Cara Setting Modem Telkom Speedy Huawei HG8245A Bridge Mode

2

Cara Install squid-3.4.7 di Ubuntu Server


Update dan Upgrade : 
apt-get update
apt-get upgrade
Install Packet-Packet untuk mendukung squid-3 seperti berikut : 

apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev
apt-get install libtool sysv-rc-conf
Download dan Extract squid-3.4.7 :

wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.7.tar.bz2
tar -xjf squid-3.4.7.tar.bz2
cd squid-3.4.7
Download Patch 302 dan memleak kemudian patch squid-3.4.7 :

wget https://googledrive.com/host/0B8LC6mDTXV0hVEpYN1I5djVPSlU/302_v2_memleak.patch
patch -p0 < 302_v2_memleak.patch
Compile squid-3.4.7 : 

./configure \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/sbin \
--sbindir=/usr/sbin \
--datadir=/usr/share/squid \
--includedir=/usr/include \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var/spool/squid \
--libdir=/usr/lib \
--sharedstatedir=/usr/com \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--x-includes=/usr/include \
--x-libraries=/usr/lib \
--enable-http-violations \
--enable-async-io=24 \
--enable-storeio=aufs \
--enable-linux-netfilter \
--enable-ssl \
--enable-ssl-crtd \
--enable-removal-policies=heap \
--enable-follow-x-forwarded-for \
--enable-zph-qos \
--enable-delay-pools \
--disable-icmp \
--disable-ipv6 \
--disable-epoll \
--disable-ident-lookups \
--with-aufs-threads=24 \
--with-large-files \
--with-libcap \
--with-openssl \
--with-included-ltdl \
--with-default-user=proxy \
--with-logdir=/etc/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-maxfd=65536 \
--with-filedescriptors=65536
Install squid-3.4.7 : 
make & make install
Membuat Certificate Untuk squid-3.4.7 : 

cd /etc/squid
mkdir ssl_certs
cd ssl_certs
openssl genrsa -out squid.key 2048
openssl req -new -key squid.key -out squid.csr -nodes
openssl x509 -req -days 3652 -in squid.csr -signkey squid.key -out squid.crt
Buat Certificate Cache : 

mkdir /var/lib/squid
chown -R nobody /var/lib/squid/
/usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
chown -R proxy:proxy /var/lib/squid/ssl_db/
chmod -R 777 /var/lib/squid/ssl_db/
Konfigurasi squid.conf : 

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.10.0/24 # Sesuaikan dengan ip client/local

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# squid ssl_bump option
#
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1

# Squid normally listens to port 3128
https_port 3129 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key
http_port 3128 tproxy
http_port 3127

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /cache_proxy 25000 16 256 # sesuaikan dengan drive penyimpanan cache 

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320
Silahkan di kembangkan sendiri sesuai keinginan anda, di atas adalah contoh. Beri permision pada disk cache : 

chown -R proxy:proxy /cache_proxy
chmod -R 777 /cache_proxy
Untuk membentuk directory di dalam disk cache jalankan perintah berikut : 

squid -f /etc/squid/squid.conf -z
Cek squid.conf apakah ada error atau tidak, jika masih terdapat error silahkan perbaiki terlebih dahulu. Buat file squid di dalam /etc/init.d/squid : 

touch /etc/init.d/squid
chmod +x /etc/init.d/squid
nano /etc/init.d/squid

Copy code berikut ke dalamnya : 

#! /bin/sh
#
# squid32012                Startup script for the SQUID HTTP proxy-cache.
#
# Version:      @(#)squid3.rc  1.0  07-Jul-2006  luigi@debian.org
#
### BEGIN INIT INFO
# Provides:          Squid 3.X
# File-Location:     /etc/init.d/squid3
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $named
# Should-Stop:       $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Squid HTTP Proxy version 3.2.0.12
### END INIT INFO
 
NAME=squid
DESC="Squid HTTP Proxy 3.X"
DAEMON=/usr/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
# RAMFS=/scripts/ramcache
 
[ ! -f /etc/default/squid ] || . /etc/default/squid
 
. /lib/lsb/init-functions
 
PATH=/bin:/usr/bin:/sbin:/usr/sbin
 
[ -x $DAEMON ] || exit 0
 
ulimit -n 65536
 
find_cache_dir () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}
 
find_cache_type () {
        w="     " # space tab
        res=`sed -ne '
                s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
                t end;
                d;
                :end q' < $CONFIG`
        [ -n "$res" ] || res=$2
        echo "$res"
}
 
start () {
        cache_dir=`find_cache_dir cache_dir /var/spool/squid/cache`
        cache_type=`find_cache_type cache_dir ufs`
 
        if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
        then
                log_warning_msg "Creating $DESC cache structure"
                $DAEMON -z
        fi
 
        umask 027
        ulimit -n 65536
 
               
        cd $cache_dir
        start-stop-daemon --quiet --start \
                --pidfile $PIDFILE \
                --exec $DAEMON -- $SQUID_ARGS < /dev/null
        return $?
}
 
stop () {
 
        PID=`cat $PIDFILE 2>/dev/null`
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        sleep 2
        if test -n "$PID" && kill -0 $PID 2>/dev/null
        then
                log_action_begin_msg " Waiting"
                cnt=0
                while kill -0 $PID 2>/dev/null
                do
                        cnt=`expr $cnt + 1`
                        if [ $cnt -gt 24 ]
                        then
                                log_action_end_msg 1
                                return 1
                        fi
                        sleep 5
                        log_action_cont_msg ""
                done
                log_action_end_msg 0
                return 0
        else
                return 0
        fi
}
 
case "$1" in
    start)
        log_daemon_msg "Starting $DESC" "$NAME"
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    stop)
        log_daemon_msg "Stopping $DESC" "$NAME"
 
 
        if stop ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    reload|force-reload)
        log_action_msg "Reloading $DESC configuration files"
        start-stop-daemon --stop --signal 1 \
                --pidfile $PIDFILE --quiet --exec $DAEMON
        log_action_end_msg 0
        ;;
    restart)
        log_daemon_msg "Restarting $DESC" "$NAME"
        stop
        if start ; then
                log_end_msg $?
        else
                log_end_msg $?
        fi
        ;;
    status)
       status_of_proc -p "$PIDFILE" "$DAEMON" squid && exit 0 || exit $?
        ;;
    *)
        echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}"
        exit 3
        ;;
esac

exit 0
Jalankan squid : 

/etc/init.d/squid restart
Cek apakah squid sudah berjalan : 

/etc/init.d/squid status
jika muncul tulisan * squid is running artinya squid sudah berjalan. Terakhir silahkan import certificate yang sudah di tadi ke dalam browser.

Konfigurasi Firewall Tproxy squid-3.4.7

Agar tproxy pada squid-3.4.7 dapat berjalan dengan baik anda harus membuat firewall dan mengaktifkan beberapa modul untuk mengdukung tproxy.
Berikut beberapa modul yang harus di aktifkan, letakan Konfigurasi berikut di dalam file rc.local yang berada di /etc/rc.local.
modprobe xt_TPROXY
modprobe xt_socket
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

Mangle tproxy :
iptables -t mangle -F
iptables -t mangle -X

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -d 192.168.10.251 -p tcp -m multiport --dports 80,443,3127,3128,3129,8000,8080 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 192.168.10.251 -p tcp -m multiport --dports 80,8080,8000 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
iptables -t mangle -A PREROUTING ! -d 192.168.10.251 -p tcp -m multiport --dports 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
Ketrangan : 
192.168.10.251 adalah IP Proxy Server silahkan sesuaikan dengan keadaan di tempat anda.

Mangle tproxy di mikrotik.
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-port=80,443 in-interface= new-routing-mark=proxy passthrough=no protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface= new-connection-mark=tproxy passthrough=yes protocol=tcp src-address=!192.168.10.251
add action=mark-routing chain=prerouting connection-mark=tproxy disabled=no in-interface=! new-routing-mark=proxy passthrough=no

Comments

  1. UnknownNovember 20, 2014 at 11:37 AM

    Sya mau pake tutor ini ya bang, kemarin pake yang 3 head sudah jalan tapi ga bisa hit udah tiga hari..

    ReplyDelete
  2. AmplifierDecember 11, 2014 at 1:42 PM

    Ass wr wb, Yang di atas bisa HIT Https ga pa?
    Bisa Https youtube ga pa?
    Makasih

    ReplyDelete
    Replies
    1. 081316983317December 20, 2014 at 1:05 AM

      ngak !!!!!

      Delete
    2. Bandi ShippudenJanuary 14, 2015 at 1:52 PM

      cache HTTPS bisa untuk cache youtube silahkan di kembangkan sendiri ... ini hanya dasarnya saja ....

      Delete
  3. 081316983317February 2, 2015 at 5:23 AM

    cache HTTPS youtube bisa
    tapi HTTPS FACEBOOK mozilla versi 31 keatas ngak
    Secure Connection Failed

    An error occurred during a connection to www.facebook.com. Certificate key usage inadequate for attempted operation. (Error code: sec_error_inadequate_key_usage)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

    ReplyDelete
    Replies
    1. Bandi ShippudenFebruary 6, 2015 at 3:21 PM

      setting firefoxnya ...

      Delete
    2. UnknownApril 14, 2015 at 12:13 AM

      gan kenpa fb ga bisa ke buka di mozila firefox ver terbaru klo yg lainnya lancar,cuma facebook saja
      An error occurred during a connection to www.facebook.com. Certificate key usage inadequate for attempted operation. (Error code: sec_error_inadequate_key_usage)
      mohon penjelsannya

      Delete
    3. Bandi ShippudenApril 14, 2015 at 8:34 AM

      harus di setting mozillanya, kalo gak mau setting mozilla update squidnya ke versi terbaru ...

      Delete
    4. UnknownApril 15, 2015 at 3:50 PM

      di seting apany gan mozila y

      Delete
    5. Bandi ShippudenApril 17, 2015 at 8:04 PM

      agan menggunakan mozilla versi berapa ? seingat saya di mozilla versi terbaru settinganya sudah di hapus ... saran saya update saja ke squid yg terbaru ...

      Delete
  4. dedikagustuexFebruary 10, 2015 at 4:35 AM

    bang ini bisa digunakan di squid versi 3.5?

    ReplyDelete
    Replies
    1. Bandi ShippudenApril 2, 2015 at 9:40 PM

      untuk squid-3.5 ada sedikit perubahan pada compilenya

      Delete
  5. YoudhyMarch 6, 2015 at 1:57 AM

    1425577212.543 59995 192.168.10.109 TCP_MISS/503 4135 GET http://qa.sockets.stackexchange.com/ -
    ORIGINAL_DST/198.252.206.149 text/html
    Kenapa ya tcp_miss/503 terus.. :(

    ReplyDelete
  6. UnknownApril 12, 2015 at 5:24 PM

    Bisa semua kok untuk youtube, facebook dan https lainnya. Cuma kembangkan dikit bro. Trims artikelnya, lumayan buat referensi.

    ReplyDelete
    Replies
    1. Bandi ShippudenApril 14, 2015 at 8:31 AM

      yup bener banget mas, ini hanya referensi saja .... :)

      Delete
  7. abangApril 28, 2015 at 3:59 PM

    This comment has been removed by the author.

    ReplyDelete
  8. abangApril 28, 2015 at 4:29 PM

    Ada error nih mas di Ubuntu 14.04-02

    Server.cc:542:32: note: suggested alternative:
    In file included from ../src/auth/UserRequest.h:36:0,
    from acl/FilledChecklist.h:8,
    from Server.cc:34:
    ../src/auth/Scheme.h:47:7: note: ‘Auth::Config’
    class Config;
    ^
    make[3]: *** [Server.o] Error 1
    make[3]: Leaving directory `/root/squid-3.4.7/src'
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory `/root/squid-3.4.7/src'
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/root/squid-3.4.7/src'
    make: *** [all-recursive] Error 1

    ReplyDelete
  9. AgratitudesignMay 9, 2015 at 8:09 PM

    This comment has been removed by the author.

    ReplyDelete
  10. UnknownJuly 4, 2015 at 7:55 PM

    muncul errer gini min ,mohon solusinya oom
    failed to make directory to var/cache/squid 00:permision denied
    terminated abnormally

    ReplyDelete
    Replies
    1. Bandi ShippudenJuly 7, 2015 at 9:22 AM

      Directory /var/cache/squid udh di kasih permision belum ?

      Delete
  11. dayatOctober 12, 2015 at 11:21 AM

    maaf , kenapa ga bisa buka gmail, yahoo mesenger, zyngga poker

    ReplyDelete
    Replies
    1. Bandi ShippudenOctober 27, 2015 at 12:40 AM

      sertifikatnya jangan lupa di import ke tiap2 browser

      Delete
  12. AnjerulNovember 11, 2015 at 6:55 AM

    Mas, ketika di compile selalu error. Kenapa yah ?

    =======================================
    Server.cc: In member function ‘bool ServerStateData::blockCaching()’:
    Server.cc:542:32: error: ‘Config’ was not declared in this scope
    Server.cc:542:32: note: suggested alternative:
    In file included from ../src/auth/UserRequest.h:36:0,
    from acl/FilledChecklist.h:8,
    from Server.cc:34:
    ../src/auth/Scheme.h:47:7: note: ‘Auth::Config’
    make[3]: *** [Server.o] Error 1
    make[3]: Leaving directory `/root/squid-3.4.7/src'
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory `/root/squid-3.4.7/src'
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/root/squid-3.4.7/src'
    make: *** [all-recursive] Error 1

    [2]- Exit 2
    =========================================

    mohon bantuanya, terimakasih :)

    ReplyDelete
  13. UnknownNovember 17, 2015 at 11:26 AM

    Misi mas,
    Mau tanya,
    untuk import file certificate nya gmn ya? langkah-langkahnya gitu sekalian filenya apa y?
    Thnx

    ReplyDelete
    Replies
    1. Bandi ShippudenNovember 20, 2015 at 12:30 AM

      Filenya di ambil dari file yg kita buat di tutorial ini dengan nama squid.crt, setelah kita buat file tadi ambil menggunakan winscp atau aplikasi sejenisnya lalu copykan ke komputer yang menggunakan windows.
      untuk impoert :
      1. Pada Mozilla Firefox :
      * Pilih Menu Tool > Options > Advanced > Certifikates
      * Pilih View Certificates > Import, kemudian cari di mana anda menyimpan file squid.crt yg di ambil dari server proxy tadi.kemuidan pilih Open
      * Centang ketiga Opsi yang mucul pada kemudian pilih OK.

      2. Pada Google Chrome :
      * Masuk ke menu setting atau bisa mengetikan chrome://settings/
      * Scroll kebawah kemudian klik show advanced Settings kemudian pilih manage certificates ...
      * Selanjutnya Masuk pada TAB Trusted Root Certification Authorities kemudian pilih Import
      * Selanjutnya Pilih NEXT kemudian browse ... cari di mana anda menyimpan file squid.crt yang sudah di copy tadi.
      * Setelah itu pilih next hinngan selesai.

      Delete
  14. Hery_NitronDecember 6, 2015 at 2:23 AM

    minta compile squid 3.5.12 dong bang, pelase

    ReplyDelete
  15. Dawud TanJanuary 8, 2016 at 10:14 PM

    permisi gan, saya ada sedikit tulisan mengenai protokol websocket dalam beberapa bahasa pemrograman berikut gan: http://datacomlink.blogspot.co.id/2015/11/implementasi-server-websocket-rfc-6455.html ditunggu feedbacknya ya gan, semoga menambah wawasan bersama gan, terima kasih...

    ReplyDelete
  16. UnknownJune 2, 2016 at 2:44 PM

    saya sangat tertarik dengan tulisan anda, saya juga mempunyai tulisan sejenis
    yang mungkin anda juga tertarik, anda bisa mengunjunginya di klik disini terima kasih.

    ReplyDelete
  17. KikihAugust 8, 2017 at 11:52 AM

    Bang kok g waktu cek squid is not running mulu knp ya??

    ReplyDelete

Post a Comment

Peraturan Berkomentar atau Bertanya :
1. Berikan Komentar dengan sopan dan bijak sesuai dengan isi konten.
2. Komentar yang tidak diperlukan oleh pembaca lain [ SPAM ] akan segera di hapus.
3. Jika Artikel ini bermanfaat silahkan bantu share ke jaringan sosial.

Info :
1. Untuk Menyisipkan Kode Panjang Gunakan <i rel="pre">Kode Disini</i>
2. Untuk Menyisipkan Kode Pendek Gunakan <i rel="code">Kode Disini</i>
3. Untuk Menyisipkan Quote Gunakan <b rel="quote">Catatan Anda</b>
4. Untuk Menyisipkan Gambar Gunakan <i rel="image">URL Gambar</i>
5. Untuk Menyisipkan Video Gunakan <i rel="youtube">URL Video Youtube</i>