Membangun Mikrotik + Proxy Ubuntu 10.10 Bagian II

Membangun Mikrotik + Proxy Ubuntu Server 10.10 – Bagian 2

06 Mar

Pada Bagian ke 2 ini, kita akan membahas konfigurasi Mikrotik dan Ubuntu. Terlebih dahulu anda harus install
1.Putty : Untuk meremote Ubuntu dengan SSH
2. Winscp : Untuk meremote dan edit script
3. Winbox : untuk meremote Mikrotik.
Setelah 3 software remoter tersebut anda install ikuti langkah-langkah sebagai berikut :
Remote MIkrotik anda dan setting :
IP FIREWALL MANGLE :
0   ;;; PROXY-HIT
chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12
1   ;;; http-conn
chain=prerouting action=mark-connection new-connection-mark=http-conn passthrough=yes protocol=tcp dst-port=80
2   chain=prerouting action=mark-packet new-packet-mark=http passthrough=yes connection-mark=http-conn
3   ;;; https-conn
chain=prerouting action=mark-connection new-connection-mark=https-conn passthrough=yes connection-state=new
protocol=tcp dst-port=443
4   chain=prerouting action=mark-routing new-routing-mark=https passthrough=no connection-mark=https-conn
5   ;;; DNS
chain=prerouting action=mark-connection new-connection-mark=DNS passthrough=yes protocol=udp dst-port=53
6   chain=prerouting action=mark-connection new-connection-mark=DNS passthrough=yes protocol=udp dst-port=53
7   chain=prerouting action=change-dscp new-dscp=12 connection-mark=DNS
8   ;;; DNS Paket
chain=prerouting action=mark-packet new-packet-mark=DNS_PACKET passthrough=no connection-mark=DNS
9   chain=prerouting action=mark-packet new-packet-mark=DNS_PACKET passthrough=yes
10   ;;; YM-Conn
chain=forward action=mark-connection new-connection-mark=YM passthrough=no protocol=tcp dst-port=5050,5100,5051
11   chain=prerouting action=mark-connection new-connection-mark=YM passthrough=yes connection-mark=YM
12   ;;; Winbox
chain=input action=mark-connection new-connection-mark=winbox passthrough=no protocol=tcp dst-port=8291
13   ;;; CHANGE MMS
chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=ether1-gateway
tcp-mss=1441-65535
IP FIREWALL ADDRESS-LIST :
0   ;;; LocalNet
LocalNet                                                            192.168.1.0/24 —-> IP local sesuaikan dengan IP lokal anda
1   ;;; PROXY
ProxyNet                                                                             192.168.11.0/24  –> IP network Proxy
2.    ;;; DMZ
ProxyNet                                                                             192.168.11.0/24  –> IP network Proxy
3 ;;; RAPID
rapidshare                                                                           195.122.131.0/24
4   rapidshare                                                                           208.67.216.0/24
5   rapidshare                                                                           62.67.50.0/24
6   rapidshare                                                                           212.162.2.0/24
7   rapidshare                                                                           62.140.7.0/24
8   rapidshare                                                                           216.34.131.135
9   rapidshare                                                                           195.216.1.0/24
10   rapidshare                                                                           92.242.132.0/24
11   rapidshare                                                                           62.140.10.0/24
12   rapidshare                                                                           80.239.151.0/24
13   DNS                                                                                  202.134.1.10
14   DNS                                                                                  202.134.0.155
15   GAMES                                                                                63.251.101.0/25
16   GAMES                                                                                74.114.8.0/21
QUEUE TYPE:
0 name=”default” kind=pfifo pfifo-limit=50
1 name=”ethernet-default” kind=pfifo pfifo-limit=50
2 name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
3 name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000
4 name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
5 name=”downsteam-pcq” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=20000
6 name=”upstream-pcq” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=20000
7 name=”PING” kind=pfifo pfifo-limit=64
8 name=”game_up” kind=pcq pcq-rate=0 pcq-limit=20
pcq-classifier=dst-address,dst-port pcq-total-limit=500
9 name=”game_dw” kind=pcq pcq-rate=0 pcq-limit=20
QUEUE TREE:
0   name=”TURBO-PROXY” parent=global-out packet-mark=proxy-hit limit-at=0
queue=downsteam-pcq priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s
1   name=”DNS-UP” parent=global-in packet-mark=DNS_PACKET limit-at=0
queue=upstream-pcq priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s
QUEUE SIMPLE :
0    name=”TRAFFICT SHAPPING” dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=packet-intl direction=both priority=1
queue=upstream-pcq/downsteam-pcq limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=5s/5s
total-queue=ethernet-default time=0s-1d,sun,mon,tue,wed,thu,fri,sat
1    name=”BW-MANAGEMENT” target-addresses=IP LOKAL ANDA dst-address=0.0.0.0/0
interface=all parent=TRAFFICT SHAPPING packet=DNS_PACKET direction=both
priority=1 queue=upstream-pcq/downsteam-pcq limit-at=0/0
max-limit=5M/5M burst-limit=5M/5M burst-threshold=5M/5M
burst-time=5s/5s total-queue=default
CATATAN: Setelah berhasil setting ini anda masukkan alokasi bandwith per client/per IP address client dengan parent BW-MANAGEMENT
IP FIREWALL NAT :
0   ;;; PROXY HIT
chain=dstnat action=dst-nat to-addresses=192.168.11.11 to-ports=3128 protocol=tcp src-address=!192.168.11.11
src-address-list=LocalNet dst-address-list=!ProxyNet dst-port=80,8080,3128
connection-mark=http-conn
1   ;;; Added by webbox
chain=srcnat action=masquerade out-interface=ether1-gateway
2   ;;; Proxy Out
chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 125.124.123.122
src-address=IP LOKAL ANDA misalnya 192.168.1.254 (BUKAN IP NETWORK)
4   chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53
5   ;;; SSH
chain=dstnat action=dst-nat to-addresses=192.168.11.11 to-ports=22
protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000
—————————————————————————————————————–
Sampai disini settingan mikrotik sudah selesai, namun client belum bisa browsing, langkah berikutnya adalah meremote ubuntu dengan putty dan  winscp :
OK, pada bagian pertama anda suda mengupdate modul-modul. Penulis tidak membahas kembali, karena dianggap anda sudah berhasil mengisntallasi. Selanjutnya remote Ubuntu dengan putty, buka putty anda, masukkan hostname/ip addressnya 192.168.11.11  (ip ubuntu) atau bisa ip public anda, login sebagai root dan masukkan password nya, kemudian kita compile kernel Ubuntu. Kopikan srcript berikut dengan cara blok smua script, kemudian klik kanan di console Ubuntu, maka otomatis akan running.
================================================================================
../configure –prefix=/usr –exec_prefix=/usr –bindir=/usr/sbin –sbindir=/usr/sbin –libexecdir=/usr/lib/squid –sysconfdir=/etc/squid \
–localstatedir=/var/spool/squid –datadir=/usr/share/squid –enable-http-gzip –enable-async-io=24 –with-aufs-threads=24 –with-pthreads –enable-storeio=aufs \
–enable-linux-netfilter –enable-arp-acl –enable-epoll –enable-removal-policies=heap –with-aio –with-dl –enable-snmp \
–enable-delay-pools –enable-htcp –enable-cache-digests –disable-unlinkd –enable-large-cache-files –with-large-files \
–enable-err-languages=English –enable-default-err-language=English –with-maxfd=65536
===============================================================================
anda tekan enter lalu tunggu beberapa saat proses compiling jika selesai,anda remote Ubuntu dengan winscp, cari folder /ect/squid
terlebih dahulu anda download settingan squid di menu download blog ini atau klik download pelajari dan baca  dengan teliti penempatan file dan konfiugrasi squid.conf
langkah berikutnya
kemudian :
# make
# sudo make install
Edit squid.conf
Stop dulu squid
#sudo /etc/init.d/squid stop
copy file konfigurasi  yang anda download di menu downlod blog ini, tempatkan pada directory nya. jangan salah paste
jgn lupa di :
#sudo chmod +x /etc/init.d/squid
# Memberikan permission pada folder cache
chown proxy:proxy /cache
chmod 777 /cache
chown proxy:proxy /etc/squid/storeurl.pl
chmod 777 /etc/squid/storeurl.pl
• # Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dg perintah :
squid -f /etc/squid/squid.conf -z
• Restart squid.
/etc/init.d/squid restart
kemudian anda coba browsing dari client.
jalan kan perintah : # tail -f /var/log/squid/access.log   enter
jika aksess dari client terlihat di Ubuntu berarti proxy anda sudah berjalan dengan baik.

Sumber : http://tamampapua.wordpress.com/2011/03/06/membangun-mikrotik-proxy-ubuntu-server-10-10-%E2%80%93-bagian-2/

Tidak ada komentar:

Posting Komentar