API tools faq
paste
wandibudiana

crowded

wandibudiana
Sep 21st, 2012
363
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.01 KB | None | 0 0
raw download clone embed print report diff
  1. HIT tapi Buffering adalah ciri2 bottleneck, penyebabnya bisa jadi setting bisa juga kinerja PC.untuk
  2. memory 1 G saya rasa debian 32 BIT lebih realistik karena ringan dan installasinya cepat (cuma 10 menit) karena tidak perlu akses internet (Saat installasi jangan pasang kabel LAN dan pada saat configure package manager pilih GO Back dan Continue without a network mirrors pilih yes ).
  3.  
  4. link downloadnya:
  5. http://kambing.ui.ac.id/iso/debian/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso atau
  6. http://napoleon.acc.umu.se/debian-cd/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso
  7.  
  8. untuk yang 64
  9. http://kambing.ui.ac.id/iso/debian/6.0.5/amd64/iso-cd/debian-6.0.5-amd64-netinst.iso
  10.  
  11. Installasi , topologi dan setting Mikrotik
  12.  
  13. topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
  14.  
  15. MODEM------MT-----Swicth----client
  16. |
  17. Debian
  18.  
  19.  
  20. Local = 192.168.2.30
  21. Client = 192.168.2.1-192.168.2.20
  22. PROXY = 192.168.2.22
  23.  
  24. add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.22 to-addresses=\
  25. 192.168.2.22 to-ports=3128
  26. add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.30 to-ports=0-65535
  27.  
  28. /ip firewall address-list add address=192.168.2.1-192.168.2.21 list=Local-Address
  29.  
  30. /ip dns
  31. set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
  32. max-udp-packet-size=512 servers="203.130.208.18,203.130.193.74,203.130.196.5, \
  33. 222.124.204.34,203.130.196.6,208.67.222.222,208.67.220.220,180.131.144.144, \
  34. 180.131.145.145"
  35. /ip dns static
  36. add address=192.168.2.22 disabled=no name=proxy.crowded.war.net ttl=1d
  37.  
  38.  
  39. ip 192.168.2.22
  40. netmask 255.255.255.0
  41. gateway 192.168.2.30
  42. name server addresses = 192.168.2.30
  43. host = proxy
  44. domain = crowded.war.net
  45.  
  46. partisi
  47. / root 13 G ext4
  48. /cache-1 35 G ext4
  49. /cache-2 35 G ext4
  50. /cache-3 35 G ext4
  51. SWAP 2 G
  52.  
  53. pilihan packet : SSH-Server dan Standart System Utilities
  54.  
  55. mulai installasi via remote as root karena di Debian Rootnya sudah langsung aktif saat installasi
  56.  
  57. tambah repo webmin dan installasi unbound dan build-essential supaya extract tar.bz2 tidak error
  58. [CODE]
  59. echo deb http://kambing.ui.ac.id/debian/ squeeze main non-free contrib | tee -a /etc/apt/sources.list
  60. echo deb-src http://kambing.ui.ac.id/debian/ squeeze main non-free contrib | tee -a /etc/apt/sources.list
  61. echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
  62. cd /root
  63. wget http://www.webmin.com/jcameron-key.asc
  64. apt-key add jcameron-key.asc
  65. apt-get -y update && apt-get -y upgrade
  66. [/CODE]
  67.  
  68. [CODE]
  69. apt-get -y install unbound build-essential
  70.  
  71. cd /etc/unbound
  72. wget ftp://FTP.INTERNIC.NET/domain/named.cache
  73. unbound-control-setup
  74. chown unbound:root unbound_*
  75. chmod 440 unbound_*
  76. [/CODE]
  77.  
  78. nano /etc/unbound/unbound.conf
  79. delete isinya ganti dengan
  80.  
  81. server:
  82. verbosity: 1
  83. statistics-interval: 120
  84. num-threads: 1
  85. interface: 0.0.0.0
  86.  
  87. outgoing-range: 512
  88. num-queries-per-thread: 1024
  89.  
  90. msg-cache-size: 16m
  91. rrset-cache-size: 32m
  92.  
  93. msg-cache-slabs: 4
  94. rrset-cache-slabs: 4
  95.  
  96. cache-max-ttl: 86400
  97. infra-host-ttl: 60
  98. infra-lame-ttl: 120
  99.  
  100. infra-cache-numhosts: 10000
  101. infra-cache-lame-size: 10k
  102.  
  103. do-ip4: yes
  104. do-ip6: no
  105. do-udp: yes
  106. do-tcp: yes
  107. do-daemonize: yes
  108.  
  109. #access-control: 0.0.0.0/0 allow
  110. access-control: 192.168.0.0/16 allow
  111. #access-control: 172.16.0.0/12 allow
  112. #access-control: 10.0.0.0/8 allow
  113. access-control: 127.0.0.0/8 allow
  114. access-control: 0.0.0.0/0 refuse
  115.  
  116. chroot: "/etc/unbound"
  117. username: "unbound"
  118. directory: "/etc/unbound"
  119. #logfile: "/etc/unbound/unbound.log"
  120. #use-syslog: yes
  121. logfile: ""
  122. use-syslog: no
  123. pidfile: "/etc/unbound/unbound.pid"
  124. root-hints: "/etc/unbound/named.cache"
  125.  
  126. identity: "proxy.crowded.war.net"
  127. version: "1.4"
  128. hide-identity: yes
  129. hide-version: yes
  130. harden-glue: yes
  131. do-not-query-address: 127.0.0.1/8
  132. do-not-query-localhost: yes
  133. module-config: "iterator"
  134.  
  135. #zone localhost
  136. local-zone: "localhost." static
  137. local-data: "localhost. 10800 IN NS localhost."
  138. local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
  139. local-data: "localhost. 10800 IN A 127.0.0.1"
  140.  
  141. local-zone: "127.in-addr.arpa." static
  142. local-data: "127.in-addr.arpa. 10800 IN NS localhost."
  143. local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
  144. local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
  145.  
  146. #zone crowded.war.net
  147. local-zone: "crowded.war.net." static
  148. local-data: "crowded.war.net. 86400 IN NS ns.crowded.war.net."
  149. local-data: "crowded.war.net. 86400 IN SOA crowded.war.net. hostmaster.crowded.war.net. 3 3600 1200 604800 86400"
  150. local-data: "crowded.war.net. 86400 IN A 192.168.2.22"
  151. local-data: "www.crowded.war.net. 86400 IN A 192.168.2.22"
  152. local-data: "ns.crowded.war.net. 86400 IN A 192.168.2.22"
  153.  
  154. local-zone: "2.168.192.in-addr.arpa." static
  155. local-data: "2.168.192.in-addr.arpa. 10800 IN NS crowded.war.net."
  156. local-data: "2.168.192.in-addr.arpa. 10800 IN SOA crowded.war.net. hostmaster.crowded.war.net. 4 3600 1200 604800 864000"
  157. local-data: "22.2.168.192.in-addr.arpa. 10800 IN PTR crowded.war.net."
  158.  
  159. forward-zone:
  160. name: "."
  161. forward-addr: 203.130.208.18
  162. forward-addr: 203.130.193.74
  163. forward-addr: 203.130.196.5
  164. forward-addr: 222.124.204.34
  165. forward-addr: 203.130.196.6
  166. forward-addr: 208.67.222.222
  167. forward-addr: 208.67.220.220
  168. forward-addr: 180.131.144.144
  169. forward-addr: 180.131.145.145
  170.  
  171. remote-control:
  172. control-enable: yes
  173. control-interface: 127.0.0.1
  174. control-port: 953
  175. server-key-file: "/etc/unbound/unbound_server.key"
  176. server-cert-file: "/etc/unbound/unbound_server.pem"
  177. control-key-file: "/etc/unbound/unbound_control.key"
  178. control-cert-file: "/etc/unbound/unbound_control.pem"
  179.  
  180. save
  181.  
  182. rubah resolv.conf
  183.  
  184. [CODE]
  185. cat > /etc/resolv.conf << "EOF"
  186. # Begin /etc/resolv.conf
  187. domain proxy.crowded.war.net
  188. nameserver 127.0.0.1
  189. nameserver 192.168.2.30
  190. # End /etc/resolv.conf
  191. EOF
  192. [/CODE]
  193.  
  194. unbound-checkconf /etc/unbound/unbound.conf
  195.  
  196. reboot
  197.  
  198. Tuning Up
  199.  
  200. Optimalkan file system cache & ubah opsi untuk partisi cache
  201. Disabled fsck (file system check)
  202.  
  203. Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
  204.  
  205. Opsi Directory /cache ubah
  206. # /cache-1 was on /dev/sda6 during installation
  207. UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 default 0 0
  208.  
  209. # /cache-1 was on /dev/sda6 during installation
  210. UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 noatime,errors=remount-ro,nobh,barrier=0,data=writeback 0 0
  211.  
  212. nano /etc/sysctl.conf
  213.  
  214. kernel.panic = 30
  215. kernel.panic_on_oops = 30
  216. kernel.sysrq = 0
  217. kernel.core_uses_pid = 1
  218. kernel.msgmnb = 65536
  219. kernel.msgmax = 65536
  220. fs.file-max = 65536
  221. vm.swappiness = 0
  222. vm.vfs_cache_pressure=50
  223. vm.mmap_min_addr = 4096
  224. vm.overcommit_ratio = 0
  225. vm.overcommit_memory = 0
  226. kernel.shmmax = 268435456
  227. kernel.shmall = 268435456
  228. vm.min_free_kbytes = 65536
  229. net.ipv6.conf.all.disable_ipv6 = 1
  230. net.ipv4.tcp_syncookies = 1
  231. net.ipv4.tcp_syn_retries = 5
  232. net.ipv4.tcp_synack_retries = 2
  233. net.ipv4.tcp_max_syn_backlog = 4096
  234. net.ipv4.ip_forward = 0
  235. net.ipv4.conf.all.forwarding = 0
  236. net.ipv4.conf.default.forwarding = 0
  237. net.ipv4.conf.all.accept_source_route = 0
  238. net.ipv4.conf.default.accept_source_route = 0
  239. net.ipv4.conf.all.rp_filter = 1
  240. net.ipv4.conf.default.rp_filter = 1
  241. net.ipv4.conf.all.accept_redirects = 0
  242. net.ipv4.conf.default.accept_redirects = 0
  243. net.ipv4.conf.all.log_martians = 0
  244. net.ipv4.conf.default.log_martians = 0
  245. net.ipv4.tcp_fin_timeout = 15
  246. net.ipv4.tcp_keepalive_time = 300
  247. net.ipv4.tcp_keepalive_probes = 5
  248. net.ipv4.tcp_keepalive_intvl = 15
  249. net.ipv4.conf.all.bootp_relay = 0
  250. net.ipv4.conf.all.proxy_arp = 0
  251. net.ipv4.tcp_dsack = 1
  252. net.ipv4.tcp_sack = 1
  253. net.ipv4.tcp_fack = 1
  254. net.ipv4.tcp_timestamps = 1
  255. net.ipv4.icmp_echo_ignore_all = 0
  256. net.ipv4.icmp_echo_ignore_broadcasts = 1
  257. net.ipv4.icmp_ignore_bogus_error_responses = 1
  258. net.ipv4.ip_local_port_range = 1024 65535
  259. net.ipv4.tcp_rfc1337 = 1
  260. net.ipv4.tcp_congestion_control = cubic
  261. net.ipv4.tcp_window_scaling = 1
  262. net.ipv4.tcp_mem = 65536 131072 262144
  263. net.ipv4.udp_mem = 65536 131072 262144
  264. net.ipv4.tcp_rmem = 8192 87380 16777216
  265. net.ipv4.udp_rmem_min = 16384
  266. net.core.rmem_default = 87380
  267. net.core.rmem_max = 16777216
  268. net.ipv4.tcp_wmem = 8192 65536 16777216
  269. net.ipv4.udp_wmem_min = 16384
  270. net.core.wmem_default = 65536
  271. net.core.wmem_max = 16777216
  272. net.core.somaxconn = 32768
  273. net.core.netdev_max_backlog = 4096
  274. net.core.dev_weight = 64
  275. net.core.optmem_max = 65536
  276. net.ipv4.tcp_max_tw_buckets = 1440000
  277. net.ipv4.tcp_tw_recycle = 1
  278. net.ipv4.tcp_tw_reuse = 1
  279. net.ipv4.tcp_max_orphans = 16384
  280. net.ipv4.tcp_orphan_retries = 0
  281. net.ipv4.ipfrag_high_thresh = 512000
  282. net.ipv4.ipfrag_low_thresh = 446464
  283. net.ipv4.tcp_no_metrics_save = 1
  284. net.ipv4.tcp_moderate_rcvbuf = 1
  285. net.unix.max_dgram_qlen = 50
  286. net.ipv4.neigh.default.gc_thresh3 = 2048
  287. net.ipv4.neigh.default.gc_thresh2 = 1024
  288. net.ipv4.neigh.default.gc_thresh1 = 32
  289. net.ipv4.neigh.default.gc_interval = 30
  290. net.ipv4.neigh.default.proxy_qlen = 96
  291. net.ipv4.neigh.default.unres_qlen = 6
  292. net.ipv4.tcp_ecn = 1
  293. net.ipv4.tcp_reordering = 3
  294. net.ipv4.tcp_retries2 = 15
  295. net.ipv4.tcp_retries1 = 3
  296.  
  297. setelah di save,
  298. sysctl -p
  299.  
  300.  
  301. Kurangi TCP TIME_WAIT setting, default value (60 in Debian 6)
  302.  
  303. echo 4 > /proc/sys/net/ipv4/tcp_fin_timeout
  304.  
  305. ulimit -n 65535 # Sets number of open files for this process and it's children
  306.  
  307. nano /etc/profile file and ensure that the file does not contain any commands that set ulimit values.
  308. Add the following commands to the end of the /etc/profile file
  309.  
  310. ulimit -Hn 65536
  311. ulimit -Sn 65535
  312.  
  313. echo 65536 > /proc/sys/fs/file-max
  314. echo "* soft nofile 65536" >> /etc/security/limits.conf
  315. echo "* hard nofile 65536" >> /etc/security/limits.conf
  316. echo "root soft nofile 65536" >> /etc/security/limits.conf
  317. echo "root hard nofile 65536" >> /etc/security/limits.conf
  318. echo "proxy soft nofile 65536" >> /etc/security/limits.conf
  319. echo "proxy hard nofile 65536" >> /etc/security/limits.conf
  320. echo "session required pam_limits.so" >> /etc/pam.d/common-session
  321. modprobe ip_conntrack
  322.  
  323. kemudian tambahkan ip_contrack di /etc/modules
  324. nano /etc/modules
  325. tambahkan kalimat berikut baris paling bawah :
  326.  
  327. ip_conntrack
  328. save
  329.  
  330. Install squid
  331. 32
  332. [CODE]
  333. cd /home
  334. wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
  335. tar xvf deb-htproxy_14942_i386.tar.bz2
  336. dpkg -i *.deb
  337. /etc/init.d/squid stop
  338. [/CODE]
  339.  
  340. 64
  341. [CODE]
  342. cd /home
  343. wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
  344. tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
  345. dpkg -i *.deb
  346. /etc/init.d/squid stop
  347. [/CODE]
  348.  
  349. pake winscp edit
  350. /etc/squid/squid.conf
  351.  
  352. edit squid.conf sesuai kondisi
  353. kalo saranku sih
  354.  
  355. cache_dir aufs /cache-1 26000 26 256
  356. cache_dir aufs /cache-2 26000 26 256
  357. cache_dir aufs /cache-3 26000 26 256
  358.  
  359. #CONTOH DNS GOOGLE
  360. dns_nameservers 203.130.208.18
  361. dns_nameservers 203.130.193.74
  362. dns_nameservers 203.130.196.5
  363. dns_nameservers 222.124.204.34
  364. dns_nameservers 203.130.196.6
  365. dns_nameservers 208.67.222.222
  366. dns_nameservers 208.67.220.220
  367. dns_nameservers 180.131.144.144
  368. dns_nameservers 180.131.145.145
  369.  
  370. pilihan lain sebenernya tidak signifikan kalo mau optimalisasi belakangan aja
  371.  
  372. chown proxy:proxy /cache-1 && chmod 777 /cache-1
  373. chown proxy:proxy /cache-2 && chmod 777 /cache-2
  374. chown proxy:proxy /cache-3 && chmod 777 /cache-3
  375. squid -z
  376. squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
  377.  
  378. iptables -F
  379. iptables -X
  380. iptables -t nat -F
  381. iptables -t nat -X
  382. iptables -t mangle -F
  383. iptables -t mangle -X
  384. iptables -P INPUT ACCEPT
  385. iptables -P OUTPUT ACCEPT
  386. iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 53 -j ACCEPT
  387. iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p udp --dport 53 -j ACCEPT
  388. iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT
  389. iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport 3128 -j ACCEPT
  390. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
  391. iptables-save -c > /etc/iptables.up.rules
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!