Konfigurasi Squid Dan Mikrotik

ogin ke Ubuntu server dengan user “root” menggunakan putty.
Lakukan Update dan install paket pendukung pada Ubuntu server:
#sudo -i
isikan password :
1 apt-get update
2 apt-get install devscripts -y
Download Squid installer lalu lakukan configure dan install, disini saya menggunakan squid versi 3.5.12, anda
bisa lihat Disini untuk versi yang lain.
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.12.tar.gz
1 tar zxvf squid-3.5.12.tar.gz
2 cd squid-3.5.12
3 ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/s
4 localstatedir=/var --libdir=/usr/lib --with-default-user=proxy --with-logdir=/var/log/s
5 pidfile=/var/run/squid.pid
sudo make && make install
Sampai disini langkah pertama selesai, jika saat Instalasi tidak terjadi error maka dipastikan squid anda sudah
terinstall dengan benar. Untuk cek squid versi yang terinstall anda bisa melakukan perintah berikut pada putty:
1 squid -v
Langkah Ke Dua :
Masukan Script di bawah ini pada file “squid.conf” yang ada di directory “/etc/squid/squid.conf”, namun
sebelum anda masukan terlebih dulu anda edit baris yang sudah saya kasih komentar.
Copy script di bawah ini lalu pastekan ke dalam notepad++ terlebih dulu dan edit yang sudah saya kasih
komentar, lalu buka file squid.conf yang ada di “/etc/squid/squid.conf” menggunakan “winscp” lalu hapus
isinya kemudian masukan script yang ada di notepad++ , kemudian simpan.
Warning!! jangan sampai salah ketika anda edit dan memasukan “squid.conf” salah sedikit dapat
mengakibatkan squid tidak bisa berjalan.
Setting Squid.conf
# nano /etc/squid/squid.conf
masukan scipt squid.cof :
1. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

4. acl localnet src fc00::/7 # RFC 4193 local private network range
5. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
6.
7. acl SSL_ports port 443
8. acl Safe_ports port 80 # http
9. acl Safe_ports port 21 # ftp
10. acl Safe_ports port 443 # https
11. acl Safe_ports port 70 # gopher
12. acl Safe_ports port 210 # wais
13. acl Safe_ports port 1025-65535 # unregistered ports
14. acl Safe_ports port 280 # http-mgmt
15. acl Safe_ports port 488 # gss-http
16. acl Safe_ports port 591 # filemaker
17. acl Safe_ports port 777 # multiling http
18. acl CONNECT method CONNECT
19. acl ipblacklist dst "/etc/squid/ipblacklist/ip-blacklist.txt"
acl noipblacklist dst "/etc/squid/noipblacklist/noip-blacklist.txt"
acl situsblacklist url_regex -i "/etc/squid/situsblacklist/situs-blacklist.txt"
http_access allow noipblacklist

http_access deny ipblacklist
http_access deny situsblacklist
20. http_access deny !Safe_ports
21. http_access deny CONNECT !SSL_ports
22. http_access allow localhost manager
23. http_access deny manager
24. http_access allow localnet
25. http_access allow localhost
26. http_access deny all
27. http_port 3128
28.
29. # BAGIAN YANG PERLU DI SESUAIKAN
30. # DISINI SAYA MENGGUNAKAN PARTISI /cache untuk cache_dir, jika nama partisi anda berbeda
silahkan sesuaikan
31. # UNTUK UKURAN cache_dir sesuaikan juga, disini yang mencontohkan 100gb,
32. cache_mgr Administrator
33. cache_dir aufs /cache 100000 100 256
34.
35. refresh_pattern ^ftp: 1440 20% 10080
36. refresh_pattern ^gopher: 1440 0% 1440
37. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
38. refresh_pattern . 0 20% 4320
39.
40. # END
Agar Squid Berjalan secara otomatis ketika komputer ubuntu-server di restart, maka kita butuh scrip untuk
menjalankan proses tersebut. Pertama yang kita lakukan adalah membuat file bernama “squid” dan
menyimpannya pada directory “/etc/init.d/”. berikut cara membuatnya dan lakukan perintahnya dengan putty
1 touch /etc/init.d/squid
Sekarang buka file tersebut menggukan winscp yang ada di directory “/etc/init.d/squid” lalu copy script di
bawah ini kemudian masukan scriptnya pada file tersebut.
#! /bin/sh
#
# squid32012 Startup script for the SQUID HTTP proxy-cache.
#
# Version: @(#)squid3.rc 1.0 07-Jul-2006 luigi@debian.org
#
### BEGIN INIT INFO
# Provides: Squid 3.X
# File-Location: /etc/init.d/squid3
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: $named
# Should-Stop: $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Squid HTTP Proxy version 3.2.0.12
### END INIT INFO
NAME="By www.dokter-squid.com"
DESC="HTTP/HTTPS Proxy"
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
# RAMFS=/scripts/ramcache
[ ! -f /etc/default/squid ] || . /etc/default/squid
. /lib/lsb/init-functions
PATH=/bin:/usr/bin:/sbin:/usr/sbin
[ -x $DAEMON ] || exit 0
ulimit -n 65535
find_cache_dir () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+$[^'"$w"']\+$.*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
find_cache_type () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+$[^'"$w"']\+$.*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
start () {
# $RAMFS clean
# $RAMFS mount
# $RAMFS restore
cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`

cache_type=`find_cache_type cache_dir ufs`
#
# Create spool dirs if they don't exist.
#
if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -
d"$cache_dir" -a ! -d "$cache_dir/00" ]
then
log_warning_msg "Creating $DESC cache structure"
$DAEMON -z
fi
umask 027
ulimit -n 65535
cd $cache_dir
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
return $?
}
stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
log_action_begin_msg " Waiting"
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 24 ]
then
log_action_end_msg 1
return 1
fi
sleep 5
log_action_cont_msg ""
done
return 0
else
return 0
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
if stop ; then
log_end_msg $?
else
log_end_msg $?
fi
# $RAMFS dump
# $RAMFS umount
# $RAMFS clean
;;
reload|force-reload)
log_action_msg "Reloading $DESC configuration files"
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --quiet --exec $DAEMON
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
stop
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
exit 3
;;
esac
exit 0
# END
Lakukan perintah di bawah ini menggunakan putty, bertujuan agar file “squid” yang tadi kita buat bisa di
proses secara default:
1 chmod 755 /etc/init.d/squid
2 update-rc.d squid defaults
Sampai disini untuk langkah yang kedua selesai, tinggal ke langkah berikutnya
Langkah Ke Tiga :
Beri Permision pada beberapa file :
1 chown -R proxy:proxy /var/log/squid
2 mkdir /cache
3 chown-R proxy:proxy /cache

chmod 777 /cache
Membuat directory cache
1 squid -z
 langsung tekan [enter] jika saat bikin directory selesai, ciri-cirinya sudah tidak ada gerakan.
 Sekarang kita restart ubuntu

1 reboot
 jika ubuntu sudah running kembali, silahkan login kembali putty nya.
 Terakhir adalah mengecek, apakah squid sudah berjalan atau belum, caranya lakukan perintah berikut
dengan putty.
1 squid -k check
 2. squid -k reconfigure
 jika tidak ada info error atau “no running service” maka sudah di pastikan squid anda sudah berjalan
dengan baik.
Selamat, sekarang anda sudah berhasil install squid3 dengan mudah.
Sekarang kita test squid yang barusan kita install. karna proxy yang barusan kita buat
belum bisa transparant, maka untuk meneruskan traffic http ke proxy kita harus setting
manual di browser. caranya sangat mudah, saya contohkan pada browser firefox lihat
gambar berikut:
Untuk melihat log lewat putty, caranya lakukan perintah berikut:
1 tail -f /var/log/squid/access.log | ccze

Contoh log nya:
Jika menggunakan mikrotik :
Setting redirect ke proxy :

/ip firewall nat
add chain=dstnat comment="Redirect-Proxy" dst-port=80 protocol=tcp src-
address=!192.168.1.89 action=redirect to-ports=3128
Setting bypass akses internet tanpa proxy :

/ip firewall nat
add chain=srcnat commet=bypass-proxy port=80 protocol=tcp src-address-
list=!boleh action=accept
Membuat addresslist untuk bypass proxy :
ip firewall address-list add list=boleh comment="Wifi KAM" address=192.168.1.4

ip firewall address-list add list=boleh comment="Pak BS" address=192.168.1.7
ip firewall address-list add list=boleh comment="Wifi MM" address=192.168.1.8
ip firewall address-list add list=boleh comment="Wifi Meeting Direksi" address=192.168.1.9
ip firewall address-list add list=boleh comment="Wifi Direksi" address=192.168.1.10
ip firewall address-list add list=boleh
comment=Axell address=192.168.1.16
SUmber : https://dokter-squid.com/install-squid3/
Posted by syahril safarosidi on 9:10 PM
Dengan Router Mikrotik di tambah
Squid ProxyExternal seperti ubuntu,ClearOs,IpCop Dll…Performa akan menjadi mantab,apalagi
menggunakan Squid Lusca…Cache semua pada di telan…Ok berikut ini saya post Cara Setting
Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External,Untuk Setting Squid nya nggak saya post
karena…Ini Label Mikrotik,Untuk Setting squid lihat di label Squid,,,
Ip Addess MengarahMikrotik =192.168.0.5 Ke Modem (internet)

Ip Address Mengarah Local =192.168.34.1 Ke Client
Ip Address Mengarah Squid Proxy =192.168.35.1 Ke Squid Proxy
Ip Address Squid Proxy =192.168.35.2 Ip Squid Proxy External
Terobosan….:
1. Total bandwidth dari Modem (internet) 4 MB

2. Client Download dari Modem dilimit dengan queue tree,jika file datanya telah tersimpan di Squid
Proxy maka otomatis tidak terlimit alias lepas Loss
3. Untuk client yang download file seperti .flv .exe .rar .zip youtube dll…..dilimit 1 MB untuk semua file
bagi rata,kecuali yang berbau bokep….bokep saya kasih 128 aja bagi rata…..nah…jika extention
seperti .flv .exe .rar .zip youtube dll tersebut pernah di download…otomatis tersimpan di Squid proxy
..dan otomatis tidak terlimit extention tersebut…alias lepas loss….
4. Untuk ping ….ini perlu….bagi bagi client yang main poker,pointblank,atau game lainnya..saya
gunakan queue tree juga…tapi tidak di limit…
5. Untuk Upload…tidak perlu di limit…demi kenyamanan pemain game
Berikut langkahnya dari awal…dari Router Mikrotik belum berisi..alias kosong…:
Kita mainkan di new terminal semua:
1. Set interface:
/interface set 0 name=public \
;/interface set 1 name=local \
;/interface set 2 name=proxy
2. Set Ip address (Sesuaikan Ip address dgn jaringan anda):

/ip address add address=192.168.0.5 \
netmask=255.255.255.0 \
interface=public \
;/ip address add address=192.168.34.1 \
netmask=255.255.255.0 \
interface=local \
;/ip address add address=192.168.35.1 \
netmask=255.255.255.0 \
interface=proxy
3. Set Gateway (Sesuaikan Gateway dengan gateway jaringan anda):

/ip route add gateway=192.168.0.1
4. Set DNS (sesuaikan DNS sengan jaringan anda):
A. Cara set DNS Untuk RB Os versi 4.XX kebawah:
/ip dns set primary-dns=203.130.208.18 \

;/ip dns set secondary-dns=203.130.193.74 \
allow-remote-requests=yes
B. Cara set DNS untuk RB Os versi 4.XX keatas:
/ip dns set servers=203.130.208.18,203.130.193.74 \

allow-remote-requests=yes
5. Set Ip Firewall Nat …..termasuk nat untuk redirect ke proxy…saya

gunakan port 3128 pada squid saya (ip addressnya sesuaikan dengan
jaringan anda):
/ip firewall nat add chain=srcnat out-interface=public src-address=192.168.2.0/24 action=masquerade
src-address-list="wirelessrouterproxy.blogspot.com client" comment="LOCAL NAT MASQUERADE"
/ip firewall nat add chain=srcnat out-interface=public src-address=192.168.3.0/24 action=masquerade

src-address-list="wirelessrouterproxy.blogspot.com proxy" comment="PROXY NAT MASQUERADE"
/ip firewall nat add action=dst-nat chain=dstnat comment="REDIRECT KE PROXY" disabled=no dst-
port=80,8080,3128 in-interface=local protocol=tcp src-address=!192.168.3.0/24 to-
addresses=192.168.3.2 to-ports=3128
/ip firewall nat add action=dst-nat \

chain=dstnat comment="TRANSPARENT DNS UDP LOCAL" \
disabled=no dst-port=53 in-interface=local \
protocol=udp to-ports=53

chain=dstnat disabled=no dst-port=53 in-interface=local \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP LOCAL"

chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=udp to-ports=53 comment="TRANSPARENT DNS UDP PROXY"

chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=tcp to-ports=53 comment="TRANSPARENT DNS TCP PROXY"
6. Selanjutnya Keamanan jaringan :

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER1" \
address-list-timeout=2w chain=input \
comment="PORT SCANNER2 KE ADDRESS \
LIST " disabled=no protocol=tcp psd=21,3s,3,1

address-list="PORT SCANNER2" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn

chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst

chain=input comment="FIN/PSH/URG scan" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input \

comment="BLOK PORT SCANNER" disabled=no \
src-address-list="PORT SCANNER1"
/ip firewall filter add action=accept chain=input \

comment="IZINKAN MENDIRIKAN KONEKSI" \
connection-state=established disabled=no

comment="IZINKAN KONEKSI TERKAIT" \
connection-state=related disabled=no

comment="IZINKAN PING LOCAL" \
disabled=no protocol=icmp \
src-address-list=\
"wirelessrouterproxy.blogspot.com client"

comment="IZINKAN PING PROXY" disabled=no \
protocol=icmp src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"

comment="IZINKAN INPUT DARI LOCAL" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com client"
comment="IZINKAN INPUT DARI PROXY" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com proxy"
/ip firewall filter add action=jump chain=forward \

comment="FILTER PAKET YANG JELEK" disabled=no \
jump-target=tcp protocol=tcp
/ip firewall filter add action=jump \

chain=forward disabled=no jump-target=udp \
protocol=udp
/ip firewall filter add action=jump \

chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp \

comment="TOLAK SMTP" disabled=no dst-port=25 \
protocol=tcp

comment="TOLAK RPC2portmapper" disabled=no \
dst-port=135 protocol=tcp

comment="TOLAK NBT" disabled=no dst-port=137-139 \
protocol=tcp
/ip firewall filter add action=drop \

chain=tcp comment="TOLAK CIFS" disabled=no \
dst-port=445 protocol=tcp

comment="TOLAK NFS" disabled=no dst-port=2049 \
protocol=tcp

comment="TOLAK NETBUS" disabled=no dst-port=20034 \
protocol=tcp

comment="TOLAK BackOriffice" disabled=no dst-port=\
3133 protocol=tcp

comment="BLOK DHCP" disabled=no dst-port=67-68 \
protocol=tcp
comment="TOLAK P2P" disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp \

comment="TOLAK TFTP" disabled=no dst-port=69 \
protocol=udp

comment="TOLAK PRC portmapper" disabled=no \
dst-port=111 protocol=udp
comment="TOLAK PRC portmapper" disabled=no \
dst-port=135 protocol=udp

comment="TOLAK NETBUS" disabled=no \
dst-port=12345-12346 protocol=tcp

comment="BLOK NBT" disabled=no dst-port=137-139 \
protocol=udp

comment="BLOK NFS" disabled=no dst-port=2049 \
protocol=udp
/ip firewall filter add action=drop \

chain=udp comment="TOLAK BackOriffice" \
disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp \

comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp

icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept \

chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp

icmp-options=3:4 limit=5,5 protocol=icmp

icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept \

chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward \

comment="Allow Established connections" \
connection-state=established disabled=no

comment="Allow Forward from LOCAL Network" \
disabled=no src-address-list=\

comment="Allow Forward from PROXY Network" \
disabled=no src-address-list=\
7. Selanjutnya buat address list untuk client anda…tujuannya hanya ip

address yang di buat ini yang bisa terkoneksi ke internet…jika client
anda melebihi sebanayak yang terdaftar di bawah ini…silahkan di
tambah..sesuai dgn jumlah client anda….(Sesuaikan ip addresnya
dengan jaringan anda):
/ip firewall address-list \
add address=192.168.35.2 \
comment="SQUID PROXY EXTERNAL" \
disabled=no list=\

add address=192.168.34.2 \
comment="CLIENT1" \
disabled=no list=\

add address=192.168.34.3 \
comment="CLIENT2" \
disabled=no list=\

add address=192.168.34.4 \
comment="CLIENT3" \
disabled=no list=\

add address=192.168.34.5 \
comment="CLIENT4" \
disabled=no list=\

add address=192.168.34.6 \
comment="CLIENT5" \
disabled=no list=\

add address=192.168.34.7 \
comment="CLIENT6" \
disabled=no list=\

add address=192.168.34.8 \
comment="CLIENT7" \
disabled=no list=\

add address=192.168.34.9 \
comment="CLIENT8" \
disabled=no list=\

add address=192.168.34.10 \
comment="CLIENT9" \
disabled=no list=\

add address=192.168.34.11 \
comment="CLIENT10" \
disabled=no list=\

add address=192.168.34.12 \
comment="CLIENT11" \
disabled=no list=\
8. Selanjutnya Firwall layer7,yang nanti nya untuk limit .exe .zip .rar dll:
/ip firewall layer7-protocol add name=YOUTUBE regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
-9][\\x09-\\x0d -~]*(content-type: video)"
/ip firewall layer7-protocol add name="EXE" \

regexp="\\.(exe)"
/ip firewall layer7-protocol add name="RAR" \

regexp="\\.(rar)"
/ip firewall layer7-protocol add name="7z" \

regexp="\\.(7z)"
/ip firewall layer7-protocol add name="CAB" \

regexp="\\.(cab)"
/ip firewall layer7-protocol add name="ASF" \

regexp="\\.(asf)"
/ip firewall layer7-protocol add name="MOV" \

regexp="\\.(mov)"
/ip firewall layer7-protocol add name="WMV" \

regexp="\\.(wmv)"
/ip firewall layer7-protocol add name="MPG" \

regexp="\\.(mpg)"
/ip firewall layer7-protocol add name="MPEG" \

regexp="\\.(mpeg)"
/ip firewall layer7-protocol add name="MKV" \

regexp="\\.(mkv)"
/ip firewall layer7-protocol add name="ZIP" \

regexp="\\.(zip)"
/ip firewall layer7-protocol add name="AVI" \

regexp="\\.(avi)"
/ip firewall layer7-protocol add name="FLV" \

regexp="\\.(flv)"
/ip firewall layer7-protocol add name="WAV" \

regexp="\\.(wav)"
/ip firewall layer7-protocol add name="RM" \

regexp="\\.(rm)"
/ip firewall layer7-protocol add name="MP3" \

regexp="\\.(mp3)"
/ip firewall layer7-protocol add name="MP4" \

regexp="\\.(mp4)"
/ip firewall layer7-protocol add name="RAM" \

regexp="\\.(ram)"
/ip firewall layer7-protocol add name="RMVB" \

regexp="\\.(rmvb)"
/ip firewall layer7-protocol add name="DAT" \

regexp="\\.(dat)"
/ip firewall layer7-protocol add name="DAA" \

regexp="\\.(daa)"
/ip firewall layer7-protocol add name="ISO" \

regexp="\\.(iso)"
/ip firewall layer7-protocol add name="NRG" \

regexp="\\.(nrg)"
/ip firewall layer7-protocol add name="BIN" \

regexp="\\.(bin)"
/ip firewall layer7-protocol add name="VCD" \

regexp="\\.(vcd)"
9. Selanjutanya Mangle…….
A. Mangle Suid Hit:
/ip firewall mangle add action=mark-packet \

chain=forward comment="SQUID PROXY HIT" \
disabled=no dscp=12 \
new-packet-mark="PROXY HIT" passthrough=no
Mangle Squid koneksi dan squid Paket:
/ip firewall mangle add action=mark-connection \

chain=prerouting comment="BROWSING SQUID" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
dst-port=80,443 new-connection-mark="SQUID KONEKSI" \
passthrough=yes protocol=tcp \
src-address-list="wirelessrouterproxy.blogspot.com proxy"

chain=forward comment="SQUID PAKET" \
connection-mark="SQUID KONEKSI" disabled=no \
new-packet-mark="SQUID PAKET" passthrough=no
B. Mangle Semua koneksi masuk dan koneksi keluar:

chain=prerouting comment="TANDA SEMUA KONEKSI" disabled=no \
dst-address-list="!wirelessrouterproxy.blogspot.com client" \
in-interface=local new-connection-mark="SEMUA KONEKSI MASUK" \
passthrough=yes

chain=forward disabled=no \
new-connection-mark="SEMUA KONEKSI KELUAR" \
out-interface=local passthrough=yes \
src-address-list="!wirelessrouterproxy.blogspot.com client" \
comment="SEMUA KONEKSI KELUAR"
/ip firewall mangle add chain=prerouting \

action=mark-packet new-packet-mark="SEMUA PAKET_MASUK"\
passthrough=yes connection-mark="SEMUA KONEKSI MASUK" \

comment="SEMUA PAKET MASUK"
/ip firewall mangle add chain=forward \

action=mark-packet new-packet-mark="SEMUA PAKET KELUAR" \
passthrough=yes connection-mark="SEMUA KONEKSI KELUAR"
comment="SEMUA PAKET KELUAR"
C. Mangle Browsing koneksi yang koneksi dari semua koneksi masuk:
/ip firewall mangle add action=mark-connection chain=prerouting \

comment="BROWSING CLIENT" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
new-connection-mark="BROWSING KONEKSI" \
passthrough=yes protocol=tcp
D. Mangle Koneksi ICMP dengan dscp1:

chain=postrouting disabled=no dscp=1 \
new-connection-mark="ICMP KONEKSI" passthrough=yes \
comment="ICMP KOMEKSI"
E. Mangle Game koneksi yang koneksi dari semua koneksi masuk:

F. Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari
port game tersebut:

chain=prerouting comment="POINT BLANK" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=40000-40010 \
new-connection-mark="GAME KONEKSI" \
passthrough=yes protocol=udp

chain=prerouting comment="POKER" \
connection-mark="SEMUA KONEKSI MASUK" \
disabled=no dst-port=9339,843 \
passthrough=yes protocol=tcp

chain=prerouting comment="RF ONLINE" \
connection-mark="SEMUA KONEKSI MASUK" disabled=no \
dst-port=10001,10002,10003,10004,10005,10006,10007 \
passthrough=yes protocol=udp
G. Mangle ICMP PAKET:

chain=postrouting connection-mark="ICMP KONEKSI" \
disabled=no new-packet-mark="ICMP PAKET" passthrough=no \
comment="ICMP PAKET"
H. Selanjutnya mangle Game Paket:

chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=no \
new-packet-mark="GAME PAKET" passthrough=no
I. Selanjutnya Bowsing paket:

chain=forward comment="BROWSING PAKET" \
connection-bytes=0-131072 \
connection-mark="BROWSING KONEKSI" \
disabled=no new-packet-mark="BROWSING PAKET" \
passthrough=no protocol=tcp
J. Change dscp ICMP dan Port 53:

/ip firewall mangle add action=change-dscp \
chain=postrouting comment="ICMP CHANGE DSCP" \
disabled=no new-dscp=1 protocol=icmp

chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=udp

chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=tcp
K. Mangle Extention file seperti .zip .rar .flv .exe dll :

chain=forward comment="EXTENTION KONEKSI" \
disabled=no in-interface=local \
new-connection-mark="EXTENTION KONEKSI" \
passthrough=yes

chain=forward comment="YOUTUBE MARK" \
connection-mark="EXTENTION KONEKSI" disabled=no \
new-packet-mark="YOUTUBE" passthrough=no

chain=forward comment="WMV MARK" \
new-packet-mark="WMV" passthrough=no

chain=forward comment="EXE MARK" \
new-packet-mark="EXE" passthrough=no

chain=forward comment="ZIP MARK" \
connection-mark="EXTENTION KONEKSI" \
new-packet-mark="ZIP" passthrough=no

chain=forward comment="RAR MARK" \
new-packet-mark="RAR" passthrough=no

chain=forward comment="MPG MARK" \
new-packet-mark="MPG" passthrough=no

chain=forward comment="MPEG MARK" \
new-packet-mark="MPEG" passthrough=no
chain=forward comment="MP3 MARK" \
new-packet-mark="MP3" passthrough=no

chain=forward comment="MOV MARK" \
new-packet-mark="MOV" passthrough=no

chain=forward comment="ISO MARK" disabled=no \
new-packet-mark="ISO" \
passthrough=no

chain=forward comment="MKV MARK" \
new-packet-mark="MKV" passthrough=no

chain=forward comment="FLV MARK" \
new-packet-mark="FLV" passthrough=no

chain=forward comment="AVI MARK" \
new-packet-mark="AVI" passthrough=no

chain=forward comment="CAB MARK" \
new-packet-mark="CAB" passthrough=no

chain=forward comment="ASF MARK" \
new-packet-mark="ASF" passthrough=no

chain=forward comment="WAV MARK" \
new-packet-mark="WAV" passthrough=no

chain=forward comment="RM MARK" \
new-packet-mark="RM" passthrough=no

chain=forward comment="RAM MARK" \
new-packet-mark="RAM" passthrough=no
chain=forward comment="RMVB MARK" \
new-packet-mark="RMVB" passthrough=no

chain=forward comment="DAT MARK" \
new-packet-mark="DAT" passthrough=no

chain=forward comment="DAA MARK" \
new-packet-mark="DAA" passthrough=no

chain=forward comment="NRG MARK" \
new-packet-mark="NRG" passthrough=no

chain=forward comment="BIN MARK" \
new-packet-mark="BIN" passthrough=no

chain=forward comment="VCD MARK" \
new-packet-mark="VCD" passthrough=no
L. Mangle Paket client (sesuaikan Ip addressnya dengan ip address client jaringan anda):

chain=forward comment="CLIENT1" \
connection-mark="SEMUA KONEKSI KELUAR" \
disabled=no dst-address=192.168.34.2 \
new-packet-mark="CLIENT1" \










10. Queue Tree

A. Queue tree ICMP prioritas ke 1:
/queue tree add burst-limit=0 \

burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name="ICMP PING" \
packet-mark="ICMP PAKET" parent=public priority=1 \
queue="default"
B. Queue Squid Hit Prioritas ke 2:

limit-at=0 max-limit=0 name="SQUID HIT" \
packet-mark="PROXY HIT" parent=local priority=2 \
queue=default
C. Queue Limit Extention prioritas ke 3 (jika anda ingin melimit yang berbeda silahkan ubah max-
limitnya):

burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=1000000 \
name="LIMIT FILE EXTENTION" parent=global-out priority=3

name="AVI" packet-mark=AVI parent="LIMIT FILE EXTENTION" \
priority=3 queue=default

name="EXE" packet-mark="EXE" parent="LIMIT FILE EXTENTION" \

name="FLV" packet-mark="FLV" parent="LIMIT FILE EXTENTION" \

name="YOUTUBE" packet-mark="YOUTUBE" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default

name="ISO" packet-mark=iso parent="LIMIT FILE EXTENTION" \

disabled=no limit-at=0 max-limit=0 name="MP3" \
packet-mark="MP3" parent="LIMIT FILE EXTENTION" \

disabled=no limit-at=0 max-limit=0 name="MP4" \
packet-mark="MP4" parent="LIMIT FILE EXTENTION" \

name="MPEG" packet-mark="MPEG" parent="LIMIT FILE EXTENTION" \

name="MPG" packet-mark="MPG" parent="LIMIT FILE EXTENTION" \

name="RAR" packet-mark="RAR" parent="LIMIT FILE EXTENTION" \

name="WMV" packet-mark="WMV" \
parent="LIMIT FILE EXTENTION" priority=3 queue=default

name="ZIP" packet-mark="ZIP" parent="LIMIT FILE EXTENTION" \

name="CAB" packet-mark="CAB" parent="LIMIT FILE EXTENTION" \

name="ASF" packet-mark="ASF" parent="LIMIT FILE EXTENTION" \

name="MOV" packet-mark="MOV" parent="LIMIT FILE EXTENTION" \

name="MKV" packet-mark="MKV" parent="LIMIT FILE EXTENTION" \

name="WAV" packet-mark="WAV" parent="LIMIT FILE EXTENTION" \

name="RM" packet-mark="RM" parent="LIMIT FILE EXTENTION" \

name="RAM" packet-mark="RAM" parent="LIMIT FILE EXTENTION" \

name="RMVB" packet-mark="RMVB" parent="LIMIT FILE EXTENTION" \

name="DAT" packet-mark="DAT" parent="LIMIT FILE EXTENTION" \

name="DAA" packet-mark="DAA" parent="LIMIT FILE EXTENTION" \

name="NRG" packet-mark="NRG" parent="LIMIT FILE EXTENTION" \

name="BIN" packet-mark="BIN" parent="LIMIT FILE EXTENTION" \
name="VCD" packet-mark="VCD" parent="LIMIT FILE EXTENTION" \
D. Queue tree Semua Upload Prioritas ke 4 :

name="+++TOTAL UPLOAD+++" \
packet-mark="SEMUA PAKET MASUK" \
parent=public priority=4 queue=default
E. Total download Prioritas ke 5 :

name="+++TOTAL DOWNLOAD+++" packet-mark="SEMUA PAKET KELUAR" \
parent=global-out priority=5
F. Game download Prioritas ke 6 :

name="GAME DOWNLOAD" packet-mark="GAME PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=6 \
queue=default
G. Queue Browsing Paket Priority ke 7

name="BROWSING PAKET" packet-mark="BROWSING PAKET" \
parent="+++TOTAL DOWNLOAD+++" priority=7 queue=default
Queue tree Total download client priority8

limit-at=0 max-limit=0 name="+++TOTAL DOWNLOAD CLIENT+++" \
parent="+++TOTAL DOWNLOAD+++" priority=8
H. Queue tree client priority8

burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="CLIENT1" packet-mark="CLIENT1" \
parent="+++TOTAL DOWNLOAD CLIENT+++" priority=8 queue=default











Konfigurasi Squid Dan Mikrotik

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Konfigurasi Squid Dan Mikrotik

Hochgeladen von

Copyright:

Verfügbare Formate

ogin ke Ubuntu server dengan user “root” menggunakan putty.

Lakukan Update dan install paket pendukung pada Ubuntu server:

masukan scipt squid.cof :

1. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

http_access allow noipblacklist

cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`

 Sekarang kita restart ubuntu

Selamat, sekarang anda sudah berhasil install squid3 dengan mudah.

1 tail -f /var/log/squid/access.log | ccze

Setting redirect ke proxy :

Setting bypass akses internet tanpa proxy :

Membuat addresslist untuk bypass proxy :

ip firewall address-list add list=boleh comment="Wifi KAM" address=192.168.1.4

Ip Addess MengarahMikrotik =192.168.0.5 Ke Modem (internet)

Ip Address Squid Proxy =192.168.35.2 Ip Squid Proxy External

1. Total bandwidth dari Modem (internet) 4 MB

Berikut langkahnya dari awal…dari Router Mikrotik belum berisi..alias kosong…:

Kita mainkan di new terminal semua:

2. Set Ip address (Sesuaikan Ip address dgn jaringan anda):

3. Set Gateway (Sesuaikan Gateway dengan gateway jaringan anda):

/ip dns set primary-dns=203.130.208.18 \

B. Cara set DNS untuk RB Os versi 4.XX keatas:

/ip dns set servers=203.130.208.18,203.130.193.74 \

5. Set Ip Firewall Nat …..termasuk nat untuk redirect ke proxy…saya

/ip firewall nat add chain=srcnat out-interface=public src-address=192.168.3.0/24 action=masquerade

/ip firewall nat add action=dst-nat \

/ip firewall nat add action=dst-nat \

/ip firewall nat add action=dst-nat \

/ip firewall nat add action=dst-nat \

6. Selanjutnya Keamanan jaringan :

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=add-src-to-address-list \

/ip firewall filter add action=drop chain=input \

/ip firewall filter add action=accept chain=input \

/ip firewall filter add action=accept chain=input \

/ip firewall filter add action=accept chain=input \

/ip firewall filter add action=accept chain=input \

/ip firewall filter add action=accept chain=input \

/ip firewall filter add action=jump chain=forward \

/ip firewall filter add action=jump \

/ip firewall filter add action=jump \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=udp \

/ip firewall filter add action=drop chain=udp \

/ip firewall filter add action=drop chain=tcp \

/ip firewall filter add action=drop chain=udp \

/ip firewall filter add action=drop chain=udp \

/ip firewall filter add action=drop \

/ip firewall filter add action=accept chain=icmp \

/ip firewall filter add action=accept chain=icmp \

/ip firewall filter add action=accept \

/ip firewall filter add action=accept chain=icmp \

/ip firewall filter add action=accept chain=icmp \