Mikrotik Ft Ubuntu Lusca Proxy (Command)

Selamat pagi menjelang siang kawan, untuk kali ini gue mau bagi sedikit tutorial tentang Mikrotik bersama dengan Eksternal proxy (Ubuntu disni yang saya gunakan) yuk langsung saja command2nya ada dibawah ini.

== SETTINGAN MIKROTIK ==

# Set Nama Interface
interfaces set name=WAN number=0
interfaces set name=Proxy number=1
interfaces set name=LAN number=2

# Set IP Address
ip address add address=22.22.22.2/24 interface=WAN
ip address add address=33.33.33.1/24 interface=Proxy
ip address add address=192.168.1.1/24 interface=LAN

# Set Route
ip route add gateway=22.22.22.1

# Set DNS
ip dns set servers=8.8.8.8,8.8.4.4

# Set Firewall
ip firewall nat add chain=srcnat action=masquerade out-interface=WAN
ip firewall nat add chain=srcnat action=masquerade out-interface=Proxy
ip firewall address-list add address=33.33.33.0/24 list=ip-proxy
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=33.33.33.2 to-ports=8080

# Create DHCP-Server
ip dhcp-server setup

———————————————————
Select interface to run DHCP server on

dhcp server interface: LAN
Select network for DHCP addresses

dhcp address space: 192.168.1.0/24
Select gateway for given network

gateway for dhcp network: 192.168.1.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.1.2-192.168.1.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d

SETTINGAN UBUNTU.

# nano /etc/network/interfaces
———————————-
auto eth0
iface eth0 inet static
address 33.33.33.2
network 33.33.33.0
netmask 255.255.255.0
broadcast 33.33.33.255
gateway 33.33.33.1
dns-nameservers 10.100.30.254

———————————-

# apt-get update && apt-get upgrade
(Upgrade Repo and System jika tersedia)

# apt-get install squid squidclient squid-cgi gcc build-essential sharutils ccze libzip-dev automake1.9 acpid
(install dependecy lusca squid)

# wget https://lusca-cache.googlecode.com/files/LUSCA_HEAD-r14809.tar.gz
(download paket lusca)

# tar -zxvf LUSCA_HEAD-r14809.tar.gz
(extract file)

# cd LUSCA_HEAD-r14809/
(masuk ke direktori hasil ekstrak)

# ./configure -prefix=/usr/local/squid -exec-prefix=/usr/local/squid -enable-delay-pools -enable-cache-digests -enable-poll -enable-linux-netfilter -enable-removal-policies -with-maxfd=65535 -enable-storeio=aufs -disable-wccp -enable-x-accelerator-vary -enable-kill-parent-hack -enable-async-io=30 -disable-ident-lookups
(compile paket)

# make all && make install
(install hasil compile)

# /usr/local/squid/sbin/squid -v
(melihat versi squid lusca)

# cd /usr/local/squid/etc
(masuk ke direktori hasil install)

# rm -rf squid.conf && touch squid.conf && nano squid.conf
(hapus file squid.conf dan input config yang baru) – Untuk file squid copy dari sini – http://smkkartikatama.sch.id/squid.conf

# touch storeurl.pl && nano storeurl.pl
(membuat cache writing) – Untuk file storeurl.pl copy dari sini – http://smkkartikatama.sch.id/storeurl.pl

# chown proxy:proxy squid.conf && chmod 777 squid.conf && chown proxy:proxy storeurl.pl && chmod a+x storeurl.pl
(mengganti owner file dan hak askses file)

# mkdir /cache && chown proxy:proxy /cache && chmod 777 /cache
(membuat folder /cache dan mengubah owner direktori)

# mkdir /var/log/squid && chown proxy:proxy /var/log/squid && chmod 777 /var/log/squid
(membuat direktori /var/log/squid dan mengubah hak akses)

# cd /var/log/squid && touch access.log cache.log store.log && chmod 777 access.log cache.log store.log && chown proxy:proxy access.log cache.log store.log
(masuk ke direktori /var/log/squid dan membuat file baru dan merubah owner file)

# /usr/local/squid/sbin/squid -z
(membuat cache swap)

# /usr/local/squid/sbin/squid -NDd1 &
(menjalankan lusca squid)

# tail -f /var/log/squid/access.log | ccze
(melihat traffic hit dan miss pada lusca)

# iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 22.22.22.0/24 -d 0/0 --dport 80 --to-ports 8080
(iptables untuk setiap source dari network 22.22.22.0/24 yang menjalankan port 80 di redirect ke port 8080 )

# iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 33.33.33.2 -m state --state NEW,ESTABLISHED -j ACCEPT
(iptables untuk seluruh ip yang yang masuk ke ip proxy di ijinkan)

# iptables -A OUTPUT -p tcp -s 33.33.33.2 --sport 8080 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
(iptables untuk setiap paket yang keluar dari proxy dikeluarkan melalui port 8080 )

Dan Selesai Enjoy šŸ™‚

terima kasih untuk sumber:
http://www.brianrahimsyah.com
http://www.fazar.net

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s