Install proxy server dengan squid

Assalamu’alaikum Wr Wb,

InsyaAlloh kali ini kita akan membahas bagaimana install proxy server dengan squid sebagai softwarenya. OS yang penulis pakai adalah FreeBSD 7.0 Release. Let’s go kita mulai…

1. Download software squidnya

latihan# ftp ftp.squid-cache.org

ftp> get squid-2.7.STABLE4.tar.gz
local: squid-2.7.STABLE4.tar.gz remote: squid-2.7.STABLE4.tar.gz
229 Entering Extended Passive Mode (|||58823|)
150 Opening BINARY mode data connection for ‘squid-2.7.STABLE4.tar.gz’ (1783318 bytes).
100% |**********************************************************************************|  1741 KB   40.91 KB/s    00:00 ETA
226 Transfer complete.
1783318 bytes received in 00:42 (40.91 KB/s)

2. Extract file squidnya

latihan# tar -xzvf squid-2.7.STABLE4.tar.gz

3. configure squidnya

Untuk command-command ./configurenya dapat di ketik dengan perintah ./configure –help

latihan# cd squid-2.7.STABLE4
latihan# ./configure –disable-ident-lookups –enable-large-cache-files –enable-ipf-transparent –enable-removal-policies=lru,heap –enable-storeio=coss,aufs,ufs –enable-delay-pools
4. Install squidnya

latihan# make && make install

5. Buat cache directory

latihan# cd /usr/local/squid/
latihan# mkdir cache1
latihan# mkdir cache2
latihan# mkdir cache3

6. chmod directory cache dan juga lognya

latihan# chown -R nobody:nogroup cache1
latihan# chown -R nobody:nogroup cache2
latihan# chown -R nobody:nogroup cache3
latihan# chown -R nobody:nogroup var/
7. Edit file squid.conf

latihan# cd /usr/local/squid/etc/
latihan# ee squid.conf

Note : Contoh isi squid.conf yang sederhana berikut

http_port 8181 transparent
icp_port 3130

#hierarchy_stoplist cgi-bin ?
allow_underscore on

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 84 MB
cache_swap_low 70
cache_swap_high 75

cache_dir ufs  /usr/local/squid/cache1 1000 16 128
cache_dir ufs  /usr/local/squid/cache2 1000 16 128
cache_dir ufs  /usr/local/squid/cache3 1000 16 128

cache_access_log /dev/null
cache_log /dev/null
cache_store_log none
#cache_swap_log /usr/local/squid/logs/swap.log

pid_filename /usr/local/squid/var/logs/squid.pid
#dns_children 50
#cache_dns_program /usr/local/squid/libexec/dnsserver
#redirect_children 16

refresh_pattern .               0       20%     4320
positive_dns_ttl 24 hours
memory_pools_limit 64 MB
ie_refresh on
maximum_object_size_in_memory 100 KB
quick_abort_min 0 KB
quick_abort_max 0 KB
request_header_max_size 10 KB
request_body_max_size 4096 KB
ipcache_size 8000
client_db off
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
client_persistent_connections on
server_persistent_connections on
forwarded_for off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl coba src 10.10.10.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 81          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl sendmail port 25

header_access Via deny all
header_access Proxy-Connection deny all
header_access X-Forwarded-For deny all

http_access allow manager localhost
http_access deny manager
http_access deny sendmail
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow coba
http_access deny all
icp_access allow coba
icp_access deny all
always_direct allow coba
visible_hostname proxy-coba.mbuh.net
cache_mgr aku@mbuh.net
cache_effective_user nobody
cache_effective_group nogroup

8. Buat swap directory

latihan# /usr/local/squid/sbin/squid -z

2008/08/28 00:28:16| Creating Swap Directories
9. Jalankan proxy/squidnya

latihan# /usr/local/squid/sbin/squid -sYD

10. Finish dan bisa di coba… !!
Wassalamu’alaikum dan semoga bermanfaat

5 Comments

  1. bozz setting ip nya gmana,..?? kalo squid nya uda jalan,..??? nubie neh,..

    • ip untuk freebsdnya apa ip u/ clientnya yah ?
      kalau setting ip freebsdnya sech di /etc/rc.conf
      #ee /etc/rc.conf
      scriptnya
      ifconfig_interface=”inet x.x.x.x netmask y.y.y.y”
      contoh
      ifconfig_rl0=”inet 10.10.10.1 netmask 255.255.255.0″

  2. maksudnya ip di servernya,.. dari settingan di atas itu ip untuk eth0 nya berapa trus eth1 nya berapa,. gw untuk setting squid uda jalan tp bingung kasih ip servernya (bukan cara setting ip) di di client settingan ip nya gimana (berapa ip addrsnya trus gateway nya,..)

    • Kalau ada 2 eth, mungkin yg dimaksud eth0 adalah fix IP misalnya dan eth1 adalah local ip???
      Kalau gt, maka eth0 diisikan ip ISPnya dan eth1 di isi ip servernya ( local ), misal 192.168.1.1
      maka di client entar gwnya arahkan ke 192.168.1.1
      kalau memang spt itu berarti PC tersebut berfungsi sebagai Router ( NAT ), sebagai proxy server juga ( transparent ).

      • mmm,.. kalo yg di atas ntu,.. hanya sebagai proxy transparent doank ya,..?? bisa kasih contoh kasus gak,..?? gini deh,. kasus saya ntu

        ip dari mikrotik 192.168.88.0/24 gw ke mikrotik 192.168.88.1
        nah saya pengen pasang proxy, dengan asumsi
        ip di proxy server ( eth0=192.168.88.100) n (eth1=(192.168.1.10)
        nti klientnya pake ip 192.168.1.0/24 nah ntu bagaimana,.?? sorry neh kalo nanya terus,.. masih belajar bnyk ehehe,..


Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s