Searching...
Selasa, 26 Februari 2013
Home » jaringan » Cara Buat ISP Yang Gampang dan Cepat Pake Mikrotik + Squid box

Cara Buat ISP Yang Gampang dan Cepat Pake Mikrotik + Squid box

2/26/2013 08:22:00 PM
topologi jaringan adalah sebagai berikut :

inet -- cisco --hub -- Squid (slackware) -- mikrotik (bw managr) -- client
......................|
......................|
......................|-- server lain nya

IP ADDRESS SESUAIKAN DENGAN YANG DI MILIKI 

blok ip yang di dapat adalah : 202.152.100.0/24

syarat dasar pemahaman :
1. ip subnetting
2. perintah dasar linux
3. perintah dasar mikrotik

Langkah2... 

1. Liat ip address cisco nya (asumsi menggunakan FO) 
ip address cisco s0/0 202.152.30.1 
netmask 255.255.255.252
gateway 202.152.30.2

(biasanya di dapat dari ISP yang di atas isp kita)

2. Memecah blok ip address yang kita dapat :

sebelum blok ip address yang kita miliki kita gunakan ada baik nya di pecah dulu. pada contoh berikut akan saya berikan untuk di bagi menjadi 2. BLOK IP SERVER dan blok ip CLIENT.

BLOK IP SERVER2 :
network : 202.152.100.0/28
ip yang dapat di gunakan :202.152.100.1 - 202.152.100.14
broadcast : 202.152.100.15

BLOK IP CLIENT :
selain yang di atas adalah ip yang dapat di gunakan untuk client.

3. SET IP ETHERNET CISCO
set ip cisco ethernet0/0
ip address : 202.152.100.1
netmask 255.255.255.240


4. setting Proxy server + TUNE UP :
Linux yang di gunakan adalah SLACKWARE 9 dapat di download di :
http://mirror.vip.net.id/pub/slackware/
yang di gunakan adalah :
komputer P4
HARD DISK 40 G seagate baracuda 7200 rpm 3 keping dengan RAM 2 G
keping hardisk pertama di mount ke /
keping hardisk ke 2 di mount ke /cache1
keping hard disk ke 3 di mount ke /cache2

setelah di install isikan ip address berikut :

interface eth0
ip address : 202.152.100.2
netmask 255.255.255.240
gateway 202.152.100.1

Interface eth1
ip address : 202.152.100.17
netmask 255.255.255.252

setelah itu ... 

buka file : type.h
root@proxy:~# vi /usr/include/bits/types.h
edit bagian ini :

#define __FD_SETSIZE 1024

jadi seperti ini 

#define __FD_SETSIZE 8192

==> kemudian keluar dari VI EDITOR

kemudian ketik perintah ini :

root@proxy:~# ulimit -HSn 8192

kemudian download squid 2.5.STABLE9 dari sini :

wget http://202.154.183.7/squid-2.5.STABLE9.tar.gz

simpan di direktori /usr/local/src

ekstrak dengan perintah :

tar -zxvf squid-2.5.STABLE9.tar.gz

masuk kedirektori squid 
ketik perintah berikut ini :

./configure \
--prefix=/opt/squid \
--exec-prefix=/opt/squid \
--enable-gnuregex \
--enable-async-io=30 \
--with-aufs-threads=30 \
--with-pthreads \
--with-aio \
--with-dl \
--enable-storeio=aufs \
--enable-removal-policies=heap \
--enable-icmp \
--disable-wccp \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-languages=English \
--enable-err-languages=English \
--enable-linux-netfilter \
--disable-ident-lookups \
--disable-hostname-checks \
--enable-underscores

karena udah ada mikrotik untuk bw management tidak di perlukan lagi delay pool. Konfigurasi ini adalah untuk komputer dengan spek seperti berikut :

HARDISK 3 keping 40 G seagate baracuda 7200 rpm, RAM 2 G

2 keping hard disk untuk cache, 1 keping untuk system. apabila menggunakan hard disk scsi --enable-async-io=30 --with-aufs-threads=30 bisa di naekkan jadi 32.

==> selesai install squid. semua file squid akan terletak di direktori /opt/squid

setelah itu gunakan squid.conf di bawah ini :


Code:

http_port 8080


acl youtube dstdomain .youtube.com


no_cache allow youtube


hierarchy_stoplist cgi-bin ? localhost .js .jsp .friendster.com


acl QUERY urlpath_regex cgi-bin \? localhost   .friendster.com


no_cache deny QUERY


cache_replacement_policy heap LFUDA


memory_replacement_policy heap GDSF


cache_mem 6 MB


cache_dir aufs /cache1 8000 13 256


cache_dir aufs /cache2 8000 13 256


cache_swap_low 98


cache_swap_high 99


cache_access_log /cache1/access.log


cache_log /dev/null


cache_store_log none


mime_table /opt/squid/etc/mime.conf


pid_filename /var/run/squid.pid


client_netmask 255.255.255.0


refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod


refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod


redirect_rewrites_host_header off


acl all src 0.0.0.0/0.0.0.0


acl manager proto cache_object


acl localnet src 202.152.100.0/255.255.255.0


acl localhost src 127.0.0.1/255.255.255.255


acl SSL_ports port 443 8443 563 777


acl Safe_ports port 25 80 81 110 443 563 6667 7000 777 210 119 70 21 1025-65535


acl Safe_ports port 280 6668 6669


acl Safe_ports port 488


acl Safe_ports port 591


acl Safe_ports port 777


acl lewat dst_as 4622 4761 4787 4795 4796 4855 4800 7587 7597 7713 9326 9340 9448 9657 9791 9794 9875 9905 9228 9251 10114 10137 10208 10217 17440 17450 17451 17538 17658 17671 17670  17725  17727  17769  4832 4833 17817 17884 17907  17910  17922  17800  10220  17974  17826  17885  18052  18056  18059  7632 4821  18103  17996  18004  18153  18156  18189  18237  18251  18347  3583    3382    4382 4434 18364 18365  18379  9341    9785    18393  17995  23651  23666  23671  23679  23691  23756  23945  24052  24057  24194


always_direct allow lewat


always_direct deny all


#header_access Accept-Encoding deny all


acl CONNECT method CONNECT


http_access allow manager localhost


http_access deny manager


http_access allow localnet


http_access allow localhost


http_access deny !Safe_ports


http_access deny CONNECT !SSL_ports


http_access deny CONNECT


httpd_accel_host virtual


httpd_accel_port 80


httpd_accel_with_proxy on


httpd_accel_uses_host_header on


http_access deny all


maximum_object_size  128 MB


maximum_object_size_in_memory 8 KB


ipcache_size 4096


ipcache_low 98


ipcache_high 99


quick_abort_min 0


quick_abort_max 0


quick_abort_pct 75


fqdncache_size 4096


shutdown_lifetime 10 seconds


cache_mgr hendraarif@yahoo.com


cache_effective_user squid


cache_effective_group squid


memory_pools off


buffered_logs off


log_icp_queries off


logfile_rotate 1


log_fqdn off


forwarded_for off


icp_hit_stale on


query_icmp on


reload_into_ims on


emulate_httpd_log off


negative_ttl 2 minutes


pipeline_prefetch on


vary_ignore_expire on


half_closed_clients off


high_page_fault_warning 2


visible_hostname proxy@dodol.org


nonhierarchical_direct on


prefer_direct off
perhatikan ip address yang di izinkan. sesuaikan dengan ip yang di gunakan.
perhatikan juga penggunaan cache direktori. maksimal untuk 1 keping adalah 18 Giga.

setelah itu tambahkan user squid di linux :

root@proxy:~# useradd squid

tambahkan juga group squid 

root@proxy:~# groupadd squid


bentuk direktori cache di squid :

root@proxy:~# /opt/squid/sbin/squid -z

ketik perintah ini sekali lagi :

root@proxy:~# ulimit -HSn 8192

kemudian jalankan squid dengan perintah :

root@proxy:~# /opt/squid/sbin/squid -DY &

================================================== ==============

okeee.. kita lanjut :

5. Setting mikrotik :

masukin ip address ether 1 :
/ip address add address=202.152.100.18/30 interface=ether1

karena seluruh ip yang di gunakan adalah ip public maka perlu subnetting di pisah-pisah :
masukin ip address untuk pasangan ip client :
misalkan ip client adalah 202.152.100.22 maka yang di masukkan di mikrotik ethr2 adalah 202.152.100.21/30

demikian pula untuk pasangan ip client2 yang lain. 

/ip address add address=202.152.100.21/30 interface=ether2



untuk lebih jelasnya dapat di liat pada tablel berikut :

Code:

   network      first avail           last avail         broadcast


202.152.100.20	202.152.100.21	202.152.100.22	202.152.100.23


202.152.100.24	202.152.100.25	202.152.100.26	202.152.100.27


202.152.100.28	202.152.100.29	202.152.100.30	202.152.100.31


202.152.100.32	202.152.100.33	202.152.100.34	202.152.100.35


202.152.100.36	202.152.100.37	202.152.100.38	202.152.100.39


202.152.100.40	202.152.100.41	202.152.100.42	202.152.100.43


202.152.100.44	202.152.100.45	202.152.100.46	202.152.100.47


202.152.100.48	202.152.100.49	202.152.100.50	202.152.100.51


202.152.100.52	202.152.100.53	202.152.100.54	202.152.100.55


202.152.100.56	202.152.100.57	202.152.100.58	202.152.100.59


202.152.100.60	202.152.100.61	202.152.100.62	202.152.100.63


202.152.100.64	202.152.100.65	202.152.100.66	202.152.100.67


202.152.100.68	202.152.100.69	202.152.100.70	202.152.100.71


202.152.100.72	202.152.100.73	202.152.100.74	202.152.100.75


202.152.100.76	202.152.100.77	202.152.100.78	202.152.100.79


202.152.100.80	202.152.100.81	202.152.100.82	202.152.100.83


202.152.100.84	202.152.100.85	202.152.100.86	202.152.100.87


202.152.100.88	202.152.100.89	202.152.100.90	202.152.100.91


202.152.100.92	202.152.100.93	202.152.100.94	202.152.100.95


202.152.100.96	202.152.100.97	202.152.100.98	202.152.100.99


202.152.100.100	202.152.100.101	202.152.100.102	202.152.100.103


202.152.100.104	202.152.100.105	202.152.100.106	202.152.100.107


202.152.100.108	202.152.100.109	202.152.100.110	202.152.100.111


202.152.100.112	202.152.100.113	202.152.100.114	202.152.100.115


202.152.100.116	202.152.100.117	202.152.100.118	202.152.100.119


202.152.100.120	202.152.100.121	202.152.100.122	202.152.100.123


202.152.100.124	202.152.100.125	202.152.100.126	202.152.100.127


202.152.100.128	202.152.100.129	202.152.100.130	202.152.100.131


202.152.100.132	202.152.100.133	202.152.100.134	202.152.100.135


202.152.100.136	202.152.100.137	202.152.100.138	202.152.100.139


202.152.100.140	202.152.100.141	202.152.100.142	202.152.100.143


202.152.100.144	202.152.100.145	202.152.100.146	202.152.100.147


202.152.100.148	202.152.100.149	202.152.100.150	202.152.100.151


202.152.100.152	202.152.100.153	202.152.100.154	202.152.100.155


202.152.100.156	202.152.100.157	202.152.100.158	202.152.100.159


202.152.100.160	202.152.100.161	202.152.100.162	202.152.100.163


202.152.100.164	202.152.100.165	202.152.100.166	202.152.100.167


202.152.100.168	202.152.100.169	202.152.100.170	202.152.100.171


202.152.100.172	202.152.100.173	202.152.100.174	202.152.100.175


202.152.100.176	202.152.100.177	202.152.100.178	202.152.100.179


202.152.100.180	202.152.100.181	202.152.100.182	202.152.100.183


202.152.100.184	202.152.100.185	202.152.100.186	202.152.100.187


202.152.100.188	202.152.100.189	202.152.100.190	202.152.100.191


202.152.100.192	202.152.100.193	202.152.100.194	202.152.100.195


202.152.100.196	202.152.100.197	202.152.100.198	202.152.100.199


202.152.100.200	202.152.100.201	202.152.100.202	202.152.100.203


202.152.100.204	202.152.100.205	202.152.100.206	202.152.100.207


202.152.100.208	202.152.100.209	202.152.100.210	202.152.100.211


202.152.100.212	202.152.100.213	202.152.100.214	202.152.100.215


202.152.100.216	202.152.100.217	202.152.100.218	202.152.100.219


202.152.100.220	202.152.100.221	202.152.100.222	202.152.100.223


202.152.100.224	202.152.100.225	202.152.100.226	202.152.100.227


202.152.100.228	202.152.100.229	202.152.100.230	202.152.100.231


202.152.100.232	202.152.100.233	202.152.100.234	202.152.100.235


202.152.100.236	202.152.100.237	202.152.100.238	202.152.100.239


202.152.100.240	202.152.100.241	202.152.100.242	202.152.100.243


202.152.100.244	202.152.100.245	202.152.100.246	202.152.100.247


202.152.100.248	202.152.100.249	202.152.100.250	202.152.100.251


202.152.100.252	202.152.100.253	202.152.100.254	202.152.100.255
kemudian masukan gateway nya ke arah proxy :

/route add gateway=202.152.100.17


atur route di proxy agar mengizinkan network end mikrotik dapat lewat :

route add -net 202.152.100.20/30 gateway 202.152.100.18

selesai urusan ip address...

6. dapat di uji coba client 
menggunakan ip address :
202.152.100.22
netmask 255.255.255.252
gateway 202.152.100.21

karena menggunakan subnetting selain ip address 22 tidak akan dapat melewati router mikrotik yang di buat

7. iptables di proxy 
semua traffic harus di paksa lewat proxy server yang kita buat dengan perintah :


Code:

iptables -A PREROUTING -t nat -p tcp -s 202.152.100.0/24 -i eth2 -d \! 202.152.100.0/24 --dport 80 -j REDIRECT --to 8080
9. DNS SERVER 
jalankan dns server yang telah ada secara defaul di slackware dengan perintah :

root@proxy:~# named -d1

tinggal masukin di /etc/resolv.conf 

nameserver 127.0.0.1

dan seluruh client pake dns ip 202.152.100.17

TANPA NAT/MASQUERADE .................. ip public terdistribusi ke client 

jadi deeeehhhhhh gampang dan cepat kan ?
Diposting oleh di 2/26/2013 08:22:00 PM
Label:
Share This:

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)