Artikel
squid.conf
by irgunawan on Nov.16, 2009, under Artikel, MikroTik, Network, OS, Squid, Ubuntu, Wireless
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mikrotik src 192.168.3.2/32
acl klien src 10.5.50.0/24
#acl klien2 src 192.168.1.0/24
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
# Urusan blokir disini neh
acl blok url_regex “/etc/squid/blok.acl”
http_access deny blok
acl boleh url_regex “/etc/squid/boleh.acl”
http_access allow boleh
#no_cache deny bokep
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # https juga
acl Safe_ports port 873 # https lagi
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 5050 # YM
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow mikrotik
http_access allow klien
# Terakhir batasi semua akses dari dan kemana saja
http_access deny all
icp_access allow localnet
icp_access deny all
# SETTINGAN JARINGAN
# —————————————————————————–
http_port 3128 transparent
#zph_mode tos
#zph_local 0×30
# zph_sibling 0
# zph_parent 0
# zph_option 136
server_http11 on
hierarchy_stoplist cgi-bin ?
# Aturan DISK CACHE
# —————————————————————————–
cache_dir ufs /sakuit 10240 24 256
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
#minimum_object_size 0 KB
maximum_object_size 40480 KB
#cache_swap_low 90
#cache_swap_high 95
# update_headers on
access_log /var/log/squid/access.log squid
# Aturan penyegaran
# ————————————————————————-
refresh_pattern ^ftp: 1440 50% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 80% 2880
refresh_pattern -i .(jpg|png|jpeg|bmp|gif)$ 10240 90% 43200 override-expire
refresh_pattern -i .(deb|rpm|tgz|bz2|tar|gz)$ 10240 100% 43200 override-expire
refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 90% 43200 override-expire
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 90% 43200 override-expire
refresh_pattern -i .(tiff|qt)$ 10080 90% 43200 override-expire
refresh_pattern -i .(gz|arj|lha|lzh)$ 10080 90% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|bin)$ 10080 90% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 90% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 90% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
#refresh_pattern . 0 80% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
#upgrade_http0.9 deny shoutcast
# =================================================
# Ini nah gasan delay_pool
# =================================================
acl pailganal url_regex -i “/etc/squid/pailganal.acl”
delay_pools 1
delay_class 1 1
delay_parameters 1 8000/16000
delay_access 1 allow pailganal
delay_access 1 deny all
# via on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# error_directory /usr/share/squid/errors/English
dns_nameservers 203.130.209.242 202.134.1.10
hosts_file /etc/hosts
coredump_dir /sakuit/dump
“Congkelisasi” username yang lengket pada BillingHotSpot
by irgunawan on Oct.29, 2009, under Artikel, MikroTik, Network, OS, Squid, Ubuntu, Wireless
Ikuti langkah-langkah seperti terlihat pada gambar, pada step ke 3, paste command berikut:
delete from radacct where AcctStopTime='0000-00-00 00:00:00';
Klik Execute (langkah 4)
Selesai
Integrasi BillingHotSpot, Mikrotik, dan Squid Ubuntu
by irgunawan on Oct.08, 2009, under Artikel, MikroTik, My Design, Network, Squid, Ubuntu, Wireless
Keadaan topologi network yang saya maksud adalah seperti pada gambar di bawah ini.
Pada Mikrotik:
ether1 (ke modem) = 192.168.1.11/24
ether2 (ke Billing) = 192.168.3.2/24
ether3 (ke Client) = sesuai setting hotspot setup
Pada Ubuntu:
eth0 (ke ether2 mikrotik) = 192.168.3.1/24
Pada mikrotik, setelah hotspot setup selesai, masuk ke Winbox (continue reading…)
Mirkotik Port Forward IP Publik Speedy ke IP lokal
by irgunawan on Oct.07, 2009, under Artikel, MikroTik, Network, OS, Ubuntu
Asumsi bahwa koneksi menggunakan Speedy dan mendapatkan ip publik.
ether1 = 192.168.1.11 (mengarah ke modem)
ether2 = 192.168.3.2 (mengarah ke webserver)
ip webserver = 192.168.3.1
DMZ Host pada modem di arahkan ke ip ether1 mikrotik=192.168.1.11
Membuka akses webserver (port 80) melalui webbrowser dari ip publik (luar, port 80)
/ip firewall
nat add chain=dstnat action=dst-nat to-address=192.168.3.1 to-ports=80 dst-address=192.168.1.11 protocol=tcp dst-port=80
Membuka akses ssh (port 22) menuju webserver
nat add chain=dstnat action=dst-nat to-address=192.168.3.1 to-ports=22 dst-address=192.168.1.11 protocol=tcp dst-port=22
Membuka akses ftp (port 21) menuju webserver
nat add chain=dstnat action=dst-nat to-address=192.168.3.1 to-ports=21 dst-address=192.168.1.11 protocol=tcp dst-port=21
Mengakses Mikrotik Webbox (port 80), akan dialihkan ke port 82 ether1
Sehingga nantinya: http://ip_publik:82 akan otomatis diarahkan ke http://ip_mikrotik:80
nat add chain=dstnat action=dst-nat to-address=192.168.1.11 to-ports=80 dst-address=192.168.1.11 protocol=tcp dst-port=82
Membuka akses ftp ke Mikrotik (port 21) dari luar (publik) menggunakan port 23
nat add chain=dstnat action=dst-nat to-address=192.168.1.11 to-ports=21 dst-address=192.168.1.11 protocol=tcp dst-port=23
Yang penting modem udah DMZ ke ip ether1 mikrotik, masalah beres.
Upgrade Firefox 3.5 non-Shiretoko
by irgunawan on Oct.07, 2009, under Artikel, Ubuntu
Download dulu firefox 3.5.3.tar.bz2 dari situs mozilla, for linux tentunya. Save di /home/userAnda/
Masuk terminal ketik:
sudo rm /usr/bin/firefox && sudo dpkg-divert –rename –remove /usr/bin/firefox && sudo rm -r /opt/firefox
Kemudian lanjutkan dengan ketik:
if [[ ! -f /usr/bin/firefox ]]; then sudo apt-get update && sudo apt-get install firefox; fi && if [[ -e ~/.mozilla ]]; then cp -R ~/.mozilla ~/.mozilla.backup; fi && sudo tar -jxvf firefox-3*.tar.bz2 -C /opt && rm firefox-3*.tar.bz2 && sudo mv /opt/firefox/plugins /opt/firefox/plugins.backup && sudo ln -s /usr/lib/xulrunner-addons/plugins /opt/firefox/plugins && sudo dpkg-divert –divert /usr/bin/firefox.ubuntu –rename /usr/bin/firefox && sudo ln -s /opt/firefox/firefox /usr/bin/firefox
Firewall sederhana Mikrotik Warnet
by irgunawan on Oct.07, 2009, under Artikel, MikroTik, Network
Diketahui:
eth1_mod = ke modem
eth2_lan = ke klien/hub
maka,
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
ip firewall filter add chain=input in-interface=eth2_lan action=accept
ip firewall filter add chain=input in-interface=eth1_mod action=accept
-
Selamat Datang
Blog sederhana Iriyan Gunawan Amd.Kep, Anda beruntung jika menemukan sesuatu yang berharga disini, karena blog ini diupdate dengan sangat tidak teratur. Theme ini dibangun menggunakan Inkscape pada Ubuntu 8.10 Intrepid Ibex. Bukan sekapur sirih, bukan renungan hati, bukan coretan iseng, bukan gambaran diri, INI WEBLOG!
- Empunya Blog
