High Performance Cache HIT Proxy Lusca on Ubuntu Server + Configurasi Router MikroTik

7 Comments

Article, Linux, Lusca, MikroTik, Proxy, Tips & Trik, Tutorial

Video Install Ubuntu Server 10.04 and use Manual Partition 

1. Pakeg Install

root@proxy:~# apt-get update
root@proxy:~# apt-get install squid -y
root@proxy:~# apt-get install squid squidclient squid-cgi -y
root@proxy:~# apt-get install gcc -y
root@proxy:~# apt-get install build-essential -y
root@proxy:~# apt-get install sharutils -y
root@proxy:~# apt-get install ccze -y
root@proxy:~# apt-get install libzip-dev -y
root@proxy:~# apt-get install automake1.9 -y

2. Download File LUSCA_LUSCA.tar.gz 

root@proxy:~# wget https://proxy-ku.googlecode.com/files/LUSCA_FMI.tar.gz
root@proxy:~# tar xzvf LUSCA_FMI.tar.gz
root@proxy:~# cd LUSCA_FMI

3. Perintah Install Compile File LUSCA_FMI

./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-http-gzip --enable-async-io=24 --with-aufs-threads=24 --with-pthreads --enable-storeio=aufs --enable-linux-netfilter --enable-arp-acl --enable-epoll --enable-removal-policies=heap --with-aio --with-dl --enable-snmp --enable-delay-pools --enable-htcp --enable-cache-digests --disable-unlinkd --enable-large-cache-files --with-large-files --enable-err-languages=English --enable-default-err-language=English --with-maxfd=65536 && make && make install

4. Setelah Compile File LUSCA_FMI 

root@proxy:~# mkdir cache-1
root@proxy:~# mkdir cache-2

5.  lebel

root@proxy:~# chown proxy:proxy /cache-1
root@proxy:~# chown proxy:proxy /cache-2

6.  permision:

root@proxy:~# chmod 777 /cache-1
root@proxy:~# chmod 777 /cache-2

Download File >>--> squid.conf

root@proxy:~# chown proxy:proxy /etc/squid/squid.conf
root@proxy:~# chmod 777 /etc/squid/squid.conf 

8.  storeurl Download File >>-->  Store.pl

root@proxy:~# touch /etc/squid/storeurl.pl
root@proxy:~# chown proxy:proxy /etc/squid/storeurl.pl
root@proxy:~# chmod 777 /etc/squid/storeurl.pl

9. Buka storeurl.pl dengan winscp dan isikan dengan Script storeurl.pl yang telah anda download

Kemudian pada menu Terminal pada software putty ketik " /etc/init.d/squid stop "
Masih pada menu Terminal pada software , copy-paste perintah di bawah satu-persatu

root@proxy:~# /etc/init.d/squid restart

10. Restart Komputer Kamu
Monitoring Squid access.log :

root@proxy:~# tail -f /var/log/squid/access.log | ccze

DEMO HIT PROXY LUSCA

=========================

PAKET INSTALL TAMBAHAN

=========================

Kalau sudah selesai anda setting mikrotiknya seperti dibawah ini :
Masukkan ini di mangle :

;;; Intl-conn

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no
/ip firewall mangle add chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no

;;; PROXY-HIT

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=proxy-hit passthrough=no dscp=12

;;; http-conn

/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=http-conn passthrough=yes protocol=tcp dst-port=80
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=http passthrough=yes connection-mark=http-conn

;;; https-conn

/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=https-conn passthrough=yes connection-state=new protocol=tcp dst-port=443
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=https passthrough=no connection-mark=https-conn

;;; CHANGE MMS

/ip firewall mangle add chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp in-interface=public tcp-mss=1441-65535

IP FIREWALL ADDRESS-LIST :
;;; LocalNet

LocalNet     192.168.2.0/24     — IP local sesuaikan dengan IP lokal anda

;;; PROXY

ProxyNet     192.168.2.0/24 -- IP network Proxy
DNS             202.134.1.10     -- sesuaikan DNS ISP anda
DNS             202.134.0.155     -- sesuaikan DNS ISP anda
GAMES           63.241.101.0/25
GAMES           74.114.8.0/21

IP FIREWALL NAT :
;;; Nat Proxy

/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.2.20 to-ports=3128 protocol=tcp src-address=!192.168.2.20 src-address-list=LocalNet dst-address-list=!ProxyNet dst-port=80,8080,3128
connection-mark=http-conn

;;; Added by webbox

/ip firewall add chain=srcnat action=masquerade out-interface=ether1-gateway

;;; Proxy Out

/ip firewall add chain=srcnat action=src-nat to-addresses=IP INTERNET ANDA/IP PUBLIC misalnya 192.168.1.2 src-address=IP LOKAL ANDA misalnya 192.168.2.1
/ip firewall add chain=dstnat action=dst-nat to-ports=53 protocol=udp dst-port=53

;;; SSH

/ip firewall add chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=22 protocol=tcp dst-address=IP INTERNET ANDA/IP PUBLIC dst-port=22,10000

;;; queue tree

/queue tree add name="A_HIT-Proxy" parent=lan packet-mark=proxy-hit limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 \
burst-threshold=0 burst-time=0s