Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- squid 3.4.2 Release Date 2014-01-03
- nemu link squid beda tgl x aj berhasil tanpa bug..
- HARAP DI TELITI DENGAN BENAR AGAR SUPAYA TIDAK TERJADI MASALAH MASALAH ERROR
- sebelumnya dicompile dulu yg lama..
- caranya :
- buang squid/lusca yang terinstall.
- apt-get purge squid squid-common squid-cgi
- apt-get purge squid
- apt-get autoremove
- buang juga
- rm -rf /etc/squid {dihapus atau di backup}
- rm -f /usr/sbin/squid
- buang cache dan hapus log
- rm -rf /cache <<sesuai folder yg d buat pertama buat cache
- rm -rf /var/log/squid/
- update paket ubuntu sperti biasanya
- setelah itu download squidnya yg di bawah ini
- wget https://olex-secure.openlogic.com/content/openlogic/squid-cache/3.4.2/squid-3.4.2.tar.gz
- compile berikut tidak ada jebakan sama sekali dan non cflags....
- ./configure --prefix=/usr --bindir=/usr/bin \
- --sbindir=/usr/sbin --libexecdir=/usr/lib/squid \
- --sysconfdir=/etc --sysconfdir=/etc/squid \
- --localstatedir=/var --includedir=/usr/include \
- --datadir=/usr/share/squid --infodir=/usr/share/info \
- --mandir=/usr/share/man --srcdir=. --disable-dependency-tracking \
- --disable-strict-error-checking --enable-storeio=ufs,aufs,diskd \
- --enable-removal-policies=lru,heap --enable-icmp --disable-wccp \
- --disable-wccpv2 --enable-kill-parent-hack \
- --disable-snmp --enable-cachemgr-hostname=proxy \
- --enable-ssl --enable-cache-digests --disable-select \
- --enable-http-violations --enable-linux-netfilter \
- --enable-follow-x-forwarded-for --disable-ident-lookups \
- --enable-ssl-crtd --disable-auth-basic --enable-x-accelerator-vary \
- --enable-zph-qos --with-default-user=proxy --with-logdir=/var/log/squid \
- --with-pidfile=/var/run/squid.pid --with-swapdir=/var/spool/squid \
- --with-aufs-threads=35 --with-large-files \
- --enable-ltdl-convenience --with-filedescriptors=65536
- selanjutnya stelah compile selesai...
- make (tunggu sampai selesai dulu...)
- lanjut...
- make install
- setelah selesai
- buat cert ssl
- cd /etc/squid
- mkdir ssl_cert
- cd ssl_cert
- openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
- openssl x509 -in myCA.pem -outform DER -out myCA.der
- cd
- mkdir /var/squid
- cd /var/squid
- mkdir ssl_db
- cd
- chown -R nobody /var/squid/ssl_db
- /usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
- chown -R proxy:proxy /var/squid/ssl_db
- setelah buat cert selesai
- buat permission antara lain :
- chown -R proxy:proxy /etc/squid
- chmod -R 777 /etc/squid
- chown -R proxy:proxy /var/log/squid
- chmod -R 777 /var/log/squid
- chown -R proxy:proxy /var/squid
- chmod -R 777 /var/squid
- copaz script mangle di bawah ini ke rc.local setelah exit 0
- modprobe xt_TPROXY
- modprobe xt_socket
- modprobe nf_tproxy_core
- modprobe xt_mark
- modprobe nf_nat
- modprobe nf_conntrack_ipv4
- modprobe nf_conntrack
- modprobe nf_defrag_ipv4
- modprobe ipt_REDIRECT
- modprobe iptable_nat
- iptables -t mangle -F
- iptables -t mangle -X
- iptables -t mangle -N DIVERT
- iptables -t mangle -A DIVERT -j MARK --set-mark 1
- iptables -t mangle -A DIVERT -j ACCEPT
- iptables -t mangle -A INPUT -j ACCEPT
- iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
- iptables -t mangle -A PREROUTING ! -d xxx.xxx.xxx.x/24 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
- iptables -t mangle -A PREROUTING ! -d xxx.xxx.xxx.x/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
- /sbin/ip rule add fwmark 1 lookup 100
- /sbin/ip route add local 0.0.0.0/0 dev lo table 100
- echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
- echo 1 > /proc/sys/net/ipv4/ip_forward
- Mangle Routing TPROXY SESUAIKAN DGN IP PROXY
- HARAP JGN LANGSUNG COPAS BUAT MANUAL SJ
- ------------------------------------------------
- /ip firewall mangle
- add action=mark-routing chain=prerouting comment="TPROXY" disabled=no dst-port=80,443 in-interface=Lan new-routing-mark=TPROXY-M passthrough=no \
- protocol=tcp dst-address=!XXX.XXX.XXX.XXX
- add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=eproxy new-connection-mark=TPROXY-T passthrough=yes protocol=tcp \
- src-address=!XXX.XXX.XXX.XXX
- add action=mark-routing chain=prerouting connection-mark=TPROXY-T disabled=yes in-interface=!proxy new-routing-mark=TPROXY-M passthrough=no
- /ip route
- add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.XXX.XXX.XXX routing-mark=TPROXY-M scope=30 target-scope=10
- CATATAN DI MIKROTIK IP FIREWALL
- MANGLE MANGLE LAIN LAINNYA DI DISABLE SEMUA DULU KECUALI 3 TPROXY
- AGAR SUPAYA LEBIH ENAK DALAM PENGECEKAN TPROXY
- DAN JUGA BILA ADDON HTTPS EVERYWARE MASIH NEMPEL MAUPUN REGEX007 DI BUANG ALIAS DI HAPUS
- SUPAYA TIDAK TERJADI ERORR ATAU LAIN SEBAGAINYA..
- cek squid di terminal
- Jika sudah semuanya proses selesai kemudian stop dulu servisnya
- agar kita bisa membuat cache_dir
- /etc/init.d/squid stop
- Cek apakah ada configurasi yang error dengan perintah
- squid -k parse
- squid -k reconfigure
- Membuat folder-folder swap dan cache di dalam folder /cache yang telah ditentukan dg perintah
- squid -f /etc/squid/squid.conf -z
- Jika sudah oke, jalankan servicesnya
- /etc/init.d/squid restart
- atau
- squid -NDd1
- reboot squidnya..
- cek iptables dgn perintah
- iptables -L -t mangle
- Jika ada penampakan seperti di bawah ini artinya sudah jalan:
- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- DIVERT tcp -- anywhere anywhere socket
- TPROXY tcp -- anywhere !localnet/24 tcp dpt:http TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1
- TPROXY tcp -- anywhere !localnet/24 tcp dpt:https TPROXY redirect 0.0.0.0:3127 mark 0x1/0x1
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- Chain DIVERT (1 references)
- target prot opt source destination
- MARK all -- anywhere anywhere MARK set 0x1
- ACCEPT all -- anywhere anywhere
- Cek apakah squid sudah berjalan dengan perintah :
- ps ax | grep squid
- Jika ada penampakan seperti di bawah ini artinya sudah jalan:
- 7109 pts/0 T 0:00 tail -f /var/log/squid/access.log
- 28201 ? Ss 0:00 /usr/sbin/squid -YC -f /etc/squid/squid.conf
- 28205 ? Sl 5:26 (squid-1) -YC -f /etc/squid/squid.conf
- 28206 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
- 28207 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
- 28208 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
- 28209 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
- 28210 ? S 0:00 (ssl_crtd) -s /var/squid/ssl_db/certs/ -M 4MB -b 4096
- 28211 ? S 0:07 /usr/bin/perl /etc/squid/store-id.pl
- 28212 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28213 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28214 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28215 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28216 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28217 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28218 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28219 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 28220 ? S 0:00 /usr/bin/perl /etc/squid/store-id.pl
- 29036 pts/0 S+ 0:00 grep --color=auto squid
- setelah semuanya berjalan normal tanpa error
- cek log accesss
- tail -f /var/log/squid/access.log | grep HIT | ccze
- tail -f /var/log/squid/access.log | grep TCP_HIT
- tail -f /var/log/squid/access.log | grep HIT
- tail -f /var/log/squid/access.log | ccze
- semoga berhasil dan sukses..
- tested semalam lancar no gatot (y)
- squid.conf+store-id.pl pakai sebelumnya...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement