View difference between Paste ID: <a href="/cc1FYxg1">cc1FYxg1</a> and <a href="/EyWfA5sf">EyWfA5sf</a>

HIT tapi Buffering adalah ciri2 bottleneck, penyebabnya bisa jadi setting bisa juga kinerja PC.untuk
1	-	HIT tapi Buffering adalah ciri2 bottleneck, penyebabnya bisa jadi setting bisa juga kinerja PC.untuk
1	+	Untuk memory 1 G dan HD 120 G saya rasa debian 32 BIT lebih realistik karena ringan dan installasinya cepat (cuma 10 menit) karena tidak perlu akses internet (Saat installasi jangan pasang kabel LAN dan pada saat configure package manager pilih GO Back dan Continue without a network mirrors pilih yes ).
2	-	memory 1 G saya rasa debian 32 BIT lebih realistik karena ringan dan installasinya cepat (cuma 10 menit) karena tidak perlu akses internet (Saat installasi jangan pasang kabel LAN dan pada saat configure package manager pilih GO Back dan Continue without a network mirrors pilih yes ).
2	+
3		link downloadnya:
4		http://kambing.ui.ac.id/iso/debian/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso atau
5		http://napoleon.acc.umu.se/debian-cd/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso
6
7		untuk yang 64
8		http://kambing.ui.ac.id/iso/debian/6.0.5/amd64/iso-cd/debian-6.0.5-amd64-netinst.iso
9
10		Installasi , topologi dan setting Mikrotik
11
12		topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
13
14		MODEM------MT-----Swicth----client
15		\|
16		Debian
17
18
19		Local = 192.168.2.30
20		Client = 192.168.2.1-192.168.2.20
21		PROXY = 192.168.2.22
22
23		add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.22 to-addresses=\
24		192.168.2.22 to-ports=3128
25		add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.30 to-ports=0-65535
26
27		/ip firewall address-list add address=192.168.2.1-192.168.2.21 list=Local-Address
28
29		/ip dns
30		set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \
31		max-udp-packet-size=512 servers="203.130.208.18,203.130.193.74,203.130.196.5, \
32		222.124.204.34,203.130.196.6,208.67.222.222,208.67.220.220,180.131.144.144, \
33		180.131.145.145"
34		/ip dns static
35		add address=192.168.2.22 disabled=no name=proxy.crowded.war.net ttl=1d
36
37
38		ip 192.168.2.22
39		netmask 255.255.255.0
40		gateway 192.168.2.30
41		name server addresses = 192.168.2.30
42		host = proxy
43		domain = crowded.war.net
44
45		partisi
46		/ root 18 G ext4
47	-	/ root 13 G ext4
47	+	/cache-1 50 G ext4
48	-	/cache-1 35 G ext4
48	+	/cache-2 50 G ext4
49	-	/cache-2 35 G ext4
49	+
50	-	/cache-3 35 G ext4
50	+
51		pilihan packet : SSH-Server dan Standart System Utilities
52
53		mulai installasi via remote as root karena di Debian Rootnya sudah langsung aktif saat installasi
54
55		tambah repo webmin dan installasi unbound dan build-essential supaya extract tar.bz2 tidak error
56
57		[CODE]
58		echo deb http://kambing.ui.ac.id/debian/ squeeze main non-free contrib \| tee -a /etc/apt/sources.list
59		echo deb-src http://kambing.ui.ac.id/debian/ squeeze main non-free contrib \| tee -a /etc/apt/sources.list
60		echo deb http://download.webmin.com/download/repository sarge contrib \| tee -a /etc/apt/sources.list
61		cd /root
62		wget http://www.webmin.com/jcameron-key.asc
63		apt-key add jcameron-key.asc
64		apt-get -y update; apt-get -y install unbound build-essential webmin unbound-host
65	-	apt-get -y update && apt-get -y upgrade
65	+
66
67		[CODE]
68		cd /etc/unbound
69	-	apt-get -y install unbound build-essential
69	+
70		unbound-control-setup
71		chown unbound:root unbound_*
72		chmod 440 unbound_*
73		[/CODE]
74
75		nano /etc/unbound/unbound.conf
76		delete isinya ganti dengan
77
78		server:
79		verbosity: 1
80		statistics-interval: 120
81		num-threads: 1
82		interface: 0.0.0.0
83
84		outgoing-range: 512
85		num-queries-per-thread: 1024
86
87		msg-cache-size: 16m
88		rrset-cache-size: 32m
89
90		msg-cache-slabs: 4
91		rrset-cache-slabs: 4
92
93		cache-max-ttl: 86400
94		infra-host-ttl: 60
95		infra-lame-ttl: 120
96
97		infra-cache-numhosts: 10000
98		infra-cache-lame-size: 10k
99
100		do-ip4: yes
101		do-ip6: no
102		do-udp: yes
103		do-tcp: yes
104		do-daemonize: yes
105
106		#access-control: 0.0.0.0/0 allow
107		access-control: 192.168.0.0/16 allow
108		#access-control: 172.16.0.0/12 allow
109		#access-control: 10.0.0.0/8 allow
110		access-control: 127.0.0.0/8 allow
111		access-control: 0.0.0.0/0 refuse
112
113		chroot: "/etc/unbound"
114		username: "unbound"
115		directory: "/etc/unbound"
116		#logfile: "/etc/unbound/unbound.log"
117		#use-syslog: yes
118		logfile: ""
119		use-syslog: no
120		pidfile: "/etc/unbound/unbound.pid"
121		root-hints: "/etc/unbound/named.cache"
122
123		identity: "proxy.crowded.war.net"
124		version: "1.4"
125		hide-identity: yes
126		hide-version: yes
127		harden-glue: yes
128		do-not-query-address: 127.0.0.1/8
129		do-not-query-localhost: yes
130		module-config: "iterator"
131
132		#zone localhost
133		local-zone: "localhost." static
134		local-data: "localhost. 10800 IN NS localhost."
135		local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
136		local-data: "localhost. 10800 IN A 127.0.0.1"
137
138		local-zone: "127.in-addr.arpa." static
139		local-data: "127.in-addr.arpa. 10800 IN NS localhost."
140		local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
141		local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
142
143		#zone crowded.war.net
144		local-zone: "crowded.war.net." static
145		local-data: "crowded.war.net. 86400 IN NS ns.crowded.war.net."
146		local-data: "crowded.war.net. 86400 IN SOA crowded.war.net. hostmaster.crowded.war.net. 3 3600 1200 604800 86400"
147		local-data: "crowded.war.net. 86400 IN A 192.168.2.22"
148		local-data: "www.crowded.war.net. 86400 IN A 192.168.2.22"
149		local-data: "ns.crowded.war.net. 86400 IN A 192.168.2.22"
150
151		local-zone: "2.168.192.in-addr.arpa." static
152		local-data: "2.168.192.in-addr.arpa. 10800 IN NS crowded.war.net."
153		local-data: "2.168.192.in-addr.arpa. 10800 IN SOA crowded.war.net. hostmaster.crowded.war.net. 4 3600 1200 604800 864000"
154		local-data: "22.2.168.192.in-addr.arpa. 10800 IN PTR crowded.war.net."
155
156		forward-zone:
157		name: "."
158		forward-addr: 203.130.208.18
159		forward-addr: 203.130.193.74
160		forward-addr: 203.130.196.5
161		forward-addr: 222.124.204.34
162		forward-addr: 203.130.196.6
163		forward-addr: 208.67.222.222
164		forward-addr: 208.67.220.220
165		forward-addr: 180.131.144.144
166		forward-addr: 180.131.145.145
167
168		remote-control:
169		control-enable: yes
170		control-interface: 127.0.0.1
171		control-port: 953
172		server-key-file: "/etc/unbound/unbound_server.key"
173		server-cert-file: "/etc/unbound/unbound_server.pem"
174		control-key-file: "/etc/unbound/unbound_control.key"
175		control-cert-file: "/etc/unbound/unbound_control.pem"
176
177		save
178
179		rubah resolv.conf
180
181		[CODE]
182		cat > /etc/resolv.conf << "EOF"
183		# Begin /etc/resolv.conf
184		domain proxy.crowded.war.net
185		nameserver 127.0.0.1
186		nameserver 192.168.2.30
187		# End /etc/resolv.conf
188		EOF
189		[/CODE]
190
191		unbound-checkconf /etc/unbound/unbound.conf
192
193		reboot
194
195		Tuning Up
196
197		tune2fs -o journal_data_writeback /dev/sda5
198		tune2fs -o journal_data_writeback /dev/sda6
199
200		Optimalkan file system cache & ubah opsi untuk partisi cache
201		Disabled fsck (file system check)
202
203		Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
204
205		Opsi Directory /cache ubah
206		# /cache-1 was on /dev/sda6 during installation
207		UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 default 0 0
208
209		# /cache-1 was on /dev/sda6 during installation
210		UUID=b11e172f-5b54-474c-92b1-0ae780f85f29 /cache-1 ext4 noatime,errors=remount-ro,nobh,barrier=0,data=writeback 0 0
211
212		nano /etc/sysctl.conf
213
214		kernel.panic = 30
215		kernel.panic_on_oops = 30
216		kernel.sysrq = 0
217		kernel.core_uses_pid = 1
218		kernel.msgmnb = 65536
219		kernel.msgmax = 65536
220		fs.file-max = 65536
221		vm.swappiness = 0
222		vm.vfs_cache_pressure=50
223		vm.mmap_min_addr = 4096
224		vm.overcommit_ratio = 0
225		vm.overcommit_memory = 0
226		kernel.shmmax = 268435456
227		kernel.shmall = 268435456
228		vm.min_free_kbytes = 65536
229		net.ipv6.conf.all.disable_ipv6 = 1
230		net.ipv4.tcp_syncookies = 1
231		net.ipv4.tcp_syn_retries = 5
232		net.ipv4.tcp_synack_retries = 2
233		net.ipv4.tcp_max_syn_backlog = 4096
234		net.ipv4.ip_forward = 0
235		net.ipv4.conf.all.forwarding = 0
236		net.ipv4.conf.default.forwarding = 0
237		net.ipv4.conf.all.accept_source_route = 0
238		net.ipv4.conf.default.accept_source_route = 0
239		net.ipv4.conf.all.rp_filter = 1
240		net.ipv4.conf.default.rp_filter = 1
241		net.ipv4.conf.all.accept_redirects = 0
242		net.ipv4.conf.default.accept_redirects = 0
243		net.ipv4.conf.all.log_martians = 0
244		net.ipv4.conf.default.log_martians = 0
245		net.ipv4.tcp_fin_timeout = 15
246		net.ipv4.tcp_keepalive_time = 300
247		net.ipv4.tcp_keepalive_probes = 5
248		net.ipv4.tcp_keepalive_intvl = 15
249		net.ipv4.conf.all.bootp_relay = 0
250		net.ipv4.conf.all.proxy_arp = 0
251		net.ipv4.tcp_dsack = 1
252		net.ipv4.tcp_sack = 1
253		net.ipv4.tcp_fack = 1
254		net.ipv4.tcp_timestamps = 1
255		net.ipv4.icmp_echo_ignore_all = 0
256		net.ipv4.icmp_echo_ignore_broadcasts = 1
257		net.ipv4.icmp_ignore_bogus_error_responses = 1
258		net.ipv4.ip_local_port_range = 1024 65535
259		net.ipv4.tcp_rfc1337 = 1
260		net.ipv4.tcp_congestion_control = cubic
261		net.ipv4.tcp_window_scaling = 1
262		net.ipv4.tcp_mem = 65536 131072 262144
263		net.ipv4.udp_mem = 65536 131072 262144
264		net.ipv4.tcp_rmem = 8192 87380 16777216
265		net.ipv4.udp_rmem_min = 16384
266		net.core.rmem_default = 87380
267		net.core.rmem_max = 16777216
268		net.ipv4.tcp_wmem = 8192 65536 16777216
269		net.ipv4.udp_wmem_min = 16384
270		net.core.wmem_default = 65536
271		net.core.wmem_max = 16777216
272		net.core.somaxconn = 32768
273		net.core.netdev_max_backlog = 4096
274		net.core.dev_weight = 64
275		net.core.optmem_max = 65536
276		net.ipv4.tcp_max_tw_buckets = 1440000
277		net.ipv4.tcp_tw_recycle = 1
278		net.ipv4.tcp_tw_reuse = 1
279		net.ipv4.tcp_max_orphans = 16384
280		net.ipv4.tcp_orphan_retries = 0
281		net.ipv4.ipfrag_high_thresh = 512000
282		net.ipv4.ipfrag_low_thresh = 446464
283		net.ipv4.tcp_no_metrics_save = 1
284		net.ipv4.tcp_moderate_rcvbuf = 1
285		net.unix.max_dgram_qlen = 50
286		net.ipv4.neigh.default.gc_thresh3 = 2048
287		net.ipv4.neigh.default.gc_thresh2 = 1024
288		net.ipv4.neigh.default.gc_thresh1 = 32
289		net.ipv4.neigh.default.gc_interval = 30
290		net.ipv4.neigh.default.proxy_qlen = 96
291		net.ipv4.neigh.default.unres_qlen = 6
292		net.ipv4.tcp_ecn = 1
293		net.ipv4.tcp_reordering = 3
294		net.ipv4.tcp_retries2 = 15
295		net.ipv4.tcp_retries1 = 3
296
297		setelah di save,
298		sysctl -p
299
300
301		Kurangi TCP TIME_WAIT setting, default value (60 in Debian 6)
302
303		echo 4 > /proc/sys/net/ipv4/tcp_fin_timeout
304
305		ulimit -n 65535 # Sets number of open files for this process and it's children
306
307		nano /etc/profile file and ensure that the file does not contain any commands that set ulimit values.
308		Add the following commands to the end of the /etc/profile file
309
310		ulimit -Hn 65536
311		ulimit -Sn 65535
312
313		echo 65536 > /proc/sys/fs/file-max
314		echo "* soft nofile 65536" >> /etc/security/limits.conf
315		echo "* hard nofile 65536" >> /etc/security/limits.conf
316		echo "root soft nofile 65536" >> /etc/security/limits.conf
317		echo "root hard nofile 65536" >> /etc/security/limits.conf
318		echo "proxy soft nofile 65536" >> /etc/security/limits.conf
319		echo "proxy hard nofile 65536" >> /etc/security/limits.conf
320		echo "session required pam_limits.so" >> /etc/pam.d/common-session
321		modprobe ip_conntrack
322
323		kemudian tambahkan ip_contrack di /etc/modules
324
325		nano /etc/modules
326		tambahkan kalimat berikut baris paling bawah :
327
328		ip_conntrack
329		save
330
331	-	32
331	+
332		32 BIT
333		[CODE]
334		cd /home
335		wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
336		tar xvf deb-htproxy_14942_i386.tar.bz2
337		dpkg -i *.deb
338		/etc/init.d/squid stop
339		[/CODE]
340	-	64
340	+
341		64 BIT
342		[CODE]
343		cd /home
344		wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_x86-64.tar.bz2
345		tar xvf deb-htproxy_14942_x86-64.tar.bz2 && dpkg -i *.deb
346		dpkg -i *.deb
347		/etc/init.d/squid stop
348		[/CODE]
349
350		pake winscp edit
351		/etc/squid/squid.conf
352
353	-	kalo saranku sih
353	+
354
355	-	cache_dir aufs /cache-1 26000 26 256
355	+	cache_dir aufs /cache-1 35000 35 256
356	-	cache_dir aufs /cache-2 26000 26 256
356	+	cache_dir aufs /cache-2 35000 35 256
357	-	cache_dir aufs /cache-3 26000 26 256
357	+
358		#CONTOH DNS GOOGLE
359		dns_nameservers 203.130.208.18
360		dns_nameservers 203.130.193.74
361		dns_nameservers 203.130.196.5
362		dns_nameservers 222.124.204.34
363		dns_nameservers 203.130.196.6
364		dns_nameservers 208.67.222.222
365		dns_nameservers 208.67.220.220
366		dns_nameservers 180.131.144.144
367		dns_nameservers 180.131.145.145
368
369		pilihan lain sebenernya tidak signifikan kalo mau optimalisasi belakangan aja
370
371		chown proxy:proxy /cache-1 && chmod 777 /cache-1
372		chown proxy:proxy /cache-2 && chmod 777 /cache-2
373		squid -z
374	-	chown proxy:proxy /cache-3 && chmod 777 /cache-3
374	+
375
376		iptables -F
377		iptables -X
378		iptables -t nat -F
379		iptables -t nat -X
380		iptables -t mangle -F
381		iptables -t mangle -X
382		iptables -P INPUT ACCEPT
383		iptables -P OUTPUT ACCEPT
384		iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p tcp --dport 53 -j ACCEPT
385		iptables -A INPUT -s 192.168.0.0/16 -m state --state NEW -p udp --dport 53 -j ACCEPT
386		iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT
387		iptables-save -c > /etc/iptables.up.rules