1; ............................. untuk menjalankan lusca setiap abis restart secara otomatis ketik perintah ini di console [root@lusca-proxy ~]# echo "/usr/local/squid/sbin/squid -NDd1 &" >> /etc/rc.local

Read more »