Tutorial Membuat Proxy Server + Mikrotik

Program Yang Dibutuhkan adalah Mikrotik + Squid box topologi jaringan adalah sebagai berikut : inet -- cisco --hub -- Squid (slackware) -- mikrotik (bw managr) -- client ......................| ......................| ......................|-- server lain nya IP ADDRESS SESUAIKAN DENGAN YANG DI MILIKI blok ip yang di dapat adalah : 202.152.100.0/24 syarat dasar pemahaman : 1. ip subnetting 2. perintah dasar linux 3. perintah dasar mikrotik Langkah2... 1. Liat ip address cisco nya (asumsi menggunakan FO) ip address cisco s0/0 202.152.30.1 netmask 255.255.255.252 gateway 202.152.30.2 (biasanya di dapat dari ISP yang di atas isp kita) 2. Memecah blok ip address yang kita dapat : sebelum blok ip address yang kita miliki kita gunakan ada baik nya di pecah dulu. pada contoh berikut akan saya berikan untuk di bagi menjadi 2. BLOK IP SERVER dan blok ip CLIENT. BLOK IP SERVER2 : network : 202.152.100.0/28 ip yang dapat di gunakan :202.152.100.1 - 202.152.100.14 broadcast : 202.152.100.15 BLOK IP CLIENT : selain yang di atas adalah ip yang dapat di gunakan untuk client. 3. SET IP ETHERNET CISCO set ip cisco ethernet0/0 ip address : 202.152.100.1 netmask 255.255.255.240 4. setting Proxy server + TUNE UP : Linux yang di gunakan adalah SLACKWARE 9 dapat di download di : http://mirror.vip.net.id/pub/slackware/ yang di gunakan adalah : komputer P4 HARD DISK 40 G seagate baracuda 7200 rpm 3 keping dengan RAM 2 G keping hardisk pertama di mount ke / keping hardisk ke 2 di mount ke /cache1 keping hard disk ke 3 di mount ke /cache2 setelah di install isikan ip address berikut : interface eth0 ip address : 202.152.100.2 netmask 255.255.255.240 gateway 202.152.100.1 Interface eth1 ip address : 202.152.100.17 netmask 255.255.255.252 setelah itu ... buka file : type.h root@proxy:~# vi /usr/include/bits/types.h edit bagian ini : #define __FD_SETSIZE 1024 jadi seperti ini #define __FD_SETSIZE 8192 ==> kemudian keluar dari VI EDITOR kemudian ketik perintah ini : root@proxy:~# ulimit -HSn 8192 kemudian download squid 2.5.STABLE9 dari sini : wget http://202.154.183.7/squid-2.5.STABLE9.tar.gz simpan di direktori /usr/local/src ekstrak dengan perintah : tar -zxvf squid-2.5.STABLE9.tar.gz masuk kedirektori squid ketik perintah berikut ini : ./configure \ --prefix=/opt/squid \ --exec-prefix=/opt/squid \ --enable-gnuregex \ --enable-async-io=30 \ --with-aufs-threads=30 \ --with-pthreads \ --with-aio \ --with-dl \ --enable-storeio=aufs \ --enable-removal-policies=heap \ --enable-icmp \ --disable-wccp \ --enable-snmp \ --enable-cache-digests \ --enable-default-err-languages=English \ --enable-err-languages=English \ --enable-linux-netfilter \ --disable-ident-lookups \ --disable-hostname-checks \ --enable-underscores karena udah ada mikrotik untuk bw management tidak di perlukan lagi delay pool. Konfigurasi ini adalah untuk komputer dengan spek seperti berikut : HARDISK 3 keping 40 G seagate baracuda 7200 rpm, RAM 2 G 2 keping hard disk untuk cache, 1 keping untuk system. apabila menggunakan hard disk scsi --enable-async-io=30 --with-aufs-threads=30 bisa di naekkan jadi 32. ==> selesai install squid. semua file squid akan terletak di direktori /opt/squid setelah itu gunakan squid.conf di bawah ini : Code: http_port 8080 acl youtube dstdomain .youtube.com no_cache allow youtube hierarchy_stoplist cgi-bin ? localhost .js .jsp .friendster.com acl QUERY urlpath_regex cgi-bin \? localhost .friendster.com no_cache deny QUERY cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_mem 6 MB cache_dir aufs /cache1 8000 13 256 cache_dir aufs /cache2 8000 13 256 cache_swap_low 98 cache_swap_high 99 cache_access_log /cache1/access.log cache_log /dev/null cache_store_log none mime_table /opt/squid/etc/mime.conf pid_filename /var/run/squid.pid client_netmask 255.255.255.0 refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod redirect_rewrites_host_header off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localnet src 202.152.100.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 8443 563 777 acl Safe_ports port 25 80 81 110 443 563 6667 7000 777 210 119 70 21 1025-65535 acl Safe_ports port 280 6668 6669 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl lewat dst_as 4622 4761 4787 4795 4796 4855 4800 7587 7597 7713 9326 9340 9448 9657 9791 9794 9875 9905 9228 9251 10114 10137 10208 10217 17440 17450 17451 17538 17658 17671 17670 17725 17727 17769 4832 4833 17817 17884 17907 17910 17922 17800 10220 17974 17826 17885 18052 18056 18059 7632 4821 18103 17996 18004 18153 18156 18189 18237 18251 18347 3583 3382 4382 4434 18364 18365 18379 9341 9785 18393 17995 23651 23666 23671 23679 23691 23756 23945 24052 24057 24194 always_direct allow lewat always_direct deny all #header_access Accept-Encoding deny all acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny CONNECT httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on http_access deny all maximum_object_size 128 MB maximum_object_size_in_memory 8 KB ipcache_size 4096 ipcache_low 98 ipcache_high 99 quick_abort_min 0 quick_abort_max 0 quick_abort_pct 75 fqdncache_size 4096 shutdown_lifetime 10 seconds cache_mgr hendraarif@yahoo.com cache_effective_user squid cache_effective_group squid memory_pools off buffered_logs off log_icp_queries off logfile_rotate 1 log_fqdn off forwarded_for off icp_hit_stale on query_icmp on reload_into_ims on emulate_httpd_log off negative_ttl 2 minutes pipeline_prefetch on vary_ignore_expire on half_closed_clients off high_page_fault_warning 2 visible_hostname proxy@dodol.org nonhierarchical_direct on prefer_direct off perhatikan ip address yang di izinkan. sesuaikan dengan ip yang di gunakan. perhatikan juga penggunaan cache direktori. maksimal untuk 1 keping adalah 18 Giga. setelah itu tambahkan user squid di linux : root@proxy:~# useradd squid tambahkan juga group squid root@proxy:~# groupadd squid bentuk direktori cache di squid : root@proxy:~# /opt/squid/sbin/squid -z ketik perintah ini sekali lagi : root@proxy:~# ulimit -HSn 8192 kemudian jalankan squid dengan perintah : root@proxy:~# /opt/squid/sbin/squid -DY & ================================================== ============== okeee.. kita lanjut : 5. Setting mikrotik : masukin ip address ether 1 : /ip address add address=202.152.100.18/30 interface=ether1 karena seluruh ip yang di gunakan adalah ip public maka perlu subnetting di pisah-pisah : masukin ip address untuk pasangan ip client : misalkan ip client adalah 202.152.100.22 maka yang di masukkan di mikrotik ethr2 adalah 202.152.100.21/30 demikian pula untuk pasangan ip client2 yang lain. /ip address add address=202.152.100.21/30 interface=ether2 untuk lebih jelasnya dapat di liat pada tablel berikut : Code: network first avail last avail broadcast 202.152.100.20 202.152.100.21 202.152.100.22 202.152.100.23 202.152.100.24 202.152.100.25 202.152.100.26 202.152.100.27 202.152.100.28 202.152.100.29 202.152.100.30 202.152.100.31 202.152.100.32 202.152.100.33 202.152.100.34 202.152.100.35 202.152.100.36 202.152.100.37 202.152.100.38 202.152.100.39 202.152.100.40 202.152.100.41 202.152.100.42 202.152.100.43 202.152.100.44 202.152.100.45 202.152.100.46 202.152.100.47 202.152.100.48 202.152.100.49 202.152.100.50 202.152.100.51 202.152.100.52 202.152.100.53 202.152.100.54 202.152.100.55 202.152.100.56 202.152.100.57 202.152.100.58 202.152.100.59 202.152.100.60 202.152.100.61 202.152.100.62 202.152.100.63 202.152.100.64 202.152.100.65 202.152.100.66 202.152.100.67 202.152.100.68 202.152.100.69 202.152.100.70 202.152.100.71 202.152.100.72 202.152.100.73 202.152.100.74 202.152.100.75 202.152.100.76 202.152.100.77 202.152.100.78 202.152.100.79 202.152.100.80 202.152.100.81 202.152.100.82 202.152.100.83 202.152.100.84 202.152.100.85 202.152.100.86 202.152.100.87 202.152.100.88 202.152.100.89 202.152.100.90 202.152.100.91 202.152.100.92 202.152.100.93 202.152.100.94 202.152.100.95 202.152.100.96 202.152.100.97 202.152.100.98 202.152.100.99 202.152.100.100 202.152.100.101 202.152.100.102 202.152.100.103 202.152.100.104 202.152.100.105 202.152.100.106 202.152.100.107 202.152.100.108 202.152.100.109 202.152.100.110 202.152.100.111 202.152.100.112 202.152.100.113 202.152.100.114 202.152.100.115 202.152.100.116 202.152.100.117 202.152.100.118 202.152.100.119 202.152.100.120 202.152.100.121 202.152.100.122 202.152.100.123 202.152.100.124 202.152.100.125 202.152.100.126 202.152.100.127 202.152.100.128 202.152.100.129 202.152.100.130 202.152.100.131 202.152.100.132 202.152.100.133 202.152.100.134 202.152.100.135 202.152.100.136 202.152.100.137 202.152.100.138 202.152.100.139 202.152.100.140 202.152.100.141 202.152.100.142 202.152.100.143 202.152.100.144 202.152.100.145 202.152.100.146 202.152.100.147 202.152.100.148 202.152.100.149 202.152.100.150 202.152.100.151 202.152.100.152 202.152.100.153 202.152.100.154 202.152.100.155 202.152.100.156 202.152.100.157 202.152.100.158 202.152.100.159 202.152.100.160 202.152.100.161 202.152.100.162 202.152.100.163 202.152.100.164 202.152.100.165 202.152.100.166 202.152.100.167 202.152.100.168 202.152.100.169 202.152.100.170 202.152.100.171 202.152.100.172 202.152.100.173 202.152.100.174 202.152.100.175 202.152.100.176 202.152.100.177 202.152.100.178 202.152.100.179 202.152.100.180 202.152.100.181 202.152.100.182 202.152.100.183 202.152.100.184 202.152.100.185 202.152.100.186 202.152.100.187 202.152.100.188 202.152.100.189 202.152.100.190 202.152.100.191 202.152.100.192 202.152.100.193 202.152.100.194 202.152.100.195 202.152.100.196 202.152.100.197 202.152.100.198 202.152.100.199 202.152.100.200 202.152.100.201 202.152.100.202 202.152.100.203 202.152.100.204 202.152.100.205 202.152.100.206 202.152.100.207 202.152.100.208 202.152.100.209 202.152.100.210 202.152.100.211 202.152.100.212 202.152.100.213 202.152.100.214 202.152.100.215 202.152.100.216 202.152.100.217 202.152.100.218 202.152.100.219 202.152.100.220 202.152.100.221 202.152.100.222 202.152.100.223 202.152.100.224 202.152.100.225 202.152.100.226 202.152.100.227 202.152.100.228 202.152.100.229 202.152.100.230 202.152.100.231 202.152.100.232 202.152.100.233 202.152.100.234 202.152.100.235 202.152.100.236 202.152.100.237 202.152.100.238 202.152.100.239 202.152.100.240 202.152.100.241 202.152.100.242 202.152.100.243 202.152.100.244 202.152.100.245 202.152.100.246 202.152.100.247 202.152.100.248 202.152.100.249 202.152.100.250 202.152.100.251 202.152.100.252 202.152.100.253 202.152.100.254 202.152.100.255 kemudian masukan gateway nya ke arah proxy : /route add gateway=202.152.100.17 atur route di proxy agar mengizinkan network end mikrotik dapat lewat : route add -net 202.152.100.20/30 gateway 202.152.100.18 selesai urusan ip address... 6. dapat di uji coba client menggunakan ip address : 202.152.100.22 netmask 255.255.255.252 gateway 202.152.100.21 karena menggunakan subnetting selain ip address 22 tidak akan dapat melewati router mikrotik yang di buat 7. iptables di proxy semua traffic harus di paksa lewat proxy server yang kita buat dengan perintah : Code: iptables -A PREROUTING -t nat -p tcp -s 202.152.100.0/24 -i eth2 -d \! 202.152.100.0/24 --dport 80 -j REDIRECT --to 8080 9. DNS SERVER jalankan dns server yang telah ada secara defaul di slackware dengan perintah : root@proxy:~# named -d1 tinggal masukin di /etc/resolv.conf nameserver 127.0.0.1 dan seluruh client pake dns ip 202.152.100.17 TANPA NAT/MASQUERADE .................. ip public terdistribusi ke client