Proxy dengan squid3 Debian

Posted by TRI SULIS WANTO December 24, 2009

Fungsi:
1. Menyimpan cache tampilan halaman web
2. Mengatur bandwidth internet ke client
3. Mengontrol aktivitas client (misalnya hak akses situs tertentu, melihat situs-situs yang dikunjungi client).

Bahan Membuat proxy:
1. Komputer minimal 2 lan card.
2. puter client
3. Sambungan internet

Langkah-langkah membuat proxy:
1.Setting ip server

#vim /etc/network/interfaces
iface eth1 inet static
address 192.168.2.111
netmask 255.255.255.128
network 192.168.2.0
broadcast 192.168.2.127
gateway 192.168.2.1
# dns­* options are implemented by the resolvconf package, if installed
dns­nameservers 202.134.0.155
dns­search smkn1­tuban.sch.id

Simpan esc:wq
Restart Debian:~# /etc/init.d/networking restart -­>merestrat lan card



2. Instalasi squid3
Sebelum melakukan instalasi pastikan sources list anda sudah benar, di sini saya menggunakan mirror sekolah saya, caranya;

debian:~#vim /etc/apt/sources.list
tambahkan

deb ftp://118.98.171.229/debian etch main contrib non-free
setelah itu simpan esc:wq

debian:~# apt-­get install squid3

Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
squid3­common
Suggested packages:
squid3­client squid3­cgi resolvconf smbclient
The following NEW packages will be installed:
squid3 squid3­common
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 985kB of archives.
After unpacking 6312kB of additional disk space will be used. Do you want to continue [Y/n]? Y
WARNING: The following packages cannot be authenticated!
squid3­common squid3
Install these packages without verification [y/N]? Y
Get:1 ftp://118.98.171.229 etch/main squid3­common 3.0.PRE5­5 [246kB] Get:2 ftp://118.98.171.229 etch/main squid3 3.0.PRE5­5 [739kB]

Fetched 985kB in 0s (7922kB/s)
Selecting previously deselected package squid3­common.
(Reading database ... 65462 files and directories currently installed.) Unpacking squid3­common (from .../squid3­common_3.0.PRE5­5_all.deb) ... Selecting previously deselected package squid3.
Unpacking squid3 (from .../squid3_3.0.PRE5­5_i386.deb) ... Setting up squid3­common (3.0.PRE5­5) ...
Setting up squid3 (3.0.PRE5­5) ...
Creating Squid HTTP proxy 3.0 spool directory structure
2009/11/26 05:33:15| Creating Swap Directories
2009/11/26 05:33:15| /var/spool/squid3 exists
2009/11/26 05:33:15| Making directories in /var/spool/squid3/00
2009/11/26 05:33:15| Making directories in /var/spool/squid3/01
2009/11/26 05:33:16| Making directories in /var/spool/squid3/02
2009/11/26 05:33:16| Making directories in /var/spool/squid3/03
2009/11/26 05:33:16| Making directories in /var/spool/squid3/04
2009/11/26 05:33:16| Making directories in /var/spool/squid3/05
2009/11/26 05:33:16| Making directories in /var/spool/squid3/06
2009/11/26 05:33:16| Making directories in /var/spool/squid3/07
2009/11/26 05:33:16| Making directories in /var/spool/squid3/08
2009/11/26 05:33:16| Making directories in /var/spool/squid3/09
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0A
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0B
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0C
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0D
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0E
2009/11/26 05:33:16| Making directories in /var/spool/squid3/0F Restarting Squid HTTP Proxy 3.0: squid3.


3. Konfigurasi Squid
Ada baiknya sebelum memulai konfigurasi stop terlebih dahulu squid
#/etc/init.d/squid3 stop
Setelah itu copy file konfigurasi squid, yah sebagai back up aja kalau terjadi kesalahan
#cp /etc/squid3/squid.conf /etc/squid3/squid.conf_ASLI
Baru dech lakukan konfigurasi
#vim /etc/squid3/squid.conf
cari dan tambahkan : ( hilangkan tanda # )

http_port 3128 transparent -> port default proxy
cache_mem 16 mb
cache_dir ufs /var/spool/squid 500 16 256
cache_mgr admin@tristan.com
visible_hostname proxy.tkj.com -> nama visible hostname kamu
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

> Kemudian cari tulisan : acl CONNECT method CONNECT, dan tambahkan

acl situs url_regex -i “/etc/situsterlarang.txt” -> u/ blokir setiap situs
http_access deny situs
acl lan src 192.168.2.0/25
http_access allow lan
http_access allow all

> lalu save esc:wq

4. Lalu buat file untuk mengeblok situsnya :

# vim /etc/situsterlarang.txt

facebook
friendster
yahoo

> Dan save esc:wq

5. Membuat Partisi swap
debian:~# squid3 ­z

6. Kemudian aktifkan ip_forwading dan tabel routing dg perintah :

# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -s 192.168.2.0/25 -j MASQUERADE

7. Lalu kita REDIRECT port 80 ke port 3128 dg perintah :

# iptables -t nat -A PREROUTING -s 192.168.2.0/25 -p tcp --dport 80 -j REDIRECT --to-ports 3128
# iptables-save



8. Menjalankan squid
debian:~# /etc/init.d/squid3 restart
Restarting Squid HTTP Proxy 3.0: squid3 Waiting.....................done.
.

9. Menguji Proxy

a. Client



Buka web browser client anda missal Mozilla firefox, pilih tools>options>advanced>network>settings>pilih manual proxy configuration>
Di bagian http proxy isikan Ip address Proxy server anda di sini saya menggunakan 192.168.2.111 kemudian pada bagian port isikan 3128
Dan jangan lupa untuk mencentang “use this proxy server for all protocols”

Silahkan cek situs yang telah diblokir tadi……

b. Server proxy
untuk menngecek server proxy anda
debian:/etc/squid3# tail ­-f /var/log/squid3/access.log


Catatan :
Untuk menyetting/menambahkan setting waktu, ketikkan:
acl waktu time MTWHFA 01:00-12:00
acl jam time MTWHFA 12:30-24:00
http_access deny waktu
http_access deny jam


4 comments

  1. nunnutjoe Says:
  2. wahhh222 ganti baju ne..... aga berat bro....

     
  3. tri sulis Says:
  4. This comment has been removed by a blog administrator.  
  5. ach Says:
  6. http_access allow all itu bikin proxymu openproxy (BAHAYA)

     
  7. newbie Says:
  8. gan, gimana caranya setting proxy transparent dalam arti (enngak usah pake tambahin secara manual, ip dan port di mozila frfox) .. tolong pencerahannya gan ?

     

Post a Comment

Followers

Recent Post

Recent Comment