FBB TIPS SQUID

Banyak faktor yg membuat Squid ‘overloaded’ shg saat diakses malah membuat lebih pelan:
1. Cache di hardisk terlalu besar shg pemakaian memori terlalu besar (dan mungkin sudah mulai swap ke hardisk, silahkan dilihat via top dg rumus swap yg baik 25%an dari memori fisik, jika lebih biasanya akan pelan). Ingat per 1 GB cache di hardisk akan memakai 10MB memori lho, belum yg lain2.
2. Hardisk terlalu pelan (krn cache terlalu besar itu tadi), shg saat mencari object lama menemukannya. Berapa besar cache anda di hardisk?, saya menduga mesti lebih dari 10an GB ya??
3. Browser/klien yg berusaha memanfaatkan Squid terlalu banyak shg antrian yg berebut utk minta layanan Squid terlalu panjang walaupun toh akhirnya akan mengakses situs yg belum pernah dikunjungi sebelumnya (yg kalau Squid-nya pintar bisa membedakan saat akan diantrikan, mestinya?). Silahkan dilihat stats via cachemgr.cgi, saya ada kecurigaan di i/o queue-nya sudah terlalu panjang.
4. Mesin server terlalu banyak melayani user atau utk layanan yg lain. Dari pengalaman, mesin dg 256MB dan beberapa layanan, mail server agent, web server dan Squid dg cache di hardisk 6GB plus sekitar 10 PC klien saja sudah lumayan mepet kinerjanya kok. Perlu diingat Squid butuh memori yg besar tidak prosesor yg cepat plus hardisk yg super cepat. Ini belum ditambahi layanan yg lain-lain lho. Intinya idealnya utk Squid mesin server seharusnya terdedikasi (layanannya hanya Squid). 
Saran utk mencoba mengidentifikasi kelambatan Squid krn defisiensi memori.
1. Pinjam kenalan anda memori tambahan, minimal 256MB dan dicobakan di mesin anda. Jika ternyata tambah cepat berarti ya ‘obat’nya ini yg berarti sudah saatnya meng’upgrade’ mesin anda, he he he …
2. Squid saat di-reconfigure (squid -k reconfigure) mjd lebih cepat kembali.
3. Terjadi perbedaan kecepatan akses saat jumlah browser yg terbuka berbeda, tetapi ini bisa juga disebabkan pipa yg anda langgani (bandwidth) sudah diambang batas kelayakan.
Saran utk mencoba mengidenfikasi kelambatan Squid krn kinerja hardisk yg kurang baik.
1. LED indikator hardisk ‘nyaris’ tak henti-hentinya hidup (bukan nyaris tak terdengar ya?), krn selalu terjadi proses i/o ke sana. Inilah yg membedakan hardisk dg cache h/w yg kecil dan besar (dan yg membedakan harganya juga, he he he). Carilah hardisk yg berkinerja agak hebat (cache 4MB, seektime 8ms, rpm 10k, idealnya) dan jangan terlalu besar ukurannya (jadi kecil-kecil tapi banyak). Tapi itu tadi, sulit sekarang mencari hardisk ukuran kecil di pasaran (kalau tidak salah utk SCSI UW2-160-an, 9.1GBan masih ada).
2. Coba ditambahkan (atau dipinjamkan) hardisk 1 lagi dan direktori cache anda dibagi ke hardisk yg baru ini dg L1 direktorinya dibagi 2 juga (dg ukuran separuhnya juga). Jadi misalnya awal /cache 12000 28 256 dibagi mjd 2, /cache1 6000 14 256 dan /cache2 6000 14 256. Begitu dan jangan lupa jangan pernah memakai semuanya spt ukuran partisinya (ingat idealnya antara 70%an kapasitas partisi maksimalnya), supaya saat akan menulisi hardisk, tempat kosongnya lebih mudah ditemukan (kalau sudah terlalu penuh akan sulit dan lama menemukan dan boleh jadi terfragmentasi tempatnya).
Saran terpenting:
Squid agresif itu utk kondisi di Indonesia menurut saya sangat cocok (mungkin utk negara maju malah diprotes ya, krn bw sudah sangat murah dan hr tenaga teknisnya utk ngoprek terlalu mahal). Tetapi yg perlu diingat adalah semuanya itu ada batasnya ibarat sepeda motor itu kalau di’gas’ penuh mendadak terkadang malah mati mesinnya, iya kan? (wah sepeda motor saja saya tidak punya lho, he he …) Jadi agresif yg agresif tapi jangan terlalu ambisius dan harus optimal sesuai kemampuan baik mesin maupun bw yg dilanggani.
Server jangan dijadikan workstation utk nge-’game’, ha ha ha …. hanya guyon lho …. 
Begitu saja dan semoga bermanfaat sekalian kalau bisa laporan kemajuannya biar teman-teman yg lain tahu apakah ‘obat’nya manjur tidak. Siapa tahu saya sedang bermimpi saat mengetik ini?? ha ha ha ….
Selamat kutak-katik, ini yg baru dinamakan asyik dan ‘memabukkan’ iya kan??
sumber : http://forum.linux.or.id/viewtopic.php?f=16&t=271&start=60

FBB Step by step setup video cache di ubuntu

Sebelumnya di Ubuntu server kita harus sudah terinstall LAMP Server dan Proxy Server. Kemudian kita download source code dari Youtube Cache di http://cachevideos.com/download
wget http://cachevideos.com/sites/default/files/pub/youtube_cache/youtube_cac…
Jangan lupa mengecek dependensi atau ketergantungan dari software yang antara lain;
1. Squid >= versi 2.6 keatas
2. Python >= versi 2.4 keatas
3. Python-urlgrabber (modul urlgrabber untuk python)
4. Python-iniparse (modul iniparse untuk python, bisa didownload di http://code.google.com/p/iniparse/)
5. Web Server (Apache2 atau Lighttpd)
Sebelum menginstall Youtube Cache kita harus mengeset python-iniparse dahulu, setelah kita download dan ekstrak, kemudian ketikkan;
# python setup.py install
dan setelah instalasi python-iniparse selesai, barulah kita mengekstrak Youtube-Cache. Setelah diekstrak, masuklah ke direktori hasil ekstraksi dan buka file setup.py dengan teks editor seperti vi atau nano;
#nano /home/dendy/youtube_cache-1.2/setup.py
kemudian cari baris dibawah dan edit sedemikian rupa;
squid_user = ‘proxy’
squid_group = ‘proxy’
buat folder dummy untuk apache ;
apache_conf_dir = ‘/etc/apache2/conf.d/’
simpan dan tutup, kemudian ketikkan perintah instalasi:
#python setup.py install
Setelah selesai, editlah file konfigurasi Squid
#nano /etc/squid/squid.conf
Salin baris dibawah berikut ini, dan tambahkan di bagian paling bawah dari file konfigurasi squid anda;
url_rewrite_program /usr/bin/python /etc/squid/youtube_cache/youtube_cache.py
url_rewrite_children 10
acl youtube_query url_regex -i \.youtube\.com\/get_video
acl youtube_query url_regex -i \.cache[a-z0-9]?[a-z0-9]?[a-z0-9]?\.googlevideo\.com\/videoplayback
acl youtube_query url_regex -i \.cache[a-z0-9]?[a-z0-9]?[a-z0-9]?\.googlevideo\.com\/get_video
acl youtube_deny url_regex -i http:\/\/[a-z][a-z]\.youtube\.com
#acl metacafe_query dstdomain v.mccont.com
#acl dailymotion_query url_regex -i proxy\-[0-9][0-9]\.dailymotion\.com\/
acl google_query dstdomain vp.video.google.com
#acl redtube_query dstdomain dl.redtube.com
#acl xtube_query url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
#acl vimeo_query url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
#acl wrzuta_query url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
url_rewrite_access deny youtube_deny
url_rewrite_access allow youtube_query
#url_rewrite_access allow metacafe_query
#url_rewrite_access allow dailymotion_query
url_rewrite_access allow google_query
#url_rewrite_access allow redtube_query
#url_rewrite_access allow xtube_query
#url_rewrite_access allow vimeo_query
#url_rewrite_access allow wrzuta_query
redirector_bypass on
(untuk beberapa situs seperti redtube saya kasih tanda”#” karena saya gak ingin nyimpen bokep)
kemudian edit file konfigurasi youtube-cache
#nano /etc/youtube_cache.conf
Ganti base_dir ke /var/www/video_cache
PENTING: rubahlah cache_host = IPADDRESS dari PROXY anda
contoh; cache_host = 192.168.3.2
kemudian salin lokasi cache video ke web server;
#cp -r /var/spool/squid/video_cache /var/www/
pastikan anda dapat mengakses direktori ini melalui http://localhost/video_cache jika tidak maka file video tidak akan tersimpan.
restart squid dan apache
#/etc/init.d/squid restart
#/etc/init.d/apache2 restart
Jika anda menggunakan proxy manual, arahkan browser client ke IP Address server, jika menggunakan transparent proxy maka anda dapat langsung menggunakannya tanpa harus mengeset browser.
Untuk melihat proses caching video streaming, ketik perintah berikut;
#tail -f /var/log/squid/youtube_cache.log
Jika berhasil, maka setelah video di”caching” maka yang tertulis adalah sebagi berikut;
DOWNLOAD YOUTUBE 10167389 Video was downloaded and cached.
CACHE_SERVE YOUTUBE Video was served from cache.
sumber :http://mattnuxlog.wordpress.com/2010/10/20/step-by-step-setup-video-cache-di-ubuntu/

FBB user menger mikrotik

/system/packages/print
- Jika belum ada paket user manager install dulu. Karena User-manager merupakan paket terpisah dari router os MT. Pastikan versi outer OS sama dengan versi paket user manager. Misalnya jika router os kita 2.9.50 maka paket user-manager juga harus 2.9.50.
Download dari http://www.mikrotik.com/download.html, pilih salah paket user-manager-2.9.x.npk dari paket zip
- Upload via Program FTP Ke Mikrotik Server
- Reboot Mikrotik Server
- Cek system packages spt no 1, jika user manager belum aktif diaktifkan terlebih dahulu kemudian reboot.
- add Radius
services = hotspot
address = 202.47.77.24x [IP dimana radius / user-manager berada]
secret = 123456 [secret harus sama dengan user-manager]
Jika sudah aktif
- buka http://192.168.0.40/userman
- Jika sudah bisa terbuka halaman login user manager, berarti user manager sudah aktif.
5. Buat Pada User Manager nama subcriber
/ tool user-manager customer add login=”admin” password=123 permissions=owner
6. Buat Hotspot Router
/ tool user-manager router add subscriber=admin ip-address=172.16.0.1 shared-secret=123456
7. Buat User untuk Hotspot
/ tool user-manager user add username=fajar password=123 subscriber=admin
Silahkan dicoba untuk konek hotspot dengan laptop dan User manager dapat diakses melalui http://192.168.0.40/userman. Menu-menu yang terdapat di dalamnya antara lain status login, add user, delete user, log dan lain-lain. Lengkapnya seperti ini
sumber : http://mikrotik-id.blogspot.com/2009/12/user-manager-mikrotik.html

FBB High-performance Proxy caching server

High-performance Proxy caching server
Daftar isi :
1. Pendahuluan
1.1 Apa itu Squid ?
1.2 Apa itu Internet Object caching ?
2. Installasi Squid
3. Konfigurasi dan Optimasi squid
4. Paramater lain Tunning System Squid
5. Penutup
1. Pendahuluan
1.1 Apa itu Squid ?
Squid adalah high-performance proxy caching server untuk web klien, yang sudah mendukung FTP, ghoper, dan HTTP data object. Berbeda dengan software caching yang lama, squid menangani semua permintaan tunggal (single), non-blocking, I/O-driven proses.
Squid menyimpan meta data dan terutama hot-object yang di simpan di RAM, menyimpan DNS lookups, mendukung non-blocking DNS lookups, dan implementasi negative-caching jika permintaan gagal.
Squid mendukung SSL, access kontrol yang banyak, dan full request logging. Dengan menggunakan lightweight internet cache protokol, squid cache dapat dibuat dalam suatu hirarki atau mesh untuk meningkatkan penghematan bandwidth.
Squid terdiri dari program server utama squid, sebuah Domain Name System lookup (program dnsserver), beberapa program tambahan untuk permintaan menulis ulang dan melakukan authentication, dan beberapa tools management client. Ketika squid dijalankan, itu akan menambah jumlah proses dnsserver, masing-masing bertugas sendiri-sendiri, blocking Domain Name System (DNS) lookup. Ini akan mengurangi waktu tunggu DNS lookups.
1.2 Apa itu Internet Object caching ?
Internet Object caching adalah suatu cara untuk menyimpan hasil permintaan internet-object. (seperti, data yang ada dari HTTP, FTP, dan ghoper protokol) untuk membuat sistem dekat dengan permintaan daripada ke sumber aslinya. Web browser dapat menggunakan lokal squid cache sebagai proxy HTTP server, ini akan mengurangi waktu akses seperti halnya penghematan bandwidth.
2. Installasi Squid
Paket-paket yang dibutuhkan :
- compiler gcc dan tool pendukung compiler (development program)
- malloc, program memori utilisasi
- Squid source program (tarball)
Download paket dan install :
root@proxy root# mkdir /download
root@proxy download# cd /download
root@proxy download# wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE14.tar.gz
root@proxy download# wget ftp://ftp.gnu.org/gnu/malloc.tar.gz
Sebelum installasi squid, pastikan program squid lama anda yang mungkin sudah terinstall di sistem untuk di uninstall dulu.
root@proxy root# rpm -qa |grep squid
squid-2.5STABLE6
root@proxy root# rpm -e squid-2.5STABLE6
Installasi semua paket squid :
root@proxy download# tar xzf malloc.tar.gz
root@proxy download# cd malloc
root@proxy malloc# vi Makefile
—-semula—–
# Use this on System V.
#CPPFLAGS = -DUSG
—————
diubah —
—-menjadi—–
# Use this on System V.
CPPFLAGS = -DUSG
—————
root@proxy malloc# make
root@proxy malloc# cp libmalloc.a /usr/lib/libgnumalloc.a
root@proxy malloc# cp malloc.h /usr/include/gnumalloc.h
Tunning system sebelum installasi squid (ini maksudnya, untuk mengaktifkan langsung pada saat kompile squid), tujuannya untuk menaikkan File Deskriptor (FD) , memperbesar proses penggunaan file :
root@proxy malloc# vi /etc/security/limits.conf
* Soft nofile 8192
* Hard nofile 8192
root@proxy malloc# ulimit -HSn 8192
root@proxy malloc# ulimit -n
8192
Installasi Core Squid program :
root@proxy malloc# cd /download
root@proxy download# tar squid-2.5.STABLE10.tar.gz
root@proxy download# cd squid-2.5.STABLE10
root@proxy squid-2.5.STABLE10# ./configure \
–prefix=/usr –exec-prefix=/usr –bindir=/usr/bin \
–sbindir=/usr/sbin –libexecdir=/usr/libexec \
–datadir=/usr/share/squid –sysconfdir=/etc/squid \
–sharedstatedir=/usr/com –localstatedir=/var \
–libdir=/usr/lib –includedir=/usr/include \
–infodir=/usr/share/info –mandir=/usr/share/man \
–libexecdir=/usr/lib/squid \
–enable-gnuregex \
–enable-async-io=24 \
–with-aufs-threads=24 \
–with-pthreads \
–with-aio \
–with-dl \
–enable-storeio=aufs \
–enable-removal-policies=heap \
–enable-icmp \
–enable-delay-pools \
–disable-wccp \
–enable-snmp \
–enable-ssl \
–enable-cache-digests \
–enable-default-err-languages=English \
–enable-err-languages=English \
–enable-poll \
–enable-linux-netfilter \
–disable-ident-lookups \
–disable-hostname-checks \
–enable-underscores \
–enable-cachemgr-hostname=localhost
Catatan: 7 baris paling atas adalah penyesuaian konfigurasi dari sistem yang ada di redhat/fedora. dan untuk opsi-opsi silahkan kompile jika dibutuhkan, kalau tidak dibutuhkan jangan dimasukkan pada saat kompile.
root@proxy squid-2.5.STABLE10# mkdir /var/log/squid
root@proxy squid-2.5.STABLE10# chown -R squid:squid /var/log/squid
root@proxy squid-2.5.STABLE10# make all && make install
root@proxy squid-2.5.STABLE10# strip /usr/lib/squid/*
root@proxy squid-2.5.STABLE10# strip /usr/sbin/squid
3. Konfigurasi dan Optimasi squid
Konfigurasi squid :
http_port 3128
icp_port 3130
ssl_unclean_shutdown on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache1 5000 10 256
cache_dir aufs /cache2 5000 10 256
cache_dir aufs /cache3 5000 10 256
cache_access_log /var/log/squid/access.log
#cache_access_log none
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
pid_filename /var/run/squid.pid
mime_table /etc/squid/mime.conf
log_fqdn off
memory_pools off
client_netmask 255.255.255.255
ftp_user squid@newhack.org
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
negative_ttl 2 minutes
half_closed_clients off
read_timeout 15 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
shutdown_lifetime 10 seconds
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl lan src 192.168.0.0/24 192.168.1.0/24
acl to_localhost dst 127.0.0.0/8
acl PURGE method PURGE
acl POST method POST
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
acl IpAddressOnly url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
acl GETONLY method GET
acl VIRUS urlpath_regex winnt/system32/cmd.exe?
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppublic snmp_community public
# Hotmail workaround
header_access Accept-Encoding deny all
http_access allow localhost
http_access allow lan
http_access allow manager lan
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny PURGE
http_access deny VIRUS
http_access deny all
http_reply_access allow all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
cachemgr_passwd passwordku all
cache_mgr proxy@newhack.org
cache_effective_user squid
cache_effective_group squid
visible_hostname proxies3.newhack.org
unique_hostname proxy.newhack.org
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
logfile_rotate 7
forwarded_for on
icp_hit_stale on
log_icp_queries off
query_icmp on
buffered_logs off
strip_query_terms off
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/English
store_avg_object_size 13 KB
store_objects_per_bucket 10
client_db on
snmp_port 3401
snmp_access allow snmppublic lan
snmp_access deny all
coredump_dir /cache1
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
Tips Optimasi Squid :
Jika ada beberapa situs terdekat yg mungkin hanya 1 hop, di-by pass saja supaya kerja Squid benar-benar utk yg jaraknya jauh (hopnya banyak).
hierarchy_stoplist cgi-bin ? localhost domain-anda.com isp-anda.com domainku.web.id
acl QUERY urlpath_regex cgi-bin \? localhost domain-anda.com isp-anda.com domainku.web.id
no_cache deny QUERY
Dari pengalaman dan rekomendasi 6 MB akan lebih cepat dan biarkan Squid bekerja lebih keras lagi.
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
Maksimum obyek di hardisk dan di memori diupayakan lebih besar shg byte hit lebih tinggi (bisa dinaikkan lagi jika hardisk berkecepatan tinggi dan jumlahnya banyak dg memori yg lebih besar pula).
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
Jika memori 512 MB atau lebih besar silahkan cache diperbesar.
ipcache_size 2048
ipcache_low 98
ipcache_high 99
Untuk heap replacement saya memakai LFUDA utk cache hardisk dan GDSF utk cache memori dg alasan di hardisk diprioritaskan obyek yg ukuran besar-besar dan di memori obyek yg ukurannya kecil-kecil utk disimpan.
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
Idealnya ruang di hardisk yg anda pakai hanya sekitar 70% dari total krn semakin penuh Squid akan semakin pelan mencari tempat kosong, mis. utk cache 1 GB maka yg dipakai hanya 700MB (jangan 1GB dipakai semuanya). Jangan lupa hanya 1 direktori per drive krn faktor penghambat adalah kecepatan spindle hardisk lho, bukan terus dg memperbanyak direktori pada 1 hd akan mempercepat (hd orde milidetik, memori orde nanodetik). Jadi mending hardisknya banyak tapi ukurannya kecil-kecil daripada hanya 1 berukuran besar. Terus jika OS-nya Linux pakailah FS-nya Reiser (versi 4 tercepat) dg metode akses aufs. Diskd optimal di FreeBSD tetapi tidak di Linux lho. Jangan lupa di partisi tsb noatime dan notail diaktifkan spy tidak menambah ekstra write saat menulis atau membaca. Intinya hardisk adalah faktor penghambat terbesar di Squid.
saran kira2 70% dari 16GB
cache_dir aufs /cachez 12000 28 256
atau (utk ruang 4GB-an per hardisk)
cache_dir aufs /cachehardisk1 3000 8 256
cache_dir aufs /cachehardisk2 3000 8 256
cache_dir aufs /cachehardisk3 3000 8 256
cache_dir aufs /cachehardisk4 3000 8 256
Logging untuk info yg vital saja dan diusahakan file-file log ada di hardisk tersendiri spy tidak mempengaruhi kecepatan direktori cache utamanya.
log_fqdn off
log_icp_queries off
cache_log none
cache_store_log none
Dengan memaksa sedikit supaya akses obyek lebih intensif di lokal Squid dan waktu simpan ditambah sebelum proses validasi terjadi (mis. validasi terjadi per 3 jam dg penyimpanan obyek terlama 3 bulan, utk ftp bisa lebih lama lagi).
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
Toleransi aborting dihilangkan saja.
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
Mematikan dan merekonfigurasi Squid jangan terlalu cepat krn bisa mengakibatkan integritas file kacau.
shutdown_lifetime 10 seconds
Tidak perlu reservasi memori.
memory_pools off
Penting utk relasi dg sibling dg mengukur respons-nya via ICP dan ICMP.
icp_hit_stale on
query_icmp on
Penting utk meningkatkan refresh pattern lebih lanjut.
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
Sekali lagi Squid diperlukan utk mengambil yg jaraknya jauh, jarak dekat langsung saja
acl local-dst dst semuaalamatlokal semuaalamatipygdekat
acl local-domain dstdomain localhost domain-anda.com isp-anda.com domainku.web.id
always_direct allow localhost local-dst local-domain
always_direct deny all
Sys-V init squid :
root@proxy root# vi /etc/init.d/squid
#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: – 90 25
# description: Squid – Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# check if the squid conf file is present
[ -f /etc/squid/squid.conf ] || exit 0
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don’t raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-”-DY”}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
[ -z "$SQUID" ] && exit 0
prog=”$SQUID”
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e ‘s/#.*//g’ /etc/squid/squid.conf | \
grep cache_dir | awk ‘{ print $3 }’`
[ -z "$CACHE_SWAP" ]
RETVAL=0
start() {
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n “init_cache_dir $adir… “
$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $”Starting $prog: “
ulimit -HSn 2048
/bin/nice –20 $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n “.”
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $”Stopping $prog: “
$SQUID -k check >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n “.”
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
echo
fi
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID
$SQUID -k check
}
probe() {
return 0
}
case “$1″ in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $”Usage: $0 {start|stop|status|reload|restart|condrestart}”
exit 1
esac
exit $?
4. Paramater lain Tunning System Squid :
Edit di /etc/sysctl.conf, dan tambahkan di bawah ini:
root@proxy root# vi /etc/sysctl.conf
# add port outgoing
net.ipv4.ip_local_port_range = 1024 32768
Tunning di fstab :
edit di /etc/fstab, harusnya seperti ini yg harus sama yg di ubah (biasanya ada tambahan noatime/notail, untuk jenis mounting yg lain biarkan saja, jangan diubah):
/dev/hda1 / reiserfs defaults,noatime 1 1
/dev/hda6 /boot reiserfs defaults,noatime 1 2
/dev/hda7 /var reiserfs defaults,noatime 1 2
/dev/hda8 /usr reiserfs defaults,noatime 1 2
/dev/hda9 /home reiserfs defaults,noatime 1 2
/dev/sda1 /cache01 reiserfs noatime,notail 0 0
/dev/sda2 /cache02 reiserfs noatime,notail 0 0
/dev/sdb1 /cache03 reiserfs noatime,notail 0 0
/dev/sdb2 /cache04 reiserfs noatime,notail 0 0
Check yg melakukan koneksi ke squid :
root@proxy root# tail -f /var/log/squid/access.log
5. Penutup
Terimakasih :
http://forum.linux.or.id (mas dani, fish, fai, firewaxx, dan semua barudak forum.linux.or.id)

FBB Cara Setting Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External (Lengkap)

Dengan Router Mikrotik di tambah
Squid ProxyExternal seperti ubuntu,ClearOs,IpCop Dll…Performa akan menjadi mantab,apalagi menggunakan Squid Lusca…Cache semua pada di telan…Ok berikut ini saya post Cara Setting Hit,Queues Tree,Mangle Mikrotik + Squid Proxy External,Untuk Setting Squid nya nggak saya post karena…Ini Label Mikrotik,Untuk Setting squid lihat di label Squid,,,
Ip Addess MengarahMikrotik =192.168.0.5 Ke Modem (internet)
Ip Address Mengarah Local =192.168.34.1 Ke Client
Ip Address Mengarah Squid Proxy =192.168.35.1 Ke Squid Proxy
Ip Address Squid Proxy =192.168.35.2 Ip Squid Proxy External
Terobosan….:
Total bandwidth dari Modem (internet) 4 MB
Client Download dari Modem dilimit dengan queue tree,jika file datanya telah tersimpan di Squid Proxy maka otomatis tidak terlimit alias lepas Loss
Untuk client yang download file seperti .flv .exe .rar .zip youtube dll…..dilimit 1 MB untuk semua file bagi rata,kecuali yang berbau bokep….bokep saya kasih 128 aja bagi rata…..nah…jika extention seperti .flv .exe .rar .zip youtube dll tersebut pernah di download…otomatis tersimpan di Squid proxy ..dan otomatis tidak terlimit extention tersebut…alias lepas loss….
Untuk ping ….ini perlu….bagi bagi client yang main poker,pointblank,atau game lainnya..saya gunakan queue tree juga…tapi tidak di limit…
Untuk Upload…tidak perlu di limit…demi kenyamanan pemain game
Berikut langkahnya dari awal…dari Router Mikrotik belum berisi..alias kosong…:
Kita mainkan di new terminal semua:
1. Set interface:
/interface set 0 name=public \
;/interface set 1 name=local \
;/interface set 2 name=proxy
2. Set Ip address (Sesuaikan Ip address dgn jaringan anda):
/ip address add address=192.168.0.5 \
netmask=255.255.255.0 \
interface=public \
;/ip address add address=192.168.34.1 \
netmask=255.255.255.0 \
interface=local \
;/ip address add address=192.168.35.1 \
netmask=255.255.255.0 \
interface=proxy
3. Set Gateway (Sesuaikan Gateway dengan gateway jaringan anda):
/ip route add gateway=192.168.0.1
4. Set DNS (sesuaikan DNS sengan jaringan anda):
A. Cara set DNS Untuk RB Os versi 4.XX kebawah:
/ip dns set primary-dns=203.130.208.18 \
;/ip dns set secondary-dns=203.130.193.74 \
allow-remote-requests=yes
B. Cara set DNS untuk RB Os versi 4.XX keatas:
/ip dns set servers=203.130.208.18,203.130.193.74 \
allow-remote-requests=yes
5. Set Ip Firewall Nat …..termasuk nat untuk redirect ke proxy…saya gunakan port 3128 pada squid saya (ip addressnya sesuaikan dengan jaringan anda):
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.34.0/24 action=masquerade \
src-address-list=”wirelessrouterproxy.blogspot.com client” \
comment=”LOCAL NAT MASQUERADE”
/ip firewall nat add chain=srcnat out-interface=public \
src-address=192.168.35.0/24 action=masquerade \
src-address-list=”wirelessrouterproxy.blogspot.com proxy” \
comment=”PROXY NAT MASQUERADE”
/ip firewall nat add action=dst-nat chain=dstnat \
comment=”REDIRECT KE PROXY” disabled=no \
dst-port=80,8080,3128 in-interface=local \
protocol=tcp src-address=!192.168.35.0/24 \
to-addresses=192.168.35.2 to-ports=3128
/ip firewall nat add action=dst-nat \
chain=dstnat comment=”TRANSPARENT DNS UDP LOCAL” \
disabled=no dst-port=53 in-interface=local \
protocol=udp to-ports=53
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=local \
protocol=tcp to-ports=53 comment=”TRANSPARENT DNS TCP LOCAL”
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=udp to-ports=53 comment=”TRANSPARENT DNS UDP PROXY”
/ip firewall nat add action=dst-nat \
chain=dstnat disabled=no dst-port=53 in-interface=proxy \
protocol=tcp to-ports=53 comment=”TRANSPARENT DNS TCP PROXY”
6. Selanjutnya Keamanan jaringan :
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER1″ \
address-list-timeout=2w chain=input \
comment=”PORT SCANNER2 KE ADDRESS \
LIST ” disabled=no protocol=tcp psd=21,3s,3,1
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER2″ address-list-timeout=2w \
chain=input comment=”NMAP FIN Stealth scan” disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER3″ address-list-timeout=2w \
chain=input comment=”SYN/FIN scan” disabled=no \
protocol=tcp tcp-flags=fin,syn
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER4″ address-list-timeout=2w \
chain=input comment=”SYN/RST scan” disabled=no \
protocol=tcp tcp-flags=syn,rst
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER5″ address-list-timeout=2w \
chain=input comment=”FIN/PSH/URG scan” disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER6″ address-list-timeout=2w \
chain=input comment=”ALL/ALL scan” disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall filter add action=add-src-to-address-list \
address-list=”PORT SCANNER7″ address-list-timeout=2w \
chain=input comment=”NMAP NULL scan” disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
/ip firewall filter add action=drop chain=input \
comment=”BLOK PORT SCANNER” disabled=no \
src-address-list=”PORT SCANNER1″
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN MENDIRIKAN KONEKSI” \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN KONEKSI TERKAIT” \
connection-state=related disabled=no
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN PING LOCAL” \
disabled=no protocol=icmp \
src-address-list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN PING PROXY” disabled=no \
protocol=icmp src-address-list=\
“wirelessrouterproxy.blogspot.com proxy”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN INPUT DARI LOCAL” disabled=no \
src-address-list=”wirelessrouterproxy.blogspot.com client”
/ip firewall filter add action=accept chain=input \
comment=”IZINKAN INPUT DARI PROXY” disabled=no \
src-address-list=”wirelessrouterproxy.blogspot.com proxy”
/ip firewall filter add action=jump chain=forward \
comment=”FILTER PAKET YANG JELEK” disabled=no \
jump-target=tcp protocol=tcp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=udp \
protocol=udp
/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=icmp protocol=icmp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK SMTP” disabled=no dst-port=25 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK RPC2portmapper” disabled=no \
dst-port=135 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NBT” disabled=no dst-port=137-139 \
protocol=tcp
/ip firewall filter add action=drop \
chain=tcp comment=”TOLAK CIFS” disabled=no \
dst-port=445 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NFS” disabled=no dst-port=2049 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NETBUS” disabled=no dst-port=20034 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK BackOriffice” disabled=no dst-port=\
3133 protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”BLOK DHCP” disabled=no dst-port=67-68 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK P2P” disabled=no p2p=all-p2p
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK TFTP” disabled=no dst-port=69 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK PRC portmapper” disabled=no \
dst-port=111 protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”TOLAK PRC portmapper” disabled=no \
dst-port=135 protocol=udp
/ip firewall filter add action=drop chain=tcp \
comment=”TOLAK NETBUS” disabled=no \
dst-port=12345-12346 protocol=tcp
/ip firewall filter add action=drop chain=udp \
comment=”BLOK NBT” disabled=no dst-port=137-139 \
protocol=udp
/ip firewall filter add action=drop chain=udp \
comment=”BLOK NFS” disabled=no dst-port=2049 \
protocol=udp
/ip firewall filter add action=drop \
chain=udp comment=”TOLAK BackOriffice” \
disabled=no dst-port=3133 protocol=udp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=3:0 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment=”limit packets 5/secs” \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=icmp \
comment=”limit packets 5/secs” disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept \
chain=icmp comment=”limit packets 5/secs” \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
/ip firewall filter add action=accept chain=forward \
comment=”Allow Established connections” \
connection-state=established disabled=no
/ip firewall filter add action=accept chain=forward \
comment=”Allow Forward from LOCAL Network” \
disabled=no src-address-list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall filter add action=accept chain=forward \
comment=”Allow Forward from PROXY Network” \
disabled=no src-address-list=\
“wirelessrouterproxy.blogspot.com proxy”
7. Selanjutnya buat address list untuk client anda…tujuannya hanya ip address yang di buat ini yang bisa terkoneksi ke internet…jika client anda melebihi sebanayak yang terdaftar di bawah ini…silahkan di tambah..sesuai dgn jumlah client anda….(Sesuaikan ip addresnya dengan jaringan anda):
/ip firewall address-list \
add address=192.168.35.2 \
comment=”SQUID PROXY EXTERNAL” \
disabled=no list=\
“wirelessrouterproxy.blogspot.com proxy”
/ip firewall address-list \
add address=192.168.34.2 \
comment=”CLIENT1″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.3 \
comment=”CLIENT2″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.4 \
comment=”CLIENT3″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.5 \
comment=”CLIENT4″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.6 \
comment=”CLIENT5″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.7 \
comment=”CLIENT6″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.8 \
comment=”CLIENT7″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.9 \
comment=”CLIENT8″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.10 \
comment=”CLIENT9″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.11 \
comment=”CLIENT10″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
/ip firewall address-list \
add address=192.168.34.12 \
comment=”CLIENT11″ \
disabled=no list=\
“wirelessrouterproxy.blogspot.com client”
8. Selanjutnya Firwall layer7,yang nanti nya untuk limit .exe .zip .rar dll:
/ip firewall layer7-protocol add name=YOUTUBE regexp=”http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
-9][\\x09-\\x0d -~]*(content-type: video)”
/ip firewall layer7-protocol add name=”EXE” \
regexp=”\\.(exe)”
/ip firewall layer7-protocol add name=”RAR” \
regexp=”\\.(rar)”
/ip firewall layer7-protocol add name=”7z” \
regexp=”\\.(7z)”
/ip firewall layer7-protocol add name=”CAB” \
regexp=”\\.(cab)”
/ip firewall layer7-protocol add name=”ASF” \
regexp=”\\.(asf)”
/ip firewall layer7-protocol add name=”MOV” \
regexp=”\\.(mov)”
/ip firewall layer7-protocol add name=”WMV” \
regexp=”\\.(wmv)”
/ip firewall layer7-protocol add name=”MPG” \
regexp=”\\.(mpg)”
/ip firewall layer7-protocol add name=”MPEG” \
regexp=”\\.(mpeg)”
/ip firewall layer7-protocol add name=”MKV” \
regexp=”\\.(mkv)”
/ip firewall layer7-protocol add name=”ZIP” \
regexp=”\\.(zip)”
/ip firewall layer7-protocol add name=”AVI” \
regexp=”\\.(avi)”
/ip firewall layer7-protocol add name=”FLV” \
regexp=”\\.(flv)”
/ip firewall layer7-protocol add name=”WAV” \
regexp=”\\.(wav)”
/ip firewall layer7-protobol add name=”RM” \
regexp=”\\.(rm)”
/ip firewall layer7-protocol add name=”MP3″ \
regexp=”\\.(mp3)”
/ip firewall layer7-protocol add name=”MP4″ \
regexp=”\\.(mp4)”
/ip firewall layer7-protocol add name=”RAM” \
regexp=”\\.(ram)”
/ip firewall layer7-protocol add name=”RMVB” \
regexp=”\\.(rmvb)”
/ip firewall layer7-protocol add name=”DAT” \
regexp=”\\.(dat)”
/ip firewall layer7-protocol add name=”DAA” \
regexp=”\\.(daa)”
/ip firewall layer7-protocol add name=”ISO” \
regexp=”\\.(iso)”
/ip firewall layer7-protocol add name=”NRG” \
regexp=”\\.(nrg)”
/ip firewall layer7-protocol add name=”BIN” \
regexp=”\\.(bin)”
/ip firewall layer7-protocol add name=”VCD” \
regexp=”\\.(vcd)”
9. Selanjutanya Mangle…….
A. Mangle Suid Hit:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SQUID PROXY HIT” \
disabled=no dscp=12 \
new-packet-mark=”PROXY HIT” passthrough=no
Mangle Squid koneksi dan squid Paket:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”BROWSING SQUID” disabled=no \
dst-address-list=”!wirelessrouterproxy.blogspot.com client” \
dst-port=80,443 new-connection-mark=”SQUID KONEKSI” \
passthrough=yes protocol=tcp \
src-address-list=”wirelessrouterproxy.blogspot.com proxy”
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SQUID PAKET” \
connection-mark=”SQUID KONEKSI” disabled=no \
new-packet-mark=”SQUID PAKET” passthrough=no
B. Mangle Semua koneksi masuk dan koneksi keluar:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”TANDA SEMUA KONEKSI” disabled=no \
dst-address-list=”!wirelessrouterproxy.blogspot.com client” \
in-interface=local new-connection-mark=”SEMUA KONEKSI MASUK” \
passthrough=yes
/ip firewall mangle add action=mark-connection \
chain=forward disabled=no \
new-connection-mark=”SEMUA KONEKSI KELUAR” \
out-interface=local passthrough=yes \
src-address-list=”!wirelessrouterproxy.blogspot.com client” \
comment=”SEMUA KONEKSI KELUAR”
/ip firewall mangle add chain=prerouting \
action=mark-packet new-packet-mark=”SEMUA PAKET_MASUK”\
passthrough=yes connection-mark=”SEMUA KONEKSI MASUK” \
comment=”SEMUA PAKET MASUK”
/ip firewall mangle add chain=forward \
action=mark-packet new-packet-mark=”SEMUA PAKET KELUAR” \
passthrough=yes connection-mark=”SEMUA KONEKSI KELUAR”
comment=”SEMUA PAKET KELUAR”
C. Mangle Browsing koneksi yang koneksi dari semua koneksi masuk:
/ip firewall mangle add action=mark-connection chain=prerouting \
comment=”BROWSING CLIENT” \
connection-mark=”SEMUA KONEKSI MASUK” disabled=no \
new-connection-mark=”BROWSING KONEKSI” \
passthrough=yes protocol=tcp
D. Mangle Koneksi ICMP dengan dscp1:
/ip firewall mangle add action=mark-connection \
chain=postrouting disabled=no dscp=1 \
new-connection-mark=”ICMP KONEKSI” passthrough=yes \
comment=”ICMP KOMEKSI”
E. Mangle Game koneksi yang koneksi dari semua koneksi masuk:
F. Mangle Pointblank,Poker,dan RF online,jika anda ingin memasukkan game lainnya silahkan cari port game tersebut:
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”POINT BLANK” \
connection-mark=”SEMUA KONEKSI MASUK” \
disabled=no dst-port=40000-40010 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=udp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”POKER” \
connection-mark=”SEMUA KONEKSI MASUK” \
disabled=no dst-port=9339,843 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection \
chain=prerouting comment=”RF ONLINE” \
connection-mark=”SEMUA KONEKSI MASUK” disabled=no \
dst-port=10001,10002,10003,10004,10005,10006,10007 \
new-connection-mark=”GAME KONEKSI” \
passthrough=yes protocol=udp
G. Mangle ICMP PAKET:
/ip firewall mangle add action=mark-packet \
chain=postrouting connection-mark=”ICMP KONEKSI” \
disabled=no new-packet-mark=”ICMP PAKET” passthrough=no \
comment=”ICMP PAKET”
H. Selanjutnya mangle Game Paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”SEMUA GAME DIPAKETKAN” \
connection-mark=”GAME KONEKSI” disabled=no \
new-packet-mark=”GAME PAKET” passthrough=no
I. Selanjutnya Bowsing paket:
/ip firewall mangle add action=mark-packet \
chain=forward comment=”BROWSING PAKET” \
connection-bytes=0-131072 \
connection-mark=”BROWSING KONEKSI” \
disabled=no new-packet-mark=”BROWSING PAKET” \
passthrough=no protocol=tcp
J. Change dscp ICMP dan Port 53:
/ip firewall mangle add action=change-dscp \
chain=postrouting comment=”ICMP CHANGE DSCP” \
disabled=no new-dscp=1 protocol=icmp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=udp
/ip firewall mangle add action=change-dscp \
chain=postrouting disabled=no dst-port=53 new-dscp=1 \
protocol=tcp
K. Mangle Extention file seperti .zip .rar .flv .exe dll :
/ip firewall mangle add action=mark-connection \
chain=forward comment=”EXTENTION KONEKSI” \
disabled=no in-interface=local \
new-connection-mark=”EXTENTION KONEKSI” \
passthrough=yes
/ip firewall mangle add action=mark-packet \
chain=forward comment=”YOUTUBE MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”YOUTUBE” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”WMV MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”WMV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”EXE MARK” \
connection-mark=”EXTENTION KONEKSI” disabled=no \
new-packet-mark=”EXE” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ZIP MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ZIP” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RAR MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RAR” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MPG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MPG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MPEG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MPEG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MP3 MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MP3″ passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MOV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MOV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ISO MARK” disabled=no \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ISO” \
passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”MKV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”MKV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”FLV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”FLV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”AVI MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”AVI” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CAB MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”CAB” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”ASF MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”ASF” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”WAV MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”WAV” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RM MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RM” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RAM MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RAM” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”RMVB MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”RMVB” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”DAT MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”DAT” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”DAA MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”DAA” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”NRG MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”NRG” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”BIN MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”BIN” passthrough=no
/ip firewall mangle add action=mark-packet \
chain=forward comment=”VCD MARK” \
connection-mark=”EXTENTION KONEKSI” \
new-packet-mark=”VCD” passthrough=no
L. Mangle Paket client (sesuaikan Ip addressnya dengan ip address client jaringan anda):
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT1″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.2 \
new-packet-mark=”CLIENT1″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT2″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.3 \
new-packet-mark=”CLIENT2″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT3″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.4 \
new-packet-mark=”CLIENT3″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT4″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.5 \
new-packet-mark=”CLIENT4″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT5″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.6 \
new-packet-mark=”CLIENT5″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT6″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.7 \
new-packet-mark=”CLIENT6″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT7″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.8 \
new-packet-mark=”CLIENT7″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT8″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.9 \
new-packet-mark=”CLIENT8″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT9″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.10 \
new-packet-mark=”CLIENT9″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT10″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.11 \
new-packet-mark=”CLIENT10″ \
passthrough=no protocol=tcp
/ip firewall mangle add action=mark-packet \
chain=forward comment=”CLIENT11″ \
connection-mark=”SEMUA KONEKSI KELUAR” \
disabled=no dst-address=192.168.34.12 \
new-packet-mark=”CLIENT11″ \
passthrough=no protocol=tcp
10. Queue Tree
A. Queue tree ICMP prioritas ke 1:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”ICMP PING” \
packet-mark=”ICMP PAKET” parent=public priority=1 \
queue=”default”
B. Queue Squid Hit Prioritas ke 2:
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”SQUID HIT” \
packet-mark=”PROXY HIT” parent=local priority=2 \
queue=default
C. Queue Limit Extention prioritas ke 3 (jika anda ingin melimit yang berbeda silahkan ubah max-limitnya):
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=1000000 \
name=”LIMIT FILE EXTENTION” parent=global-out priority=3
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”AVI” packet-mark=AVI parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”EXE” packet-mark=”EXE” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”FLV” packet-mark=”FLV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”YOUTUBE” packet-mark=”YOUTUBE” \
parent=”LIMIT FILE EXTENTION” priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ISO” packet-mark=iso parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name=”MP3″ \
packet-mark=”MP3″ parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 name=”MP4″ \
packet-mark=”MP4″ parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”MPEG” packet-mark=”MPEG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”MPG” packet-mark=”MPG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RAR” packet-mark=”RAR” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=128000 \
name=”WMV” packet-mark=”WMV” \
parent=”LIMIT FILE EXTENTION” priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ZIP” packet-mark=”ZIP” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”CAB” packet-mark=”CAB” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”ASF” packet-mark=”ASF” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”MOV” packet-mark=”MOV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”MKV” packet-mark=”MKV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”WAV” packet-mark=”WAV” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RM” packet-mark=”RM” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RAM” packet-mark=”RAM” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”RMVB” packet-mark=”RMVB” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”DAT” packet-mark=”DAT” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”DAA” packet-mark=”DAA” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”NRG” packet-mark=”NRG” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”BIN” packet-mark=”BIN” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”VCD” packet-mark=”VCD” parent=”LIMIT FILE EXTENTION” \
priority=3 queue=default
D. Queue tree Semua Upload Prioritas ke 4 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”+++TOTAL UPLOAD+++” \
packet-mark=”SEMUA PAKET MASUK” \
parent=public priority=4 queue=default
E. Total download Prioritas ke 5 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”+++TOTAL DOWNLOAD+++” packet-mark=”SEMUA PAKET KELUAR” \
parent=global-out priority=5
F. Game download Prioritas ke 6 :
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”GAME DOWNLOAD” packet-mark=”GAME PAKET” \
parent=”+++TOTAL DOWNLOAD+++” priority=6 \
queue=default
G. Queue Browsing Paket Priority ke 7
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s \
disabled=no limit-at=0 max-limit=0 \
name=”BROWSING PAKET” packet-mark=”BROWSING PAKET” \
parent=”+++TOTAL DOWNLOAD+++” priority=7 queue=default
Queue tree Total download client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no \
limit-at=0 max-limit=0 name=”+++TOTAL DOWNLOAD CLIENT+++” \
parent=”+++TOTAL DOWNLOAD+++” priority=8
H. Queue tree client priority8
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT1″ packet-mark=”CLIENT1″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT2″ packet-mark=”CLIENT2″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT3″ packet-mark=”CLIENT3″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT4″ packet-mark=”CLIENT4″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT5″ packet-mark=”CLIENT5″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT6″ packet-mark=”CLIENT6″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT7″ packet-mark=”CLIENT7″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT8″ packet-mark=”CLIENT8″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT9″ packet-mark=”CLIENT9″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT10″ packet-mark=”CLIENT10″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
/queue tree add burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=”CLIENT11″ packet-mark=”CLIENT11″ \
parent=”+++TOTAL DOWNLOAD CLIENT+++” priority=8 queue=default
Sumber : http://wirelessrouterproxy.blogspot.com