Nginstall Squid di FreeBSD

hatSebelumnya thanks for bang Jaya Lifesource Padang. Akhirnya berhasil juga nginstall squid di FreeBsd, ini tutorialnya yang kuikuti dan sukses dijalankan :

1. Install freebsd dgn menyesuaikan kapasitas hardisk misal jika hardisk 40GB
– swap 512MB
– root dan mail 10 GB
– cache 26GB

2. set IP address
– lihat hardware ethernetcard dgn mengetikkan dmesg ( kelihatan hardware vx0)
– /sbin/ifconfig vx0 192.168.2.14 netmask 255.255.255.0

3. Aktifkan layanan ftp untuk upload squid
– ee /etc/inetd.conf dan buka layanan FTP
– kill -HUP 124 (nomer PID)
– ps -ax | grep inetd

4. Installasi squid
– aktifkan partisi cache agar cache di squid mengarah ke partisi cache dgn mengetikkan chown squid:squid cache

# cd /path/to/tarball
# tar zxvf squid-2.5.STABLE-src.tar.gz
# cd squid-2.5.STABLE
# ./configure –enable-delay-pools –enable-ipf-transparent \
–enable-storeio=diskd,ufs –enable-storeio=diskd,ufs \
–disable-ident-lookups –enable-snmp –enable-removal-policies
# make all
# make install

– masuk ke /usr/local/squid/etc/
– delete squid.conf lama dan buat baru dgn “touch squid.conf”
– masukkan script squid sbb:

http_port 192.168.2.14:8080
icp_port 3130
icp_query_timeout 0

maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? js

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB

ipcache_size 1024
ipcache_low 90
ipcache_high 95

cache_replacement_policy lru
memory_replacement_policy lru

# sesuaikan tempat cache di partisi atau di dalam direktory squid
cache_dir diskd /cache 26000 16 256 Q1=72 Q2=64
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none

emulate_httpd_log off
log_ip_on_direct on
ftp_user denny_charter@yahoo.com
wais_relay_port 0

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95

negative_ttl 5 minute
positive_dns_ttl 6 hour
negative_dns_ttl 5 minute
range_offset_limit 0 KB

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl fti src 192.168.2.0/28
acl SSL_ports port 443 563
acl irc_ports port 6667
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

http_access allow manager localhost
http_access allow fti
http_access allow IIX
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CONNECT !irc_ports
http_access deny all

icp_access allow all
connect_timeout 2 minute
peer_connect_timeout 30 seconds
read_timeout 15 minute
request_timeout 30 second
client_lifetime 5 day
pconn_timeout 120 second
shutdown_lifetime 30 second

cache_mgr denny_charter@yahoo.com
cache_effective_user squid
cache_effective_group squid

visible_hostname proxy.sai.co.id
logfile_rotate 10
forwarded_for on
log_icp_queries off
icp_hit_stale off

minimum_direct_hops 4
minimum_direct_rtt 400

store_avg_object_size 13 KB
store_objects_per_bucket 20

client_db off
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp on
test_reachability on
nonhierarchical_direct off
prefer_direct on
ignore_unknown_nameservers on
high_memory_warning 0
store_dir_select_algorithm round-robin
ie_refresh on

acl porno url_regex “/usr/local/squid/etc/porno.txt”
acl noporno url_regex “/usr/local/squid/etc/noporno.txt”
http_access deny porno
http_access allow noporno
http_access deny all

acl magic_words1 url_regex -i 192.168
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav

delay_pools 2
delay_class 1 2
delay_parameters 1 5000/256000 5000/256000
delay_access 1 allow magic_words2
delay_access 1 allow fti

delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 2 allow magic_words1

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

– sesuai script diatas buat file porno.txt dan noporno.txt pada direktory ” /usr/local/squid/etc/ ” dan diisi dalamnya sbb:
untuk file porno.txt
17tahun.com
sex
sexs
playboy.com
sleazydream.com
penthouse.com

untuk file noporno.txt
yahoo.com
google.co.id
detik.com
astaga.com
seks
sek

– setelah dibuat file porno maka rubah kepemilikannya menjadi cowhn squid:squid porno.txt dan cowhn squid:squid noporno.txt
# mkdir /usr/local/squid/cache
# chown nobody:nogroup cache
# /usr/local/squid/bin/squid -k parse
# /usr/local/squid/bin/squid -z

# jalankan squid untuk testing error messages
/usr/local/squid/sbin/squid -D

5. masukkan di kernel ( /usr/src/sys/i386/conf) informasi dibawah dan setelah itu compile ( make;make install:make depend;reboot)

# untuk tranparant proxy, nad dm squid
# for NATD
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT

# Transparent Proxy
options IPFIREWALL_VERBOSE #print information about

#dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity

#For diskD
options SYSVMSG
options MSGMNB=8192 # max # of bytes in a queue
options MSGMNI=40 # number of message queue identifiers
options MSGSEG=512 # number of message segments per queue
options MSGSSZ=64 # size of a message segment
options MSGTQL=2048 # max messages in system

options SYSVSHM
options SHMSEG=16 # max shared mem id’s per process
options SHMMNI=32 # max shared mem id’s per system
options SHMMAX=2097152 # max shared memory segment size (bytes)
options SHMALL=4096 # max amount of shared memory (pages

6. agar memblok port dan mengaktifkan script otomatis bisa di masukkan di rc.local sbb”
#Natd
/sbin/natd -n vx0
/sbin/ipfw add divert natd all from any to any via vx0

#Blok Port Trojan
/sbin/ipfw add deny tcp from any to any 135
/sbin/ipfw add deny tcp from any to any 136
/sbin/ipfw add deny tcp from any to any 137
/sbin/ipfw add deny tcp from any to any 138
/sbin/ipfw add deny tcp from any to any 139
/sbin/ipfw add deny tcp from any to any 5000
/sbin/ipfw add deny tcp from any to any 8000
/sbin/ipfw add deny tcp from any to any 6667
/sbin/ipfw add deny tcp from any to any 5050
/sbin/ipfw add deny tcp from any to any 8363
/sbin/ipfw add deny tcp from any to any 135-139
/sbin/ipfw add deny tcp from any to any 10000-65535

#Transparent Proxy
/sbin/ipfw add 350 fwd 192.168.2.14,8080 tcp from 192.168.2.0/28 to any www
#Running snmp
/usr/local/snmp/sbin/snmpd
#Running Squid
/usr/local/squid/sbin/squid -D

7. hasil dari file rc.conf
# — sysinstall generated deltas — # Sat Aug 13 22:03:28 2005
# Created: Sat Aug 13 22:03:28 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.

kern_securelevel_enable=”NO”
nfs_reserved_port_only=”YES”
sendmail_enable=”NO”
sshd_enable=”YES”
usbd_enable=”YES”
fsck_y_enable=”YES”
gateway_enable=”YES”
natd_enable=”YES”
natd_program=”/sbin/natd”
natd_interface=”vx0″
firewall_enable=”YES”

# — sysinstall generated deltas — # Sat mar 29 22:07:09 2008 #ifconfig_vx0=”inet 192.168.2.14 netmask 255.255.255.0″
ifconfig_faith0=”inet 202.87.250.196 netmask 255.255.255.0″
hostname=”sai.n3.net”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s