Proxy Transparent dengan Squid di Ubuntu

2 November 2010 at 1:35 PM 2 komentar

1. Pertama yang dilakukan install squid
# apt-get install squid

2. Lakukan edit file squid.conf
# nano /etc/squid/squid.conf

##### start squid.conf #####

http_port 3128 transparent
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
hosts_file /etc/hosts
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
cache_swap_low 80%
cache_swap_high 100%
maximum_object_size 20 MB
minimum_object_size 16 KB
maximum_object_size_in_memory 128 KB

logfile_rotate 7
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /cache 60000 25 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
negative_ttl 2 minutes
emulate_httpd_log on
log_ip_on_direct on
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.0
ftp_user smanis@proxy.sman1jetis-bantul.sch.id
ftp_passive on
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
diskd_program /usr/bin/diskd
unlinkd_program /usr/bin/unlink
redirect_rewrites_host_header on
request_header_max_size 10 KB
request_body_max_size 0 MB
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern        \.(gif|jpg|jpeg)$        600 80% 86400
refresh_pattern        \.(xbm|xpm|ico|tiff)$        600 80% 86400
refresh_pattern        \.(au|snd|wav|ra|mid)$        600 80% 86400
refresh_pattern        \.(qt|mov|avi|mpeg)$        600 80% 86400
refresh_pattern        \.(iv|wrl|vrml)$        600 80% 86400
refresh_pattern        \.(Z|gz)$            600 80% 86400
refresh_pattern        \.(hqx|bin)$            600 80% 86400
refresh_pattern        \.(tar|zip)$            600 80% 86400
refresh_pattern        ^http://            30 50% 86400
refresh_pattern        ^ftp://                30 50% 86400
refresh_pattern        .                30 30% 43200

quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
negative_ttl 1 minutes
range_offset_limit 0 KB
half_closed_clients off
shutdown_lifetime 30 seconds

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl clients_lan src 192.168.10.0/255.255.255.0 # lokal net
acl SSL_ports port 443 563

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl download_file url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov

http_access allow manager localhost to_localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow clients_lan
icp_access allow clients_lan

icp_access deny all
http_access deny all

delay_pools 2
delay_class 1 1
delay_parameters 1 -1/-1 16000/64000
delay_access 1 allow clients_lan
delay_access 1 deny all

delay_class 2 1
delay_parameters 2 4000/4000
delay_access 2 allow download_file
delay_access 2 deny all

cache_mgr pinguisman@yahoo.com
cache_effective_user proxy
cache_effective_group proxy
visible_hostname proxy.aku.net
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims on
ie_refresh off
##### End squid.conf ####

3. Untuk redirect ke transparant proxy port3128 menggunakan perintah (tulis di rc.local agar setiap restart tidak perlu untuk melakukan perintah sendiri)

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.10.2 -p tcp --dport 80 -j DNAT --to 192.168.10.2:3128
#iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -d 192.168.10.2 -j SNAT --to 192.168.1.1
#iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.2 -i eth0 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT
#iptables -A FORWARD -d 192.168.10.0/24 -s 192.168.10.2 -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT

4. Buat directory /cache sesuai dengan setingan di squid.conf

5. #squid -D

6. #chown -R proxy:proxy /cache

7. #squid -Z

8.  /etc/init.d/squid start|restart

semoga berhasil

Entry filed under: Linux. Tags: .

SquidGuard Ubuntu Software UPS APC Ubuntu/Linux

2 Komentar Add your own

  • 1. l3nth03x  |  27 Maret 2011 pukul 7:45 PM

    cache_dir ufs /cache 60000 25 256

    gimana itungannya ??? gak bikin bottleneck tuh ???

    (((x / y) / 256) / 256) * 2

    (((60000000 / 13) / 256) / 256) x 2 = 140,8 di bulatin jadi 140

    seharusnya cache_dir aufs /cache 60000 140 256

    untuk ubuntu lebih baik gunakan aufs daripada ufs

    salam satu jiwa

    Balas
    • 2. pinguisman  |  27 September 2011 pukul 12:06 PM

      Mohon maaf jika ada kesalahan… kalo ga dikasih gitu nanti ga ada yang belajar (cuma CoPas).. hehehe..

      Balas

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Statistik

  • 5,603 hits

Flag Counter

free counters

%d blogger menyukai ini: