Quick fix for simultaneous on Easyhotspot
sebelumnya suwun buat mas Rafee atas distro dan trik2 yang telah diberikan
biasanya satu user bisa dibuat login rame2 oleh beberapa user sekaligus, wah bisa bangkrut dong lama…he..he, untung mas Rafee ngasih trik ini (tak comot dari blognya)
for quick fix please replace your “/var/www/system/application/models/billingplanmodel.php” file with http://pastebin.com/f3ceb50d7
and replace your “/var/www/system/application/models/postpaidmodel.php with http://pastebin.com/f6b5e1485
cuman setelah diterapkan, kok masih bablas aja ya….satu user masih bisa di buat login oleh beberapa orang, karena penasaran, utak-atik sampai di satru istri gara2 dicuekin katanya ( he..he), akhirnya ketemu juga, tinggal buka pagar aja difile /etc/freeradius/sql.conf, pada baris…
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for verification
# - Leave blank or commented out to disable verification step
# - Note that the returned field order should not be changed.
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
hilangkan pagar disini----> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
habis itu restart pc, dan coba…..
semoga berhasil
Easyhotspot dan transparent squid proxy dalam satu mesin…..(hemat hardware)
install easyhotspot distro seperti biasanya, selanjutnya install squid proxy…dan konfigurasikan agar squid transparent, easyhotspot disini digunakan untuk server proxy yang melayani user biasa di class ip 192.168.0.0 dan hotspot prepaid di class ip 192.168.182.0, selanjutnya kita bikin script firewall buat user biasa agar setiap permintaan ke port 80 di redirect ke port 3128 (squid)
#!/bin/sh
# squid server IP
SQUID_SERVER=”192.168.0.254″
# Interface connected to Internet
INTERNET=”eth4″
# Interface connected to LAN
LAN_IN=”eth3″
# Squid port
SQUID_PORT=”3128″
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state –state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables –table nat –append POSTROUTING –out-interface $INTERNET -j MASQUERADE
iptables –append FORWARD –in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp –dport 80 -j DNAT –to $SQUID_SERVER:$SQUID_PORT
iptables -t nat -A PREROUTING -i $INTERNET -p tcp –dport 80 -j REDIRECT –to-port $SQUID_PORT
iptables -t nat -A PREROUTING -p tcp -m tcp -s 192.168.0.0/24 –dport 80 -j DNAT –to-destination 192.168.0.254:3128
# DROP everything and Log it
iptables -A INPUT -j LOG
#iptables -t mangle -A POSTROUTING -d 192.168.0.14 -j MARK –set-mark 101
#iptables -A INPUT -j DROP
##############################
save dan letakkan di /etc/init.d/sharing, setelah itu chmod a+x /etc/init.d/sharing agar bisa di eksekusi
agar user hotspot prepaid setelah login bisa akses internet dan diredirect ke port squid (melalui transparent proxy squid) edit file /etc/init.d/chillispot.firewall menjadi seperti ini
#!/bin/sh
#
# Firewall script for ChilliSpot
# A Wireless LAN Access Point Controller
#
# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
#
#
# SUMMARY
# * All connections originating from chilli are allowed.
# * Only ssh is allowed in on external interface.
# * Nothing is allowed in on internal interface.
# * Forwarding is allowed to and from the external interface, but disallowed
# to and from the internal interface.
# * NAT is enabled on the external interface.
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
IPTABLES=”/sbin/iptables”
EXTIF=”eth4″
INTIF=”eth3″
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp –dport 22 –syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp –dport 80 –syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp –dport 443 –syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp –dport 3990 –syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
#$IPTABLES -A FORWARD -i $INTIF -j DROP
#$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
iptables –append FORWARD –in-interface $INTIF -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i 192.168.0.0/24 -p tcp –dport 80 -j DNAT –to 192.168.0.254:3128
###########################################################
agar setiap booting bisa dieksekusi otomatis edit file /etc/rc.local menjadi seperti ini
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0″ on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sh /etc/init.d/sharing
sh /etc/init.d/chillispot.firewall
exit 0
reboot easyhotpsot dan kalo gak ada kesalahan maka user biasa dan user hotspot prepaid bisa internetan melalui squid proxy, lumayan ngirit pc..he..he
caching youtube squid 2.6.STABLE14 di easyhotspot (xubuntu 7.10)
browsing2 akhirnya dapat link buat cache youtube dengan squid 2.6 http://fedora.co.in/content/youtube-cache-version-03-available, tapi ini buat fedora…..mumpung ada waktu kosong iseng-iseng dicoba di xubuntu 7.10, dan ternyata proses tersulit adalah pada saat compile python-iniparse karena paket ini tidak tersedia buat debian base, kita mulai ya….
download http://kulbirsaini.fedorapeople.org/stuff/youtube_cache/youtube_cache-0.3-1.tar.gz dan ekstrak
pastikan sebelumnya paket-paket dibawah ini sudah terinstall
- python
- python-urlgrabber
- python-iniparse
- squid
dari keempat paket tersebut sudah tersedia semua di repo ubuntu, tapi untuk python-iniparse gak ada dan kita harus install dari source, caranya download paketnya di http://code.google.com/p/iniparse/
ekstrak, kemudian dari hasil ekstrak tersebut copy folder iniparse ke dalam /usr/lib/python2.5/site-packages/
gitu aja installnya..he..he, padaha; tadi ada satu jam cari lewat google, gak ketemu….
setelah itu ekstark file youtube_cache-0.3-1.tar.gz
[root@localhost root]# tar -xvzf youtube_cache-0-3-1.tar.gz
masuk ke youtube_cache-0-3-1 directory
[root@localhost youtube_cache-x.x-x]# cd youtube_cache-0.3-1
Copy youtube_cache.conf ke /etc/youtube_cache.conf
[root@localhost youtube_cache-0.3-1]# cp youtube_cache.conf /etc/youtube_cache.conf
Copy youtube_cache directory to /etc/squid/
[root@localhost youtube_cache-0.3-1]# cp -r youtube_cache /etc/squid/
Buat directories untuk cache youtube videos
[root@localhost root]# cd /var/spool/
[root@localhost spool]# chmod 751 squid
[root@localhost spool]# cd squid
[root@localhost squid]# mkdir youtube
[root@localhost squid]# chown squid:squid youtube
[root@localhost squid]# chmod 755 youtube
[root@localhost squid]# cd youtube
[root@localhost youtube]# mkdir temp
[root@localhost youtube]# chown squid:squid temp
[root@localhost youtube]# chmod 755 temp
setelah itu, masukkan baris di bawah ini ke squid.conf di /etc/squid/squid.conf .
#### BEGIN Add to squid.conf ####
redirect_program /usr/bin/python /etc/squid/youtube_cache/youtube_cache.py
redirect_children 20
#### END Add to squid.conf ####
buat file youtube_cache.log di /var/log/squid/youtube_cache.log dan set permission buat squid
pastikan konfigurasi pada /etc/youtube_cache.conf, sesuai dengan mesin proxy anda
Save squid.conf dan reload squid service menggunakan perintah
[root@proxy root]# /etc/init.d/squid restart
sekarang tinggal di test…dan tempatku berhasil dengan baik….hemat bandwith mas, masalahnya sekarang harus nyediain berapa giga untuk cache youtube ini….?
bagi2 Bandwith speedy pake HTB dan Squid di opensuse 10.3
sudah seminggu ini dipusingkan oleh klien yang download pake Internet download manager, masak dari 12 klien yang konek 2 aja pake IDM, koneksi di klien lainnya langsung drop, sampek pecas ndahe dibuatnya..he..he, squid udah diset delay poolnya…tapi IDM memang sakti, transfer limitnya sih turun tapi tetep aja sekali download, si IDM ini kalo diset full akan membuat seolah-olah ada 16 user yang download bareng-bareng pada waktu yang bersamaan. azoureus juga bikin pusing, di cachemgr.cgi d\ndak ada permintaan dari klien wajar, dan gak ada yang download tapi kok user pada komplain katanya inet lemot…..setelah menyebar mata-mata, akhirnya ketahuan software p2p itu yang bikin lemot….akhirnya nyari-nyari tutorial HTB.init, ketemu juga…dan sekarang udah bisa tidur nyeyak lagi…he..he
install HTB.init (dikutip sebagian dari http://125.160.17.21/wiki/index.php/Bandwidth_Manajemen_Menggunakan_HTB)
Beberapa langkah sederhana untuk menginstalasi htb.init adalah sebagai berikut
Ambil file htb.init-* yang terbaru dari Source Forge
http://sourceforge.net/projects/htbinit/
Copy ke directory /sbin
# cp htb.init-v0.8.5 /sbin/ # mv /sbin/htb.init-v0.8.5 /sbin/htb.init
Buat directory htb di /etc/sysconfig
# mkdir /etc/sysconfig/htb
Buat Aturan untuk manajemen bandwidth di /etc/sysconfig/htb berbentuk file-file untuk masing-masing aturan yang nantinya akan di compile melalui perintah htb.init compile.
contoh :
bikin file dengan nama eth3 (lan ke klien atau download)
isi dengan
DEFAULT = 30
bikin file lagi dengan nama eth3-2.root
isi dengan
RATE=300Kbit
BURST = 15k
LEAF = sfq
untuk konfigurasi pengelompokan klien, buat file dengan nama eth3-2:20.unlimited
isi dengan
RATE=300Kbit
BURST = 15k
LEAF = sfq
dalam kelompok unlimited, terdapat beberapa klien, konfigurasi masing-masing klien dengan file eth3-2:20:200.klien1
isi file
RATE=64Kbit
CEIL=128Kbit
RULE=192.168.0.11
BURST = 15k
LEAF = sfq
begitu sampai klien habis, sesuaikan ip addressnya
untuk upload buat file dengan nama eth4 (ke speedy atau upload)
DEFAULT = 30
buat lagi file dengan nama eth4-2.default
isi dengan
RATE=59Kbit
BURST = 15k
untuk konfigurasi masing2 kelompok klien, buat file eth4-2:20.unlimited
isi dengan
RATE=12Kbit
CEIL=59Kbit
BURST = 15k
LEAF = sfq
untuk masing-masing klien dalam kelompok unlimited, buat file dengan nama eth4-2:20:200.klien1
isi dengan
RATE=4Kbit
CEIL=12Kbit
RULE=192.168.0.11
BURST = 15k
LEAF = sfq
MARK = 1
begitu seterusnya
dan agar squid bebas hambatan alias gak kena bandwith limiter ini, buat eth3-30.squid
isi dengan
RATE=100000000000Kbit
CEIL=25000000000000000Kbit
RULE=:3128,0.0.0.0
RULE=:80,0.0.0.0
RULE=:443,0.0.0.0
RULE=:22,0.0.0.0
itu contoh-contohnya, sebagai pengingat aku aja siapa tahu, server ini rusak dan file konfigurasi hilang, gak pusing lagi ngatur bandwithnya
squid konfigurasi lumayan banter
http_port 3128 transparent
icp_port 3130
acl youtube dstdomain -i .youtube.com
acl striming url_regex -i get_video\?video_id videodownload\?
cache allow youtube
cache allow striming
#redirect_program /usr/local/adzap/scripts/wrapzap
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#cache_peer proxies.telkom.net.id parent 8080 3130
#cache_peer proxy-sby.telkom.net.id sibling 8080 3130
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 64 MB
maximum_object_size_in_memory 16 KB
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache 7000 17 256
#cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
#cache_dns_program /usr/sbin/dnsserver
dns_nameservers 192.168.0.254 202.154.1.2 208.67.202.202 202.134.2.5 202.134.0.155
#============================================================$
# Refresh Rate
#============================================================$
#refresh_pattern ^ftp: 20160 95% 241920 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache ignore-private ignore-auth
#refresh_pattern . 1440 95% 120960 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern ^ftp: 20160 95% 241920 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache
refresh_pattern . 1440 95% 120960 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
negative_ttl 2 minutes
half_closed_clients off
read_timeout 15 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
shutdown_lifetime 10 seconds
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.252
acl butiti src 192.168.0.3
acl pecenx src 192.168.0.2
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access allow butiti
http_access allow kost
http_access allow pecenx
http_access deny outsider
http_reply_access allow all
icp_access allow all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# MISCELLANEOUS
#============================================================$
offline_mode off
forwarded_for on
#ssl_unclean_shutdown on
memory_pools off
header_access From deny all
logfile_rotate 7
reload_into_ims on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
icp_hit_stale on
log_icp_queries off
strip_query_terms off
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.bin$
acl download url_regex -i \.ac3$ \.cda$ \.vro$
acl akses_donlot url_regex -i ftp .exe .dll .zip .rar .rpm .tgz
acl akses_donlot url_regex -i ftp .tar.gz .tar.bz2 .iso .avi .mov .wmv .3gp .bin
acl akses_donlot url_regex -i ftp .mpg .mpeg .mp3 .ram .rm .flv
acl akses_donlot url_regex -i .exe .dll .zip .rar .rpm .tgz
acl akses_donlot url_regex -i .tar.gz .tar.bz2 .iso .avi .mov
acl akses_donlot url_regex -i .mpg .mpeg .mp3 .ram .rm .flv
acl kenadelay url_regex -i .jpg .gif .doc .xls .zip .rar
acl aplot method POST
delay_pools 3
delay_class 1 2
delay_parameters 1 4000/8000 4000/4000
delay_access 1 allow download
delay_access 1 allow pecenx akses_donlot
delay_access 1 allow striming
delay_access 1 allow aplot kenadelay
delay_access 1 deny all
delay_class 2 2
delay_parameters 2 64000/128000 10000/64000
delay_access 2 allow pecenx
delay_access 2 deny all
delay_class 3 2
delay_parameters 3 5000/6000 3000/5000
delay_access 3 allow kost
delay_access 3 deny all
iptables transparent proxy
#!/bin/sh
# Setting IPTABLES paling sederhana untuk masquerading
######################################################
# Konstanta
$IPT=”iptables”
$LOAD=”/sbin/modprobe”
# Interface
# Kalau pakai modem, ganti RED=ppp0
RED=”eth0″
RED_NET=192.168.1.2
#BLUE=ra0
#BLUE_NET=192.168.2.0/24
GREEN=”eth1″
GREEN_NET=192.168.0.0/24
PORT=”3128″
#——————————–
# Inisialisasi IPTABLES
$LOAD ip_tables
$LOAD iptable_filter
$LOAD iptable_nat
$LOAD ip_conntrack
$LOAD ip_conntrack_ftp
$LOAD ip_nat_ftp
$LOAD ip_conntrack_irc
$LOAD ip_nat_irc
#——————————–
# Kosongkan rumus-rumus IPTABLES
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
#——————————–
# Rumus default
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
#——————————–
#ip route add default scope global nexthop via 192.168.100.101 dev $RED weight 1 nexthop via 10.64.64.65 dev $BLUE weight 1
# Rumus masquerading, IP statik
#$IPT -t nat -A POSTROUTING -o $RED -j SNAT –to -source $RED_IP
# Rumus masquerading, lebih komplit
#$IPT -t nat -A POSTROUTING -s $GREEN_NET -o $RED -j SNAT –to -source $RED_NET
# Kalau RED anda IP dinamik (ppp0), gunakan
$IPT -t nat -A POSTROUTING -o $RED -j MASQUERADE
# $IPT -t nat -A POSTROUTING -o $BLUE -j MASQUERADE
$IPT -t nat -A PREROUTING -i $GREEN -p tcp –dport 80 -j REDIRECT –to-port $PORT
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j REDIRECT –to-port 3128
# $IPT -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to- destination 192.168.0.254:3128
#$IPT -A INPUT -i $BLUE -p tcp -d 192.168.0.254 -s 192.168.1.1 –dport 9333 -m state –state NEW,ESTABLISHED -j ACCEPT
#$IPT -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT –to 192.168.0.254
#$IPT -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-port 3128
#$IPT -t filter -A INPUT -p tcp –dport 9333 -j ACCEPT
#——————————–
# Rumus forward, hanya dari dalam atau luar related
#$IPT -t mangle -A PREROUTING -d 10.1.2.10 -j DROP
$IPT -A FORWARD -i $GREEN -o $RED -j ACCEPT
#$IPT -A FORWARD -i $BLUE -o $RED -j ACCEPT
$IPT -A FORWARD -i $RED -o $GREEN -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $RED -o $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT
#——————————–
# Rumus INPUT, hanya terima dari dalam atau luar yang related
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $GREEN -j ACCEPT
#$IPT -A INPUT -i $BLUE -j ACCEPT
$IPT -A INPUT -i $RED -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A INPUT -p icmp -m icmp –icmp-type echo-request -j REJECT
#$IPT -A OUTPUT -p icmp -m icmp –icmp-type echo-reply -j REJECT
#$IPT -A FORWARD -p ICMP -i $GREEN –icmp-type 24 -j REJECT
#$IPT -A FORWARD -p ICMP -i $BLUE –icmp-type 24 -j REJECT
#$IPT -A INPUT -i $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT
#——————————–
## Allow some ports
if [ "$PORT_IN" != "ALL" ]; then
for PORT in $PORT_IN ; do
$IPT -A INPUT -p udp –dport $PORT -j ACCEPT
$IPT -A INPUT -p tcp –dport $PORT -j ACCEPT
done
else
$IPT -A INPUT -p udp -j ACCEPT
$IPT -A INPUT -p tcp -j ACCEPT
fi
# Hidupkan forwarding
echo “1″ > /proc/sys/net/ipv4/ip_forward
Install squid Linux
#wget
Code:
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9-20070220.tar.gz
Extract squid tersebut
#tar -zxvf squid-2.6.STABLE9-20070220.tar.gz -C /usr/local/src (sembarang mau ditaruh di mana hasil ekstraknya squid).
Masuk ke direktori ekstrak squid tersebut
#cd /usr/local/src/squid-2.6.STABLE9-20070220
Buat group dan user yang akan di gunakan untuk menjalankan squid
#groupadd squid_
#useradd -c \”SQUID PROXY CACHE\” -d /dev/null -s /bin/false -g _squid _squid
Configure dan install squid
#./configure \\
–prefix=/squid/ –sysconfdir=/etc/ –enable-gnuregex –enable-async-io=16 \\
–with-aufs-threads=16 –with-pthreads –with-aio –with-dl \\
–enable-storeio=aufs –enable-removal-policies=heap –enable-delay-pools \\
–disable-wccp –enable-cache-digests –enable-default-err-languages=English \\
–enable-err-languages=English –enable-linux-netfilter –disable-ident-lookups \\
–disable-hostname-checks –enable-underscores –enable-snmp –enable-useragent-log \\
–disable-wccpv2 –enable-epoll –disable-internal-dns –enable-htcp
Keterangan opsi :
–enable-async-io=16 dan –with-aufs-threads=16 di sesuaikan dengan kemampuan mesin server
Untuk pentium III dengan ram 128 kebawah dapat menggunakan 8
Untuk pentium III ram 128 s/d PIV 1,8 Ghz ram 256 dapat menggunakan 16
Untuk pentium IV ram 256 1,8 s/d PIV 2,4 ram 256 dapat menggunakan 24
Untuk pentium di atasnya atau sekelasnya dapat menggunakan 32
Pilihan diatas hanya sebuah perkiraan karena saya hanya menggunakan P4 ram 256 saja.
Kompile source
#make && make install
Keterangan tambahan :
–enable-auth=basic \\
–enable-basic-auth-helpers=NCSA
Digunakan jika proxy squid akan digunakan dengan menggunakan authentikasi user.
Tanda # didepan perintah maksudnya adalah root di dalam bash bukan comment.
Setelah instalasi selesai dan tidak terdapat kesalahan, langkah berikutnya adalah mengatur konfigurasi squid, bukalah file /etc/squid.conf dengan editor teks favorit anda (vi, pico, dll), file ini adalah file konfigurasi squid.
#pico -w /etc/squid.conf (Silahkan edit dengan editor kesukaan anda)
Rubahlah konfigurasi default squid.conf di sesuaikan dengan kebutuhan.
Jangan lupa untuk membuang yang kira kira tidak perlu dan membebani server.
agar squid dapat berjalan transparan maka untuk squid versi 2.6 keatas dapat memberikan opsi :
–> http_port 3128 transparent
di dalam confignya.
Sebelum squid dapat berjalan, anda harus menciptakan direktori swap. Lakukanlah dengan menjalankan perintah :
#/squid/sbin/squid -z
Perintah ini hanya perlu dijalankan satu kali saja ketika squid pertama kali akan dijalankan pada komputer anda.
Cek dulu konfigurasi squid sudah benar atau belum
#/squid/sbin/squid -k parse
Kalo masih terdapat kesalahan atau error silahkan di edit kembali konfigurasinya.
Untuk menjalankan squid gunakan perintah :
#/squid/sbin/squid -sYD
setting transparan iptables nya :
Buat file transparannya biar mudah memanggilnya :
#pico /etc/rc.d/rc.nat
isi dengan :
# Redirect proxy
for SQUID in 80 3128 444 3127 3129
do
iptables -t nat -A PREROUTING -p tcp –dport $SQUID -j REDIRECT –to-ports 3128
done
–> Hal diatas memiliki maksud semua port yang menuju ke 80,3128,444,3127,3129 di redirect ke 3128
Buatlah file agar dapat di eksekusi
#chmod +x /etc/rc.d/rc.nat
Jalankan transparan :
#/etc/rc.d/rc.nat
Untuk membuat squid jalan sendiri setiap kali booting maka tambah kan perintah di atas di /etc/rc.d/rc.local
#pico /etc/rc.d/rc.local
tambahkan baris :
# Squid Proxy Cache
/squid/sbin/squid -sYD
# Transparan Proxy
/etc/rc.d/rc.nat
squid.conf pclinuxos minime 2008 + ceria
#============================================================$
# $
# SQUID PROXY CACHE $
# di pclinuxos minime 2008 $
# ceria internet $
#============================================================$
http_port 3128 transparent
icp_port 3130
redirect_program /usr/local/adzap/scripts/wrapzap
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
#cache_peer random.us.ircache.net parent 3128 3130 login=poerwo2211@yahoo.com:GawyamRonCietbu
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 20 KB
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache1 7000 17 256
#cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
dns_nameservers 202.43.178.10 202.43.178.245 208.67.202.202
#============================================================$
# Refresh Rate
#============================================================$
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
refresh_pattern -i \.(class|css|js|tif)$ 1440 95% 10080
refresh_pattern -i \.(jpe|jpg|jpeg|png|bmp|gif)$ 1440 95% 10080
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|3gp)$ 10080 95% 20160
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 95% 20160
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 95% 20160
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 95% 20160
refresh_pattern -i \.(pdf|rtf|doc|swf|txt)$ 1440 95% 20160
refresh_pattern -i \.(inc|cab|ad|hqx|dll)$ 10080 95% 43200
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320
refresh_pattern -i \? 2 20% 4320
refresh_pattern ^http://*.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://mail1.plasa.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 60 20% 360
refresh_pattern ^http://*.detikinet.*/.* 60 20% 360
refresh_pattern ^http://*.detikhot.*/.* 60 20% 360
refresh_pattern ^http://*.detiportal.*/.* 60 100% 360
refresh_pattern ^http://*.kompas.*/.* 60 20% 360
refresh_pattern ^http://*.trans7.*/.* 720 100% 4320
refresh_pattern ^http://*.rcti.*/.* 720 100% 4320
refresh_pattern ^http://*.indosiar.*/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
client_lifetime 60 minutes
half_closed_clients off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl skynet src 192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl rumah src 192.168.0.1-192.168.0.3
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
acl BROWSER browser -i firefox \(compatible; MSIE\)
#acl boleh time 21:00-23:58
#acl boleh1 time 00:01-10:00
#acl kost proxy_auth REQUIRED
#acl ncsa_users proxy_auth REQUIRED
http_access allow manager
http_access allow localhost
http_access allow skynet
http_access allow rumah
http_access allow kost
#http_access allow ncsa_users outsider
auth_param basic children 5
#http_access allow kost
#http_access allow outsider
http_access deny !Safe_ports
http_access deny BROWSER
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow all
always_direct allow localhost
always_direct deny all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# MISCELLANEOUS
#============================================================$
forwarded_for off
header_access From deny all
logfile_rotate 3
reload_into_ims on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
offline_mode off
icp_hit_stale on
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i .wmv .swf .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip .pdf .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma .vlf .gif .jpeg
delay_pools 1
delay_class 1 1
delay_parameters 1 2500/3500
delay_access 1 allow download !skynet !rumah
delay_access 1 deny all
#delay_pools 2
# Silahkan diisi
#============================================================$
# SNMP
#============================================================$
#acl snmpcommunity snmp_community public
#snmp_port 3401
#snmp_access allow snmpcommunity localhost
#snmp_access deny all
internet cdma ceria + Huawei ETS 2058 di PCLINUXOS (Pecas ndahe…..)
ceria ngeluarin paket promosi inet 100 rb perbulan flat, karena haus koneksi murah akhirnya dibela-belain daftar, paketnya perdana + pulsa 100 rb + Fixed Wireles terminal Huawei ETS 2058 dengan koneksi ke pc menggunakan usbserial
pas trial oleh mas dari ceria pas dikantor, gampang sekali install driver terus konek… udah deh, bisa browsing ….speednya lumayan banter, sapek dirumah dengan semangat tinggi nyalain pc, boot ke pclinuxos minime 2008, terus masukin kabel data usbserialnya ke pc….bencana terjadi
pas dikonsole tak ketik dmesg, usbserialnya dikenali dengan baik, tetapi kok ada errornya ….yang bikin kabel data itu gak bisa dikenali di /dev/tty mana, ini keluaran dmesgnya
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for TI USB 3410 1 port adapter
drivers/usb/serial/usb-serial.c: USB Serial support registered for TI USB 5052 2 port adapter
ti_usb_3410_5052 2-1:1.0: TI USB 3410 1 port adapter converter detected
ti_usb_3410_5052: probe of 2-1:1.0 failed with error -5
usbcore: registered new interface driver ti_usb_3410_5052
drivers/usb/serial/ti_usb_3410_5052.c: TI USB 3410/5052 Serial Driver v0.9
sempat mumet juga, masak sih udah beli gak bisa dipake di linux, akhirnya coba boot ke slackware 12, kasus yang sama terjadi….1 jam utak-atik, gak ketemu2 akhirnya nanya mbah google (koneksi masih pake quasar si tukang cekik itu..he..he), akhirnya ketemu, dan ternyata simple sekali, hanya kasih perintah di konsole as root
echo 2 > /sys/bus/usb/devices/2-1/bConfigurationValue (sesuaikan angka 2-1 dg ” ti_usb_3410_5052: probe of 2-1:1.0 failed with error -5 ” angka setelah kata probe of)
dan usbserial dikenali di /dev/ttyUSB0, setting wvdial.conf seperti ini
[Dialer ceria]
Modem = /dev/ttyUSB0
Baud = 230400
Phone = #777
Init1 = ATZ
Stupid Mode = 1
Dial Command = ATDT
Username=internet
Password=ceria
habis itu ketik wvdial ceria dan tekan enter, akhirnya bisa konek ke inet dengan pclinuxos…….Alhamdulillah…he..he
ada cara baru lagi jadi setiap habis nyolokin kabel data usbnya gak usah repot-repot ngasih perintah echo 2….bla..bla di atas
bikin aja file di /etc/udev/rules.d/ dan kasih nama 026_ti_usb_3410.rules
dan isi filenya sebagai berikut :
#TI USB 3410
SUBSYSTEM==”usb_device” ACTION==”add” SYSFS{idVendor}==”0451″,SYSFS{idProduct}==”3410″ \
SYSFS{bNumConfigurations}==”2″ \
SYSFS{bConfigurationValue}==”1″ \
RUN+=”/bin/sh -c ‘echo 2 > /sys%p/device/bConfigurationValue’”
setelah itu coba reboot pcnya dan tancapkan kable datanya, kalo gak ada yg salah maka akan dikenali di /dev/ttyUSB0
selamat mencoba
squid di pclinuxos minime 2008 (mobilequ gprs internet connection)
ini squid.conf ku di pclinuxos, koneksi gprs yg lumayan banter walau kadang2 kalo download sering di drop…he..he, aku bagi untuk satu rumah (istri dan anak2 kost), lumayan lah di klient lumayan banter
#============================================================$
# $
# SQUID PROXY CACHE $
# di pclinuxos minime 2008 $
# gprs xl mobilequ $
#============================================================$
http_port 3128 transparent
icp_port 3130
redirect_program /usr/local/adzap/scripts/wrapzap
cache_peer 202.81.52.107 parent 8080 3130 no-query default
cache_peer 127.0.0.1 parent 8123 3130 no-query default
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost mobilequ mobilequ.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost mobilequ mobilequ.net.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 20 KB
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
store_dir_select_algorithm round-robin
high_memory_warning 70 MB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache1 7000 17 256
cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
#cache_log /dev/null
#cache_store_log /dev/null
#mime_table /etc/squid/mime.conf
#pid_filename /var/run/squid.pid
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
#cache_dns_program /squid/libexec/dnsserver
#dns_children 24
dns_nameservers 127.0.0.1 208.67.222.222 202.81.63.177 208.67.202.202
#============================================================$
# Refresh Rate
#============================================================$
refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://*.forum.linux.or.id/.* 720 100% 10080
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://*.forum.linux.or.id/.* 720 100% 7200
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://detik.com/.* 720 90% 2880
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
refresh_pattern ^ftp: 14400 90% 43200 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
client_lifetime 60 minutes
half_closed_clients off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl skynet src 192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl rumah src 192.168.0.1-192.168.0.3
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
#acl boleh time 21:00-23:58
#acl boleh1 time 00:01-10:00
#acl kost proxy_auth REQUIRED
acl ncsa_users proxy_auth REQUIRED
http_access allow manager
http_access allow localhost
http_access allow skynet
http_access allow rumah
http_access allow ncsa_users outsider
auth_param basic children 5
http_access allow kost
#http_access allow outsider
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow all
always_direct allow localhost
always_direct deny all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# Transparent proxy setting
#============================================================$
forwarded_for off
header_access From deny all
#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct on
memory_pools on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
offline_mode off
icp_hit_stale on
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip .pdf .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma
delay_pools 3
delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow skynet
delay_access 1 deny all
delay_class 2 1
delay_parameters 2 1000/1500
delay_access 2 allow kost
delay_access 2 allow outsider
delay_access 2 deny all
delay_class 3 1
delay_parameters 3 1000/1000
delay_access 3 allow download !skynet
delay_access 3 deny all
