******************************************************************
#
#pf.conf dan Transparent Proxy dengan Squid pada FreeBSD
#
******************************************************************
#
#pf.conf dan Transparent Proxy dengan Squid pada FreeBSD
#
******************************************************************
trus aku coba untuk setting squid untuk Transparent proxy. Na ini ni yang bkin aku pusiiiiiiiing buaanget. Butuh waktu lama….., aku untuk setUp yg satu ini, ya maklum lah….baru belajar… Na memang begini kalee… manis pahit-nya membaca dan mencoba yg di temenin Mbah Google..? 
Tapi setelah berHasil eeh ada kepuasan tersendiri di Hati.
Tapi setelah berHasil eeh ada kepuasan tersendiri di Hati.Eeh aq kok sedikit nglantur yoW … he he he…..:) OK ku lanjutin dokumentasiku….
cek squid dg
moklet_psg#pkg_info
bila sudah tinggal konfigurasi, bila blm install dulu.
moklet_psg#cd /usr/ports/www/squid
moklet_psg#make install clean
buat direktori cache pada /usr/local/squid/
buat file access.log pada /usr/local/squid/logs/
buat file cache.log pada /usr/local/squid/logs/
buat file mime.conf pada /usr/local/squid/logs/
buat file store.log pada /usr/local/squid/logs/
buat file access.log pada /usr/local/squid/logs/
buat file cache.log pada /usr/local/squid/logs/
buat file mime.conf pada /usr/local/squid/logs/
buat file store.log pada /usr/local/squid/logs/
Rubah kepemilikan directory
/usr/local/etc/squid#chown -R squid:squid /usr/local/squid/log
/usr/local/etc/squid#chown -R squid:squid /usr/local/squid/cache
/usr/local/etc/squid#chown -R squid:squid /usr/local/squid/cache
lakukan konfigurasi pada
/usr/local/etc/squid/squid.conf
/usr/local/etc/squid/squid.conf
#####################################################################
### proxy ###
/usr/local/etc/squid/squid.conf
### proxy ###
/usr/local/etc/squid/squid.conf
# NETWORK OPTIONS
# —————
# —————
http_port 3128
icp_port 3130
icp_port 3130
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# ——————————————————
# ——————————————————
mcast_icp_query_timeout 10
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
# ————————————
# ————————————
cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————-
# —————————————-
cache_dir ufs /usr/local/squid/cache 100 16 256
access_log /usr/local/squid/logs/access.log squid
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
mime_table /usr/local/etc/squid/mime.conf
access_log /usr/local/squid/logs/access.log squid
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
mime_table /usr/local/etc/squid/mime.conf
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# ————————————–
# ————————————–
unlinkd_program /usr/local/libexec/squid/unlinkd
pinger_program /usr/local/libexec/squid/pinger
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
pinger_program /usr/local/libexec/squid/pinger
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# OPTIONS FOR TUNING THE CACHE
# —————————–
# —————————–
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
# —————-
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl localmachine src 192.168.1.0/24
acl publicip src 202.91.11.226
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# be allowed
acl our_networks src 192.168.1.0/24
http_access allow our_networks
# And finally deny all other access to this proxy
http_access deny all
# and finally allow by default
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
# —————-
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl localmachine src 192.168.1.0/24
acl publicip src 202.91.11.226
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# be allowed
acl our_networks src 192.168.1.0/24
http_access allow our_networks
# And finally deny all other access to this proxy
http_access deny all
# and finally allow by default
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
# ADMINISTRATIVE PARAMETERS
# ————————–
# ————————–
cache_mgr stj_yog@yahoo.co.id
cache_effective_user squid
cache_effective_user squid
# HTTPD-ACCELERATOR OPTIONS
# ————————–
# ————————–
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#Default:
# httpd_accel_no_pmtu_disc on
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#Default:
# httpd_accel_no_pmtu_disc on
# MISCELLANEOUS
# ————–
# ————–
logfile_rotate 10
snmp_port 3401
snmp_port 3401
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# ——————————————————————-
# ——————————————————————-
coredump_dir /usr/local/squid/cache
___________________________ End ______________________________________
#######################################################################
Untuk konfigurasi pf.conf (untuk meredirect client), diletakkan di bawah nat
——————————————————————-
rdr on $int_if proto {tcp, udp} from any to any port www -> 202.91.11.226 \
port 3128
——————————————————————-
___________________________ End ______________________________________
#######################################################################
Untuk konfigurasi pf.conf (untuk meredirect client), diletakkan di bawah nat
——————————————————————-
rdr on $int_if proto {tcp, udp} from any to any port www -> 202.91.11.226 \
port 3128
——————————————————————-
start squid #/usr/local/sbin/squid –DF
atau masukan /usr/local/sbin/squid –DF ke rc.local agar squid berjalan secara otomatis ketika server booting
menjalankan squid pertama kali
buat swap squid dengan mengetikan
#/usr/local/sbin/squid –z
buat swap squid dengan mengetikan
#/usr/local/sbin/squid –z
menjalankan squid
#/usr/local/sbin/squid –DFY
liat : tail -f /usr/local/squid/access.log
#/usr/local/sbin/squid –DFY
liat : tail -f /usr/local/squid/access.log
Hanya yang Maha mengetahui segalanya-lah yang maha sempurna.Kiranya dokumentasi saya ini ada kesalahan mohon ma’af,Saya manusia biasa yang hanya mampu berusaha, segalanya hanya Alloh yang menentukan.Terimakasih buat semua yang telah membantu saya……
0 comments:
Post a Comment