readbud - get paid to read and rate articles
- Simplce Paid to Click Task!

Transparent Proxy pada Centos-5

Untuk memulai kita konfigurasi transparant proxy squid pada mesin Linux Centos kita dengan asumsi sudah ada alokasi space pada HDisk. Disini saya sudah ada alokasi buat cache sebesar 9 GB = /cache . Untuk menginstall squid bisa dengan source tetapi untuk memudahkan installasi bisa dengan fasilitas yang sudah disediakan RHEL yaitu dengan yum, kalau di debian kita menggunakan apt-get, sedang di FreeBSD lewat port fasilitas seperti ini. tinggal mengetik yum -y install squid .

Setelah terinstall squid kita coba rubah owner dan tambah direktori cache yang kita alokasikan tersebut dengan cara :

mkdir -p /cache/squid

mkdir -p /cache/spool

chown -R squid:squid /cache

Untuk langkah selanjutnya edit file squid.conf pada /etc/squid/squid.conf , untuk salah konfigurasi jangan takut karena disana sudah disediakan file konfigurasi default squid.conf.default. Contoh file squid.conf :

### ### ### ###
http_port 192.168.100.11:3128 transparent <— penambahan transparent ini berdasarkan squid versi baru sekarang
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size 128 MB
cache_dir ufs /cache/squid 6300 14 256 <—- menentukan performa squid (saya buat 70% dari alokasi space)
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
read_timeout 30 minutes
request_timeout 1 minutes
client_lifetime 3 hours
pconn_timeout 15 seconds
half_closed_clients off
shutdown_lifetime 10 seconds
positive_dns_ttl 53 seconds
negative_dns_ttl 29 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl net-AP src 192.168.100.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 84
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 25 # smtp
acl Safe_ports port 210 # wais
acl Safe_ports port 6666-7000 # IRC Proxies
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl BADPORTS port 7 9 11 19 110 119 513 514
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny VIRUS
http_access deny BADPORTS
http_access allow localhost
http_access allow net-AP
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr onez@airputih.or.id
visible_hostname Ap-Ciomas
ftp_passive on
ftp_sanitycheck on
always_direct allow all
coredump_dir /cache/spool
cache_replacement_policy LFUDA
forwarded_for on
memory_pools off
minimum_direct_hops 4
store_objects_per_bucket 10
store_avg_object_size 13 kb
max_open_disk_fds 100
### ### ### ###

Jangan lupa disini ada penambah http_port 192.168.100.11:3128 transparent ini untuk versi baru squid, untuk transparant biasanya seperti http_port 192.168.100.11:3128 , kemudian beri tambahan pada squid.conf yaitu :
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Karena di squid baru telah di build langsung untuk transparant, so… nggak usah tambahin seperti diatas tersebut tetapi hanya tambahin kata transparant pada http_port.

Kemudian kita buat redirect pada iptables dari port 80 ke 3128 , contoh :

iptables -t nat -A PREROUTING -d ! 192.168.100.11 -i eth1 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

Ok sekarang sudah semua di config sesuai kebutuhan tinggal jalankan squid anda dengan command :
[onez@ap-ciomas squid]# /etc/init.d/squid start
Starting squid: . [ OK ]

Setelah tidak ada error seperti diatas tersebut mari kita test browsing, sambil kita liat access log squid kita dengan command :
[onez@ap-ciomas squid]# tail -f /var/log/squid/access.log
1186064096.349 23376 192.168.100.17 TCP_MISS/200 317 POST http://guest1.meebo.org/mm? – DIRECT/216.129.118.13 text/xml
1186064108.561 295 192.168.100.51 TCP_MISS/200 3058 GET http://mail.airputih.or.id/src/left_main.php – DIRECT/202.155.61.19 text/html

Akhirnya squid kita sudah bisa jalan dan bisa digunakan untuk mengirit benwitdh kita, so… sekian dulu yach.. tutonya buat transparant proxynya, kalau ada kekurangan mohon koreksi.

« Upgrade Kernel pada Linux Slackware 10.2
Setting buat Server SOHO atau Warnet pada Linux »

This entry was posted on Thursday, August 2nd, 2007 at 1:24 am and is filed under NiX-NuX. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

13 Responses to “Transparent Proxy pada Centos-5”

  1. MrRudy says:
    August 17th, 2007 at 3:27 am |

    I can’t add your feed to Feedburner. How I do this?

  2. dudi says:
    September 20th, 2007 at 4:14 am |

    ayo mana lagi tutorial yang lain! jangan setengah setengah kalo posting nyet :D

  3. admin says:
    September 27th, 2007 at 1:58 am |

    Bentar boss, lagi disusun maklum nggak pandai merangkai kata saya. Jadi banyak di edit duyu.. :)

  4. Jauhari says:
    October 10th, 2007 at 8:21 pm |

    Besok saya cobanya ah di Server Kantor :D

  5. admin says:
    October 11th, 2007 at 1:49 am |

    Silahkan Boss… Dengan senang hati.. Gutlak..!! :)

  6. fadh says:
    November 25th, 2007 at 8:02 pm |

    mana tutorial yang laen…config HTB na gimana?

  7. ach says:
    March 4th, 2008 at 8:41 am |

    thanks yah atas artikelnya mohon setting ip buat mandrake 10 dunk makasih. :)

  8. cimote says:
    March 15th, 2008 at 11:46 pm |

    thanx ..nezz tutorialnya help bangt !! more -more dung ahh …!!

  9. satujalur says:
    March 16th, 2008 at 2:03 am |

    sip..tq boz tutorialnya

  10. satujalur says:
    March 16th, 2008 at 2:04 am |

    sip..tq boz tutorialnya ;) )

  11. deden says:
    May 17th, 2008 at 11:43 am |

    aduh bos
    klo kaya gitu perasan setelah restart gak bisa jalan deh
    masalahnya
    rc nya gak di edit
    klo gak salah sih
    newbie nih
    klo bisa mulai dari set IP,forward, dll yang lengkap lah please….
    jangan dari tengah gini… bingung jadinya hiks

  12. admin says:
    May 25th, 2008 at 8:21 pm |

    Fadh : hixz pm aja pake YM :)
    ach : Sip..
    Cimote : Yoi nanti kalo gi senggang gw update
    Satujalur : sama2 boss.. thxz kunjungannya
    Deden : Masa sich.. bisa lagi, kalo nggak salah udah ada di sebelomnya mengenai SOHO

  13. ika says:
    September 3rd, 2009 at 10:38 pm |

    kok proxy transparent Q gak kebaca di client. eth1 192.168.3.135 (internet) eth0 192.168.2.1 (lan). mohon bantuannya. ini konfiguransinya

    http_port 3128 transparent
    icp_port 0

    cache_mem 6 MB
    cache_swap_low 94
    cache_swap_high 96

    cache_access_log /var/log/squid/access.log
    cache_store_log /var/log/squid/store.log

    maximum_object_size 16384 KB
    minimum_object_size 4 KB
    maximum_object_size_in_memory 2048 KB

    # OPTION FOR TUNING THE CACHE
    refresh_pattern -i ^ftp: 1440 50% 20160
    refresh_pattern -i ^gopher: 1440 50% 20160

    # FILE-FILE YANG JARANG BERUBAH
    refresh_pattern -i \.bin$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.cab$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.dat$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.exe$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.flv$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.msi$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.rar$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.zip$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.swf$ 180 90% 20160 reload-into-ims
    refresh_pattern -i \.css$ 120 80% 10080 reload-into-ims
    refresh_pattern -i \.js$ 120 80% 10080 reload-into-ims
    refresh_pattern -i \.pdf$ 90 80% 10080 reload-into-ims
    refresh_pattern -i \.gif$ 45 70% 10080 reload-into-ims
    refresh_pattern -i \.ico$ 45 70% 10080 reload-into-ims
    refresh_pattern -i \.jpg$ 45 70% 10080 reload-into-ims
    refresh_pattern -i \.png$ 45 70% 10080 reload-into-ims

    # REFRESH LEBIH CEPAT UNTUK YANG SERING BERUBAH
    refresh_pattern -i \.html$ 10 40% 4320
    refresh_pattern -i \.htm$ 10 40% 4320
    refresh_pattern -i \.xml$ 10 40% 4320
    refresh_pattern . 25 60% 4320

    fqdncache_size 1024
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF

    visible_hostname localhost
    cache_mgr admin@localhost
    cache_effective_user squid
    cache_effective_group squid

    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache
    cache_mgr admin@proxy.sman5.com #nama admin squid
    cache_effective_user squid
    cache_effective_group squid
    visible_hostname proxy.sman5.com #hostname unutk squid

    # DEFAULT ACL
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl lan src 192.168.2.0/24
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl safe_ports port 80 # http
    acl safe_ports port 21 # ftp
    acl safe_ports port 443 563 # https, snews
    acl safe_ports port 70 # gopher
    acl safe_ports port 210 # wais
    acl safe_ports port 280 # http-mgmt
    acl safe_ports port 488 # gss-http
    acl safe_ports port 591 # filemaker
    acl safe_ports port 777 # multiling http

    # MEMBLOCK SITUS TERLARANG (BLACKLIST) SECARA MANUAL
    # _______________________________________________
    acl porn url_regex “/etc/squid/acl/porn.txt”
    acl noporn url_regex “/etc/squid/acl/noporn.txt”
    acl ip-porn dst “/etc/squid/acl/ip-porn.txt”
    acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4

    http_access allow porn all
    http_access allow noporn all
    http_access deny porn all
    http_access deny ip-porn all
    http_access allow localhost

    http_access allow all
    http_access allow lan

    acl PURGE method PURGE
    acl CONNECT method CONNECT

    http_access allow manager localhost
    http_access deny manager

    http_access allow PURGE localhost
    http_access deny PURGE

    http_access deny !safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny to_localhost
    acl our_networks src 192.168.2.0/24 192.168.3.0/24
    http_access allow our_networks

    http_reply_access allow lan
    http_reply_access allow localhost
    http_reply_access deny all
    http_reply_access allow all

    icp_access allow lan
    icp_access allow localhost
    icp_access deny all
    icp_access allow all

    http_access allow localhost
    http_reply_access allow all
    http_access deny all

    # MANAJEMEN BANDWIDTH
    # ___________________________________________
    delay_pools 2
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_class 2 2
    delay_parameters 2 -1/2048000 10000/2049000

    delay_access 2 allow download
    delay_access 2 deny all
    delay_access 1 deny download
    delay_access 1 allow all

Leave a Reply

Google
Web onez.web.id