API tools faq
paste
wandibudiana

proxy

wandibudiana
Sep 19th, 2012
501
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.60 KB | None | 0 0
raw download clone embed print report
  1. Installasi HTPROXY
  2.  
  3. topologinya Squid sejajar client ( ip proxy satu subnet dgn client)
  4.  
  5. MODEM------MT-----Swicth----client
  6. |
  7. Ubuntu 12.04
  8.  
  9.  
  10. LOKAL = 192.168.2.30/24
  11. Client = 192.168.2.2-192.168.2.19
  12. PROXY = 192.168.2.20
  13.  
  14. /ip firewall nat
  15. add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY SEJAJAR" disabled=no dst-port=80 in-interface=Local protocol=tcp src-address=!192.168.2.20 to-addresses=\
  16. 192.168.2.20 to-ports=3128
  17. add action=src-nat chain=srcnat disabled=no out-interface=Local protocol=tcp src-address-list=Local-Address to-addresses=192.168.2.30 to-ports=0-65535
  18.  
  19. /ip firewall address-list add address=192.168.2.1-192.168.2.29 list=Local-Address
  20.  
  21. tolong disesuaikan
  22.  
  23. Ubuntu 12 32 bit
  24. proxy minimal p4 memory 1 G, hardisk 80 G kalo hardisk lebih besar memory harap ditambah
  25.  
  26. ip 192.168.2.20
  27. netmask 255.255.255.0
  28. gateway 192.168.2.30
  29. host = proxy
  30. domain = local.war.net
  31. Memory = 1024 MB; HDD 80 Giga
  32.  
  33. partisi
  34. / root 28 G ext4
  35. /cache-1 30 G ext4
  36. /cache-2 30 G ext4
  37. /cache-3 30 G ext4
  38. SWAP 2 G
  39.  
  40.  
  41. Enable root access
  42. sudo passwd
  43.  
  44. mulai installasi via remote as root
  45.  
  46. tambah repo webmin, dotdeb dan installasi build-essential supaya extract tar.bz2 tidak error
  47. [CODE]
  48. echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
  49. cd /root
  50. wget http://www.dotdeb.org/dotdeb.gpg
  51. cat dotdeb.gpg | apt-key add -
  52. wget http://www.webmin.com/jcameron-key.asc
  53. apt-key add jcameron-key.asc
  54. apt-get update && apt-get install build-essential
  55. [/CODE]
  56.  
  57. Tuning Up
  58.  
  59. Optimalkan file system cache & ubah opsi untuk partisi cache
  60. Disabled fsck (file system check)
  61.  
  62. Angka standart Drive Cache adalah 0 2 ——>> ganti dengan 0 0 (INGAT HANYA DRIVE CACHE)
  63.  
  64. Opsi Directory /cache :
  65. gunakan opsi noatime,barrier=0 0 0
  66.  
  67. nano /etc/sysctl.conf
  68.  
  69. kernel.sysrq = 0
  70. kernel.core_uses_pid = 1
  71. kernel.msgmax = 65536
  72. kernel.msgmnb = 65536
  73. kernel.randomize_va_space = 1
  74. kernel.shmall = 268435456
  75. kernel.shmmax = 268435456
  76. net.core.rmem_default = 524288
  77. net.core.rmem_max = 524288
  78. net.core.wmem_default = 524288
  79. net.core.wmem_max = 524288
  80. net.core.optmem_max = 57344
  81. net.ipv4.ipfrag_high_thresh = 512000
  82. net.ipv4.ipfrag_low_thresh = 446464
  83. net.ipv4.conf.all.accept_redirects = 0
  84. net.ipv4.conf.default.accept_redirects = 0
  85. net.ipv4.conf.all.accept_source_route = 0
  86. net.ipv4.conf.default.accept_source_route = 0
  87. net.ipv4.conf.all.rp_filter = 1
  88. net.ipv4.conf.default.rp_filter = 1
  89. net.ipv4.conf.all.send_redirects = 0
  90. net.ipv4.conf.default.send_redirects = 0
  91. net.ipv4.conf.all.secure_redirects = 0
  92. net.ipv4.conf.default.secure_redirects = 0
  93. net.ipv4.conf.all.log_martians = 0
  94. net.ipv4.conf.default.log_martians = 0
  95. net.ipv4.conf.all.bootp_relay = 0
  96. net.ipv4.conf.all.proxy_arp = 0
  97. net.ipv4.tcp_rmem = 4096 87380 524288
  98. net.ipv4.tcp_wmem = 4096 87380 524288
  99. net.ipv4.tcp_mem = 524288 524288 524288
  100. net.ipv4.tcp_max_tw_buckets = 1440000
  101. net.ipv4.tcp_max_orphans = 1440000
  102. net.ipv4.tcp_tw_recycle = 1
  103. net.ipv4.tcp_tw_reuse = 1
  104. net.ipv4.tcp_rfc1337 = 1
  105. net.ipv4.tcp_fin_timeout = 15
  106. net.ipv4.tcp_keepalive_time = 300
  107. net.ipv4.tcp_keepalive_probes = 5
  108. net.ipv4.tcp_keepalive_intvl = 15
  109. net.ipv4.tcp_dsack = 1
  110. net.ipv4.tcp_sack = 1
  111. net.ipv4.tcp_fack = 1
  112. net.ipv4.tcp_syncookies = 1
  113. net.ipv4.tcp_max_syn_backlog = 2048
  114. net.ipv4.tcp_synack_retries = 2
  115. net.ipv4.tcp_timestamps = 0
  116. net.ipv4.tcp_window_scaling = 1
  117. net.ipv4.ip_forward = 1
  118. net.ipv4.ip_local_port_range = 1024 65535
  119. net.ipv4.ip_no_pmtu_disc = 0
  120. net.ipv4.icmp_echo_ignore_all = 1
  121. net.ipv4.icmp_echo_ignore_broadcasts = 1
  122. net.ipv4.icmp_ignore_bogus_error_responses = 1
  123. net.ipv4.route.flush = 1
  124. vm.swappiness = 15
  125.  
  126. setelah di save,
  127.  
  128. sysctl -p
  129.  
  130. untuk optimalisasi lainnya silahkan cari sendiri
  131.  
  132. Install squid
  133. [CODE]
  134. cd /home
  135. wget http://squid-proxy-pkg.googlecode.com/files/deb-htproxy_14942_i386.tar.bz2
  136. tar xvf deb-htproxy_14942_i386.tar.bz2
  137. dpkg -i *.deb
  138. /etc/init.d/squid stop
  139. [/CODE]
  140.  
  141. pake winscp edit
  142. /etc/squid/squid.conf
  143.  
  144. edit squid.conf sesuai kondisi
  145. kalo saranku sih
  146.  
  147. cache_dir aufs /cache-1 20000 20 256
  148. cache_dir aufs /cache-2 20000 20 256
  149. cache_dir aufs /cache-3 20000 20 256
  150.  
  151. #CONTOH DNS GOOGLE
  152. dns_nameservers 203.130.208.18
  153. dns_nameservers 203.130.193.74
  154. dns_nameservers 203.130.196.5
  155. dns_nameservers 222.124.204.34
  156. dns_nameservers 203.130.196.6
  157. dns_nameservers 208.67.222.222
  158. dns_nameservers 208.67.220.220
  159. dns_nameservers 180.131.144.144
  160. dns_nameservers 180.131.145.145
  161.  
  162. chown proxy:proxy /cache-1 && chmod 777 /cache-1
  163. chown proxy:proxy /cache-2 && chmod 777 /cache-2
  164. chown proxy:proxy /cache-3 && chmod 777 /cache-3
  165. squid -z
  166. squid -f /etc/squid/squid.conf -z && /etc/init.d/squid start
  167.  
  168. Agar proses shutdown dapat langsung dijalankan dengan menekan tombol Power gunakan perintah berikut:
  169. apt-get install acpid
  170.  
  171. iptables -F
  172. iptables -X
  173. iptables -t nat -F
  174. iptables -t nat -X
  175. iptables -t mangle -F
  176. iptables -t mangle -X
  177. iptables -P INPUT ACCEPT
  178. iptables -P OUTPUT ACCEPT
  179. iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 53 -j ACCEPT
  180. iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT
  181. iptables -A INPUT -p tcp -s 192.168.2.0/24 --dport 80 -j ACCEPT
  182. iptables -A INPUT -p tcp -s 192.168.2.0/24 --dport 3128 -j ACCEPT
  183. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
  184. iptables-save -c > /etc/iptables.up.rules
  185.  
  186. apt-get -y install gcc build-essential sharutils ccze libzip-dev automake1.9 make webmin
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!