curahan HATI, PIKIRAN, dan KEINGINAN

Just another WordPress.com weblog

Squid 2.6 setting at windows XP

Squid di Windows

Tutorial singkat ini akan membahas tentang alternatif berbagi pakai internet menggunakan software open source Squid..
Kita akan menggunakan Windows® XP sebagai contoh, mungkin bisa diterapkan juga di Windows® NT atau Windows® 2000..
Untuk tutorial ini kamu akan memerlukan squid yang bisa di donlod di sini.
Hasil donlod akan berupa file zip, extract file tersebut ke C:\ , sehingga di drive C akan muncul direktori baru dengan nama SQUID..
Masuk ke direktori C:\squid\etc, kita akan menemukan 3 buah file dengan nama “cachemgr.conf.default”, “mime.conf.default” dan “squid.conf.default”.

Salin ketiga file tersebut dan rubah namanya..

  • “cachemgr.conf.default” menjadi ”cachemgr.conf”
  • “mime.conf.default” menjadi “mime.conf”, dan
  • “squid.conf.default” menjadi “squid.conf”

Setelah ketiga file diatas dirubah namanya, kita hanya akan edit satu file saja yaitu file “squid.conf”, buka file “squid.conf” menggunakan notepad atau text editor kesukaan kamu..
Disitu sudah ada konfigurasi default untuk squid, kita tidak akan merubah banyak konfigurasi tersebut, cukup rubah seperlunya saja, dalam file konfigurasi ini yang diawali dengan tanda “#” adalah comment atau keterangan saja dan diabaikan oleh squid.

* Cari konfigurasi untuk http_port

Pastikan nilainya 3128. Bisa dirubah ke nilai lain tapi untuk mempermudah biarkan saja 3128, pastikan barisnya sama dengan “http_port 3128”

# Squid normally listens to port 3128
http_port 3128

* Cari tag visible_hostname

# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc, define this.
# Otherwise, the return value of gethostname() will be used.
# If you have multiple caches in a cluster and get errors about IP-forwarding you must set them to have individual names with this setting.
#Default:
# none

tambahkan baris visible_hostname localhost dibawah #none, sehingga menjadi

# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc, define this.
# Otherwise, the return value of gethostname() will be used.
# If you have multiple caches in a cluster and get errors about IP-forwarding you must set them to have individual names with this setting.
#Default:
# none
visible_hostname localhost

* Cari kata our_networks

#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

di edit, dan hilangkan tand “#” dan sesuaikan dengan alamat jaringanmu ditambah dengan localhost, sehingga menjadi

acl our_networks src 192.168.1.0/24
http_access allow localhost
http_access allow our_networks

* Cari section dns_nameservers

# TAG: dns_nameservers
# Use this if you want to specify a list of DNS name servers (IP addresses) to use instead of those given in your /etc/resolv.conf file.
# On Windows platforms, if no value is specified here or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#Default:
# none

Isi baris dibawahnya dengan nama DNS ISPmu, untuk pelanggan dial-up, cara mengetahui alamat DNS ISPmu adalah, dengan mengetikkan ipconfig /all pada command prompt, setelah nyambung ke internet, cari entry DNS, biasanya ada dua alamat. Misalnya DNS ISPmu 10.10.10.1 dan 10.10.10.2, maka isikan baris sebagai berikut

# TAG: dns_nameservers
# Use this if you want to specify a list of DNS name servers (IP addresses) to use instead of those given in your /etc/resolv.conf file.
# On Windows platforms, if no value is specified here or in the /etc/resolv.conf file, the list of DNS name servers are taken from the Windows registry, both static and dynamic DHCP configurations are supported.
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#Default:
# none
dns_nameservers 10.10.10.1 10.10.10.2

Simpan file squid.conf, buka command prompt (cmd).
Masuk ke direktori C:\squid\sbin, didalamnya ada file squid.exe, untuk pertama kali jalankan squid dengan option -z


\>squid -z

Command diatas berfungsi untuk inisialisasi cache squid

Output:
2007/04/23 18:31:13| Creating Swap Directories

\>squid -d 1 -D

option -d 1 digunakan untuk masuk ke debug level (untuk ngecek aja) dan option -D digunakan untuk membypass pengecekan DNS, berguna jika kamu belum nyambung ke internet..

Output :
2007/11/27 16:21:52| Starting Squid Cache version 2.6.STABLE16 for i686-pc-winnt

2007/11/27 16:21:52| Running on Windows Server 2003
2007/11/27 16:21:52| Process ID 3052
2007/11/27 16:21:52| With 2048 file descriptors available
2007/11/27 16:21:52| With 512 CRT stdio descriptors available
2007/11/27 16:21:52| Windows sockets initialized
2007/11/27 16:21:52| Using select for the IO loop
2007/11/27 16:21:52| DNS Socket created at 0.0.0.0, port 2849, FD 4
2007/11/27 16:21:52| Adding nameserver 10.126.13.2 from squid.conf
2007/11/27 16:21:52| Adding nameserver 10.126.13.3 from squid.conf
2007/11/27 16:21:52| User-Agent logging is disabled.
2007/11/27 16:21:52| Referer logging is disabled.
2007/11/27 16:21:52| Unlinkd pipe opened on FD 7
2007/11/27 16:21:52| Swap maxSize 102400 KB, estimated 7876 objects
2007/11/27 16:21:52| Target number of buckets: 393
2007/11/27 16:21:52| Using 8192 Store buckets
2007/11/27 16:21:52| Max Mem size: 8192 KB
2007/11/27 16:21:52| Max Swap size: 102400 KB
2007/11/27 16:21:52| Local cache digest enabled; rebuild/rewrite every 3600/3600
sec
2007/11/27 16:21:52| Rebuilding storage in c:/squid/var/cache (DIRTY)
2007/11/27 16:21:52| Using Least Load store dir selection
2007/11/27 16:21:52| Set Current Directory to c:/squid/var/cache
2007/11/27 16:21:52| Loaded Icons.
2007/11/27 16:21:52| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD
13.
2007/11/27 16:21:52| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
2007/11/27 16:21:52| Accepting HTCP messages on port 4827, FD 15.
2007/11/27 16:21:52| Accepting SNMP messages on port 3401, FD 16.
2007/11/27 16:21:52| Ready to serve requests.
2007/11/27 16:21:52| Done reading c:/squid/var/cache swaplog (0 entries)
2007/11/27 16:21:52| Finished rebuilding storage from disk.
2007/11/27 16:21:52| 0 Entries scanned
2007/11/27 16:21:52| 0 Invalid entries.
2007/11/27 16:21:52| 0 With invalid flags.
2007/11/27 16:21:52| 0 Objects loaded.
2007/11/27 16:21:52| 0 Objects expired.
2007/11/27 16:21:52| 0 Objects cancelled.
2007/11/27 16:21:52| 0 Duplicate URLs purged.
2007/11/27 16:21:52| 0 Swapfile clashes avoided.
2007/11/27 16:21:52| Took 0.1 seconds ( 0.0 objects/sec).
2007/11/27 16:21:52| Beginning Validation Procedure
2007/11/27 16:21:52| Completed Validation Procedure
2007/11/27 16:21:52| Validated 0 Entries
2007/11/27 16:21:52| store_swap_size = 0k
2007/11/27 16:21:53| storeLateRelease: released 0 objects

setelah squid dieksekusi, kita tinggal masukkan squid ke service windows dengan cara :

\>squid -i

Output :
Registry stored HKLM\SOFTWARE\GNU\Squid\2.6\Squid\ConfigFile value C:/squid/etc/ squid.conf
Squid Cache version 2.6.STABLE12 for i686-pc-winnt
installed successfully as Squid Windows System Service.
To run, start it from the Services Applet of Control Panel.
Don’t forget to edit squid.conf before starting it.

Lanjutkan dengan mengetikkan

\>squid -O -D

Command diatas untuk memasukkan parameter -D ketika service dijalankan

Output :
Registry stored HKLM\SOFTWARE\GNU\Squid\2.6\Squid\CommandLine value -D

Start service pertama kali, masuk ke control panel –> administrative tools –> services, cari service dengan nama squid, klik kanan trus START..
Konfigurasi di client tinggal masukkan aja alamat proxynya (alamat dimana squid diinstall) dan portnya 3128..

Untuk informasi lebih lanjut atau konfigurasi yang lebih lengkap silahkan buka alamat http://www.squid-cache.org

April 24, 2008 Ditulis oleh andri prayogo | PIKIRAN | | Tidak ada Komentar

TOPOLOGI Load balancing multi hoaming

Topologi

Menggunakan 3 etrernet card

ether1 ==> wireless
ether2 ==> speedy
ethet3 ==> Lan

mikrotik command:
/ip address add address 202.152.74.1/32 interface ether1
/ip address add address 192.168.1.2/32 interface ether2
/ip address add address 192.168.10.1/24 interface ether3

Membagi Ip menjadi 2 Group

add chain=prerouting action=mark-connection src-address 192.168.10.0/25 new-routing-mark= Group-A
add chain=prerouting action=mark-connection src-address 192.168.10.128/25 new-routing-mark=Group-B

Default gw masing-masing Group

Group-A=192.168.10.0/25 default gw 192.168.1.1

Group-B=192.168.10.128/25 default gw 202.152.74.128

mikrotik command:

/ip route add gateway=192.168.1.1 routing-mark=Group-A
/ip route add gateway=202.152.74.128 routing-mark=Group-B

Nat ip local

192.168.10.0/24 ==>masquerade

mikrotik command:
/ip firewall nat add chain=srcnat src-address 192.168.10.0/24 action=masquerade

Selamat mencoba dan Semoga sukses….

April 24, 2008 Ditulis oleh andri prayogo | PIKIRAN | | Tidak ada Komentar

load balancing & fail over di mikrotik

Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.
Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .

Yang akan dilakukan :

  1. Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
  2. Menjadikan salah satunya sebagai back-up dengan teknik fail-over.

OK, mari saja kita mulai eksperimennya :

  1. IP address untuk akses ke LAN :
    >     /ip address add address=192.168.0.1/28 interface=LAN
    IP address untuk akses ke jalur DSL :
    >     /ip address add address=10.32.57.253/29 interface=DSL
    IP address untuk akses ke jalur Wireless :
    >     /ip address add address=10.9.8.2/29 interface=WIRELESS
    Tentukan gateway dengan rasionya masing-masing :
    >     /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
  2. Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.
    >     /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM
    >     /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping
    >     /ip route add gateway=10.32.57.254
  3. Good Luck!!

PCQ

Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth yang ada secara merata untuk para pelahap-bandwidth™ saat jaringan pada posisi peak.

Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria, maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10 Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek e-mail & blog .

OK, langsung saja ke caranya :

  1. Asumsi : Network Address 192.168.169.0/28, interface yang mengarah ke pengguna diberi nama LAN, dan interface yang mengarah ke upstream provider diberi nama INTERNET;
  2. Ketikkan di console atau terminal :
    >     /ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
    >     /ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
    >     /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
    >     /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
    >     /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
    >     /queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM
  3. Good Luck!!

Memanipulasi ToS ICMP & DNS di MikroTik

Tujuan :

  • Memperkecil delay ping dari sisi klien ke arah Internet.
  • Mempercepat resolving hostname ke ip address.

Asumsi : Klien-klien berada pada subnet 10.10.10.0/28

  1. Memanipulasi Type of Service untuk ICMP Packet :
    >     ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
    >     ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
    >     ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
  2. Memanipulasi Type of Service untuk DNS Resolving :
    >     ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
    >     ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
    >     ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
    >     ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
  3. Menambahkan Queue Type :
    >     queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
  4. Mengalokasikan Bandwidth untuk ICMP Packet :
    >     queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
  5. Mengalokasikan Bandwidth untuk DNS Resolving :
    >     queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
  6. Good Luck!!

Queue Tree with more than two interfaces

Basic Setup

This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It’s for sharing internet connection among users on each interfacess. In manual this possibility isn’t writted.

First, let’s set the basic setting first. I’m using a machine with 3 or more network interfaces:

[admin@instaler] > in pr

# NAME TYPE RX-RATE TX-RATE MTU

0 R public ether 0 0 1500

1 R wifi1 wlan 0 0 1500

2 R wifi2 wlan 0 0 1500

3 R wifi3 wlan 0 0 1500

And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

0 10.20.1.0/24 10.20.1.0 10.20.1.255 public

1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1

2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2

3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3

On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.

We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don’t QoS local trafic emong users. But for user I need to separate upload and download.

[admin@instaler] ip firewall mangle> print

Flags: X - disabled, I - invalid, D - dynamic

disabled=no

0 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userU passthrough=yes comment=”” disabled=no

1 chain=forward dst-address=10.10.2.36 action=mark-connection

new-connection-mark=users-userD passthrough=yes comment=”” disabled=no

2 chain=forward connection-mark=users-userU action=mark-packet

new-packet-mark=userU passthrough=yes comment=”” disabled=no

3 chain=forward connection-mark=users-userD action=mark-packet

new-packet-mark=userD passthrough=yes comment=”” disabled=no

98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16

action=mark-connection new-connection-mark=users-lokal passthrough=yes

99 chain=forward connection-mark=users-lokal action=mark-packet

new-packet-mark=lokalTrafic passthrough=yes

Queue Tree Setup

And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent “global-out”, because we have two or more downloading interfaces. And for uplink, we are using parent “public”, we want QoS uplink traffic. (I’m using pcq-up and download from manual) This example is for 2Mb/1Mb

[admin@instaler] > queue tree pr

Flags: X - disabled, I - invalid

0 name=”Download” parent=global-out packet-mark=”” limit-at=0

queue=pcq-download priority=1 max-limit=2000000 burst-limit=0

burst-threshold=0 burst-time=0s

1 name=”Upload” parent=WGW packet-mark=”” limit-at=0 queue=pcq-upload

priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0

burst-time=0s

Now we add our user:

2 name=”user10D” parent=Download packet-mark=userD limit-at=0

queue=pcq-download priority=5 max-limit=0 burst-limit=0

burst-threshold=0 burst-time=0s

3 name=”user10U” parent=Upload packet-mark=userU limit-at=0

queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0

burst-time=0s

MAC Address + IP Address Linux

#!/bin/sh

iptables=/sbin/iptables

#definisikan default policy disini
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP #ingat nanti buka policy output yg perlu
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP

#definisi default policy dan bikin chain baru bernama maccheck di interface eth1
$iptables -t mangle -F
$iptables -t mangle -F maccheck
$iptables -t mangle -X maccheck
$iptables -t mangle -N maccheck
$iptables -t mangle -I PREROUTING -i eth1 -p all -j maccheck

#self explanatory… ip address + mac
$iptables -t mangle -A maccheck -s 192.168.0.1 -i eth1 -m mac -j RETURN
–mac-source
00:80:11:11:11:11
$iptables -t mangle -A maccheck -s 192.168.0.2 -i eth1 -m mac -j RETURN
–mac-source
00:80:22:22:22:22
$iptables -t mangle -A maccheck -s 192.168.0.3 -i eth1 -m mac -j RETURN
–mac-source
00:80:33:33:33:33

#selain yg terdaftar baik ip maupun mac akan di mark untuk nanti di drop, isi
dengan salah satu
mac yg aktif yg mana saja
#disini contohnya 00:80:11:11:11:11 yg sudah kita definisikan di atas
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -m mac -j MARK –mac-source !
00:80:11:11:11:11
–set-mark 1
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -p all -j MARK –set-mark 1

#drop packet yg di mark
$iptables -A INPUT -i eth1 -m mark –mark 1 -j DROP
$iptables -A OUTPUT -o eth1 -m mark –mark 1 -j DROP
$iptables -A FORWARD -i eth1 -m mark –mark 1 -j DROP

#lanjutkan firewall script anda disini

source = primadonal.com

April 24, 2008 Ditulis oleh andri prayogo | PIKIRAN | | Tidak ada Komentar