squid konfigurasi lumayan banter
http_port 3128 transparent
icp_port 3130
acl youtube dstdomain -i .youtube.com
acl striming url_regex -i get_video\?video_id videodownload\?
cache allow youtube
cache allow striming
#redirect_program /usr/local/adzap/scripts/wrapzap
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#cache_peer proxies.telkom.net.id parent 8080 3130
#cache_peer proxy-sby.telkom.net.id sibling 8080 3130
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 64 MB
maximum_object_size_in_memory 16 KB
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 8192
ipcache_low 98
ipcache_high 99
fqdncache_size 8192
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache 7000 17 256
#cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
#cache_dns_program /usr/sbin/dnsserver
dns_nameservers 192.168.0.254 202.154.1.2 208.67.202.202 202.134.2.5 202.134.0.155
#============================================================$
# Refresh Rate
#============================================================$
#refresh_pattern ^ftp: 20160 95% 241920 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache ignore-private ignore-auth
#refresh_pattern . 1440 95% 120960 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern ^ftp: 20160 95% 241920 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache
refresh_pattern . 1440 95% 120960 reload-into-ims override-lastmod override-expire reload-into-ims ignore-no-cache
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
negative_ttl 2 minutes
half_closed_clients off
read_timeout 15 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
shutdown_lifetime 10 seconds
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.252
acl butiti src 192.168.0.3
acl pecenx src 192.168.0.2
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access allow butiti
http_access allow kost
http_access allow pecenx
http_access deny outsider
http_reply_access allow all
icp_access allow all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# MISCELLANEOUS
#============================================================$
offline_mode off
forwarded_for on
#ssl_unclean_shutdown on
memory_pools off
header_access From deny all
logfile_rotate 7
reload_into_ims on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
icp_hit_stale on
log_icp_queries off
strip_query_terms off
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
reload_into_ims on
pipeline_prefetch on
ie_refresh on
vary_ignore_expire on
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.bin$
acl download url_regex -i \.ac3$ \.cda$ \.vro$
acl akses_donlot url_regex -i ftp .exe .dll .zip .rar .rpm .tgz
acl akses_donlot url_regex -i ftp .tar.gz .tar.bz2 .iso .avi .mov .wmv .3gp .bin
acl akses_donlot url_regex -i ftp .mpg .mpeg .mp3 .ram .rm .flv
acl akses_donlot url_regex -i .exe .dll .zip .rar .rpm .tgz
acl akses_donlot url_regex -i .tar.gz .tar.bz2 .iso .avi .mov
acl akses_donlot url_regex -i .mpg .mpeg .mp3 .ram .rm .flv
acl kenadelay url_regex -i .jpg .gif .doc .xls .zip .rar
acl aplot method POST
delay_pools 3
delay_class 1 2
delay_parameters 1 4000/8000 4000/4000
delay_access 1 allow download
delay_access 1 allow pecenx akses_donlot
delay_access 1 allow striming
delay_access 1 allow aplot kenadelay
delay_access 1 deny all
delay_class 2 2
delay_parameters 2 64000/128000 10000/64000
delay_access 2 allow pecenx
delay_access 2 deny all
delay_class 3 2
delay_parameters 3 5000/6000 3000/5000
delay_access 3 allow kost
delay_access 3 deny all
iptables transparent proxy
#!/bin/sh
# Setting IPTABLES paling sederhana untuk masquerading
######################################################
# Konstanta
$IPT=”iptables”
$LOAD=”/sbin/modprobe”
# Interface
# Kalau pakai modem, ganti RED=ppp0
RED=”eth0″
RED_NET=192.168.1.2
#BLUE=ra0
#BLUE_NET=192.168.2.0/24
GREEN=”eth1″
GREEN_NET=192.168.0.0/24
PORT=”3128″
#——————————–
# Inisialisasi IPTABLES
$LOAD ip_tables
$LOAD iptable_filter
$LOAD iptable_nat
$LOAD ip_conntrack
$LOAD ip_conntrack_ftp
$LOAD ip_nat_ftp
$LOAD ip_conntrack_irc
$LOAD ip_nat_irc
#——————————–
# Kosongkan rumus-rumus IPTABLES
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
#——————————–
# Rumus default
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
#——————————–
#ip route add default scope global nexthop via 192.168.100.101 dev $RED weight 1 nexthop via 10.64.64.65 dev $BLUE weight 1
# Rumus masquerading, IP statik
#$IPT -t nat -A POSTROUTING -o $RED -j SNAT –to -source $RED_IP
# Rumus masquerading, lebih komplit
#$IPT -t nat -A POSTROUTING -s $GREEN_NET -o $RED -j SNAT –to -source $RED_NET
# Kalau RED anda IP dinamik (ppp0), gunakan
$IPT -t nat -A POSTROUTING -o $RED -j MASQUERADE
# $IPT -t nat -A POSTROUTING -o $BLUE -j MASQUERADE
$IPT -t nat -A PREROUTING -i $GREEN -p tcp –dport 80 -j REDIRECT –to-port $PORT
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j REDIRECT –to-port 3128
# $IPT -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to- destination 192.168.0.254:3128
#$IPT -A INPUT -i $BLUE -p tcp -d 192.168.0.254 -s 192.168.1.1 –dport 9333 -m state –state NEW,ESTABLISHED -j ACCEPT
#$IPT -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT –to 192.168.0.254
#$IPT -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-port 3128
#$IPT -t filter -A INPUT -p tcp –dport 9333 -j ACCEPT
#——————————–
# Rumus forward, hanya dari dalam atau luar related
#$IPT -t mangle -A PREROUTING -d 10.1.2.10 -j DROP
$IPT -A FORWARD -i $GREEN -o $RED -j ACCEPT
#$IPT -A FORWARD -i $BLUE -o $RED -j ACCEPT
$IPT -A FORWARD -i $RED -o $GREEN -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $RED -o $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT
#——————————–
# Rumus INPUT, hanya terima dari dalam atau luar yang related
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $GREEN -j ACCEPT
#$IPT -A INPUT -i $BLUE -j ACCEPT
$IPT -A INPUT -i $RED -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A INPUT -p icmp -m icmp –icmp-type echo-request -j REJECT
#$IPT -A OUTPUT -p icmp -m icmp –icmp-type echo-reply -j REJECT
#$IPT -A FORWARD -p ICMP -i $GREEN –icmp-type 24 -j REJECT
#$IPT -A FORWARD -p ICMP -i $BLUE –icmp-type 24 -j REJECT
#$IPT -A INPUT -i $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT
#——————————–
## Allow some ports
if [ "$PORT_IN" != "ALL" ]; then
for PORT in $PORT_IN ; do
$IPT -A INPUT -p udp –dport $PORT -j ACCEPT
$IPT -A INPUT -p tcp –dport $PORT -j ACCEPT
done
else
$IPT -A INPUT -p udp -j ACCEPT
$IPT -A INPUT -p tcp -j ACCEPT
fi
# Hidupkan forwarding
echo “1″ > /proc/sys/net/ipv4/ip_forward
Install squid Linux
#wget
Code:
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9-20070220.tar.gz
Extract squid tersebut
#tar -zxvf squid-2.6.STABLE9-20070220.tar.gz -C /usr/local/src (sembarang mau ditaruh di mana hasil ekstraknya squid).
Masuk ke direktori ekstrak squid tersebut
#cd /usr/local/src/squid-2.6.STABLE9-20070220
Buat group dan user yang akan di gunakan untuk menjalankan squid
#groupadd squid_
#useradd -c \”SQUID PROXY CACHE\” -d /dev/null -s /bin/false -g _squid _squid
Configure dan install squid
#./configure \\
–prefix=/squid/ –sysconfdir=/etc/ –enable-gnuregex –enable-async-io=16 \\
–with-aufs-threads=16 –with-pthreads –with-aio –with-dl \\
–enable-storeio=aufs –enable-removal-policies=heap –enable-delay-pools \\
–disable-wccp –enable-cache-digests –enable-default-err-languages=English \\
–enable-err-languages=English –enable-linux-netfilter –disable-ident-lookups \\
–disable-hostname-checks –enable-underscores –enable-snmp –enable-useragent-log \\
–disable-wccpv2 –enable-epoll –disable-internal-dns –enable-htcp
Keterangan opsi :
–enable-async-io=16 dan –with-aufs-threads=16 di sesuaikan dengan kemampuan mesin server
Untuk pentium III dengan ram 128 kebawah dapat menggunakan 8
Untuk pentium III ram 128 s/d PIV 1,8 Ghz ram 256 dapat menggunakan 16
Untuk pentium IV ram 256 1,8 s/d PIV 2,4 ram 256 dapat menggunakan 24
Untuk pentium di atasnya atau sekelasnya dapat menggunakan 32
Pilihan diatas hanya sebuah perkiraan karena saya hanya menggunakan P4 ram 256 saja.
Kompile source
#make && make install
Keterangan tambahan :
–enable-auth=basic \\
–enable-basic-auth-helpers=NCSA
Digunakan jika proxy squid akan digunakan dengan menggunakan authentikasi user.
Tanda # didepan perintah maksudnya adalah root di dalam bash bukan comment.
Setelah instalasi selesai dan tidak terdapat kesalahan, langkah berikutnya adalah mengatur konfigurasi squid, bukalah file /etc/squid.conf dengan editor teks favorit anda (vi, pico, dll), file ini adalah file konfigurasi squid.
#pico -w /etc/squid.conf (Silahkan edit dengan editor kesukaan anda)
Rubahlah konfigurasi default squid.conf di sesuaikan dengan kebutuhan.
Jangan lupa untuk membuang yang kira kira tidak perlu dan membebani server.
agar squid dapat berjalan transparan maka untuk squid versi 2.6 keatas dapat memberikan opsi :
–> http_port 3128 transparent
di dalam confignya.
Sebelum squid dapat berjalan, anda harus menciptakan direktori swap. Lakukanlah dengan menjalankan perintah :
#/squid/sbin/squid -z
Perintah ini hanya perlu dijalankan satu kali saja ketika squid pertama kali akan dijalankan pada komputer anda.
Cek dulu konfigurasi squid sudah benar atau belum
#/squid/sbin/squid -k parse
Kalo masih terdapat kesalahan atau error silahkan di edit kembali konfigurasinya.
Untuk menjalankan squid gunakan perintah :
#/squid/sbin/squid -sYD
setting transparan iptables nya :
Buat file transparannya biar mudah memanggilnya :
#pico /etc/rc.d/rc.nat
isi dengan :
# Redirect proxy
for SQUID in 80 3128 444 3127 3129
do
iptables -t nat -A PREROUTING -p tcp –dport $SQUID -j REDIRECT –to-ports 3128
done
–> Hal diatas memiliki maksud semua port yang menuju ke 80,3128,444,3127,3129 di redirect ke 3128
Buatlah file agar dapat di eksekusi
#chmod +x /etc/rc.d/rc.nat
Jalankan transparan :
#/etc/rc.d/rc.nat
Untuk membuat squid jalan sendiri setiap kali booting maka tambah kan perintah di atas di /etc/rc.d/rc.local
#pico /etc/rc.d/rc.local
tambahkan baris :
# Squid Proxy Cache
/squid/sbin/squid -sYD
# Transparan Proxy
/etc/rc.d/rc.nat
squid.conf pclinuxos minime 2008 + ceria
#============================================================$
# $
# SQUID PROXY CACHE $
# di pclinuxos minime 2008 $
# ceria internet $
#============================================================$
http_port 3128 transparent
icp_port 3130
redirect_program /usr/local/adzap/scripts/wrapzap
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
#cache_peer random.us.ircache.net parent 3128 3130 login=poerwo2211@yahoo.com:GawyamRonCietbu
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost kambing.ui.edu buaya.klas.or.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 20 KB
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache1 7000 17 256
#cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
dns_nameservers 202.43.178.10 202.43.178.245 208.67.202.202
#============================================================$
# Refresh Rate
#============================================================$
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
refresh_pattern -i \.(class|css|js|tif)$ 1440 95% 10080
refresh_pattern -i \.(jpe|jpg|jpeg|png|bmp|gif)$ 1440 95% 10080
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|3gp)$ 10080 95% 20160
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 95% 20160
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 95% 20160
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 95% 20160
refresh_pattern -i \.(pdf|rtf|doc|swf|txt)$ 1440 95% 20160
refresh_pattern -i \.(inc|cab|ad|hqx|dll)$ 10080 95% 43200
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320
refresh_pattern -i \? 2 20% 4320
refresh_pattern ^http://*.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://mail1.plasa.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.detik.*/.* 60 20% 360
refresh_pattern ^http://*.detikinet.*/.* 60 20% 360
refresh_pattern ^http://*.detikhot.*/.* 60 20% 360
refresh_pattern ^http://*.detiportal.*/.* 60 100% 360
refresh_pattern ^http://*.kompas.*/.* 60 20% 360
refresh_pattern ^http://*.trans7.*/.* 720 100% 4320
refresh_pattern ^http://*.rcti.*/.* 720 100% 4320
refresh_pattern ^http://*.indosiar.*/.* 720 100% 4320
refresh_pattern ^http://*.kapanlagi.*/.* 720 100% 4320
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
client_lifetime 60 minutes
half_closed_clients off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl skynet src 192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl rumah src 192.168.0.1-192.168.0.3
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
acl BROWSER browser -i firefox \(compatible; MSIE\)
#acl boleh time 21:00-23:58
#acl boleh1 time 00:01-10:00
#acl kost proxy_auth REQUIRED
#acl ncsa_users proxy_auth REQUIRED
http_access allow manager
http_access allow localhost
http_access allow skynet
http_access allow rumah
http_access allow kost
#http_access allow ncsa_users outsider
auth_param basic children 5
#http_access allow kost
#http_access allow outsider
http_access deny !Safe_ports
http_access deny BROWSER
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow all
always_direct allow localhost
always_direct deny all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# MISCELLANEOUS
#============================================================$
forwarded_for off
header_access From deny all
logfile_rotate 3
reload_into_ims on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
offline_mode off
icp_hit_stale on
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i .wmv .swf .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip .pdf .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma .vlf .gif .jpeg
delay_pools 1
delay_class 1 1
delay_parameters 1 2500/3500
delay_access 1 allow download !skynet !rumah
delay_access 1 deny all
#delay_pools 2
# Silahkan diisi
#============================================================$
# SNMP
#============================================================$
#acl snmpcommunity snmp_community public
#snmp_port 3401
#snmp_access allow snmpcommunity localhost
#snmp_access deny all
internet cdma ceria + Huawei ETS 2058 di PCLINUXOS (Pecas ndahe…..)
ceria ngeluarin paket promosi inet 100 rb perbulan flat, karena haus koneksi murah akhirnya dibela-belain daftar, paketnya perdana + pulsa 100 rb + Fixed Wireles terminal Huawei ETS 2058 dengan koneksi ke pc menggunakan usbserial
pas trial oleh mas dari ceria pas dikantor, gampang sekali install driver terus konek… udah deh, bisa browsing ….speednya lumayan banter, sapek dirumah dengan semangat tinggi nyalain pc, boot ke pclinuxos minime 2008, terus masukin kabel data usbserialnya ke pc….bencana terjadi
pas dikonsole tak ketik dmesg, usbserialnya dikenali dengan baik, tetapi kok ada errornya ….yang bikin kabel data itu gak bisa dikenali di /dev/tty mana, ini keluaran dmesgnya
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for TI USB 3410 1 port adapter
drivers/usb/serial/usb-serial.c: USB Serial support registered for TI USB 5052 2 port adapter
ti_usb_3410_5052 2-1:1.0: TI USB 3410 1 port adapter converter detected
ti_usb_3410_5052: probe of 2-1:1.0 failed with error -5
usbcore: registered new interface driver ti_usb_3410_5052
drivers/usb/serial/ti_usb_3410_5052.c: TI USB 3410/5052 Serial Driver v0.9
sempat mumet juga, masak sih udah beli gak bisa dipake di linux, akhirnya coba boot ke slackware 12, kasus yang sama terjadi….1 jam utak-atik, gak ketemu2 akhirnya nanya mbah google (koneksi masih pake quasar si tukang cekik itu..he..he), akhirnya ketemu, dan ternyata simple sekali, hanya kasih perintah di konsole as root
echo 2 > /sys/bus/usb/devices/2-1/bConfigurationValue (sesuaikan angka 2-1 dg ” ti_usb_3410_5052: probe of 2-1:1.0 failed with error -5 ” angka setelah kata probe of)
dan usbserial dikenali di /dev/ttyUSB0, setting wvdial.conf seperti ini
[Dialer ceria]
Modem = /dev/ttyUSB0
Baud = 230400
Phone = #777
Init1 = ATZ
Stupid Mode = 1
Dial Command = ATDT
Username=internet
Password=ceria
habis itu ketik wvdial ceria dan tekan enter, akhirnya bisa konek ke inet dengan pclinuxos…….Alhamdulillah…he..he
ada cara baru lagi jadi setiap habis nyolokin kabel data usbnya gak usah repot-repot ngasih perintah echo 2….bla..bla di atas
bikin aja file di /etc/udev/rules.d/ dan kasih nama 026_ti_usb_3410.rules
dan isi filenya sebagai berikut :
#TI USB 3410
SUBSYSTEM==”usb_device” ACTION==”add” SYSFS{idVendor}==”0451″,SYSFS{idProduct}==”3410″ \
SYSFS{bNumConfigurations}==”2″ \
SYSFS{bConfigurationValue}==”1″ \
RUN+=”/bin/sh -c ‘echo 2 > /sys%p/device/bConfigurationValue’”
setelah itu coba reboot pcnya dan tancapkan kable datanya, kalo gak ada yg salah maka akan dikenali di /dev/ttyUSB0
selamat mencoba
squid di pclinuxos minime 2008 (mobilequ gprs internet connection)
ini squid.conf ku di pclinuxos, koneksi gprs yg lumayan banter walau kadang2 kalo download sering di drop…he..he, aku bagi untuk satu rumah (istri dan anak2 kost), lumayan lah di klient lumayan banter
#============================================================$
# $
# SQUID PROXY CACHE $
# di pclinuxos minime 2008 $
# gprs xl mobilequ $
#============================================================$
http_port 3128 transparent
icp_port 3130
redirect_program /usr/local/adzap/scripts/wrapzap
cache_peer 202.81.52.107 parent 8080 3130 no-query default
cache_peer 127.0.0.1 parent 8123 3130 no-query default
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
#============================================================$
hierarchy_stoplist cgi-bin ? .js .jsp localhost mobilequ mobilequ.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp localhost mobilequ mobilequ.net.id
no_cache deny QUERY
#============================================================$
#============================================================$
# OPTIONS WHICH AFFECT THE CACHE SIZE
#============================================================$
cache_mem 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 20 KB
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
store_dir_select_algorithm round-robin
high_memory_warning 70 MB
ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 2048
#============================================================$
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#============================================================$
#cache_dir aufs /cache1 4500 18 256
cache_dir aufs /cache1 7000 17 256
cache_dir aufs /cache2 3200 8 256
cache_access_log /var/log/squid/access.log
#cache_log /dev/null
#cache_store_log /dev/null
#mime_table /etc/squid/mime.conf
#pid_filename /var/run/squid.pid
log_fqdn off
log_icp_queries off
log_mime_hdrs off
log_ip_on_direct off
debug_options ALL,1
emulate_httpd_log off
#============================================================$
# FTP section
#============================================================$
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
#cache_dns_program /squid/libexec/dnsserver
#dns_children 24
dns_nameservers 127.0.0.1 208.67.222.222 202.81.63.177 208.67.202.202
#============================================================$
# Refresh Rate
#============================================================$
refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://*.forum.linux.or.id/.* 720 100% 10080
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://*.forum.linux.or.id/.* 720 100% 7200
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://detik.com/.* 720 90% 2880
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
refresh_pattern ^ftp: 14400 90% 43200 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
client_lifetime 60 minutes
half_closed_clients off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
#============================================================$
# ACL section
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl skynet src 192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl rumah src 192.168.0.1-192.168.0.3
acl kost src 192.168.0.4-192.168.0.10
acl outsider src 192.168.0.11-192.168.0.252
#acl boleh time 21:00-23:58
#acl boleh1 time 00:01-10:00
#acl kost proxy_auth REQUIRED
acl ncsa_users proxy_auth REQUIRED
http_access allow manager
http_access allow localhost
http_access allow skynet
http_access allow rumah
http_access allow ncsa_users outsider
auth_param basic children 5
http_access allow kost
#http_access allow outsider
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow all
always_direct allow localhost
always_direct deny all
cache_mgr poerwo2211@yahoo.com
#cache_effective_user _squid
#cache_effective_group _squid
visible_hostname poerwo2211@gmail.com
#============================================================$
# Transparent proxy setting
#============================================================$
forwarded_for off
header_access From deny all
#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct on
memory_pools on
shutdown_lifetime 10 seconds
cachemgr_passwd disable shutdown
cachemgr_passwd all
buffered_logs off
offline_mode off
icp_hit_stale on
query_icmp on
ignore_unknown_nameservers on
acl hotmail dstdomain .hotmail.com .msn.com .passport.net .msn.co.id .passport.com
header_access Accept-Encoding deny hotmail
client_db on
#============================================================$
# DELAY POOLS
#============================================================$
acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .wmv .tar.bz .tar.bz2 .gz .rpm .zip .pdf .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar .doc .ppt .z .wmf .mov .arj .lzh .gzip .bin .wma
delay_pools 3
delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow skynet
delay_access 1 deny all
delay_class 2 1
delay_parameters 2 1000/1500
delay_access 2 allow kost
delay_access 2 allow outsider
delay_access 2 deny all
delay_class 3 1
delay_parameters 3 1000/1000
delay_access 3 allow download !skynet
delay_access 3 deny all
polipo proxy, gesit dan lincah
Lagi suka utak-atik polipo proxy nih, pake squid berat
polipo config ==========================================================
# Sample configuration file for Polipo. -*-sh-*-
# You should not need to use a configuration file; all configuration
# variables have reasonable defaults. If you want to use one, you
# can copy this to /etc/polipo/config or to ~/.polipo and modify.
# This file only contains some of the configuration variables; see the
# list given by “polipo -v” and the manual for more.
### Configuration from Mandriva RPM
### ********************************
# Jika ingin dijalankan sebagai daemon, set ke true
daemonise = true
# Permision untuk file di cache dan direktori cache
diskCacheFilePermissions = 0600
diskCacheDirectoryPermissions = 0700
disableLocalInterface = true
forbiddenUrl = http://localhost:8123/1×1.gif
# Masukkan alamat situs yang dilarang dibuka ke dalam file forbidden, seperti alamat banner iklan, dst
forbiddenFile = /etc/polipo/forbidden
# Masukkan alamat situs yang tidak ingin di cache ke dalam file uncachable.
uncachableFile = /etc/polipo/uncachable
## Uncomment this if you have no network:
## Un-comment untuk menjalankan mode Offline.
## Dengan mode Offline, maka anda bisa membuka halaman web yang sudah ter cache.
# proxyOffline = yes
## Uncomment these to use polipo with TOR
## Uncomment dan seting dibawah ini jika memakai Parent Proxy dengan TOR
## **************************************
# socksParentProxy=localhost:9050
# disableVia = true
### Basic configuration
### *******************
# Uncomment one of these if you want to allow remote clients to
# connect:
# Uncomment (Anda hilangkan tanda pagar) dan set IP untuk Polipo, agar Komputer Client lain
# Bisa konek dan memakai Polipo di komputer ini sebagai Proxy:
# proxyAddress = “::0″ # both IPv4 and IPv6 # Alamat IP dengan IPV$ dan IPV6
proxyAddress = “192.168.0.1″ # IPv4 only # Hanya alamat IP dalam IPV4
# If you do that, you’ll want to restrict the set of hosts allowed to
# connect:
# JIka anda lakukan hal diatas, maka anda ingin membatasi User yang Boleh
# melakukan koneksi.
# allowedClients = “134.157.168.57″
# allowedClients = “134.157.168.0/24″
# Uncomment this if you want your Polipo to identify itself by
# something else than the host name:
# Uncomment dan beri nama polipo proxy server dengan nama lain.
# default nya memakai host name:
proxyName = “cipung.biroe.net”
# Uncomment this if you want to use a parent proxy:
# Uncomment dibawah ini jika ingin menggunakan Parent Proxy:
# parentProxy = “squid.example.org:3128″
# Uncomment this if you want to use a parent SOCKS proxy:
# Uncomment dan seting dibawah ini jika memakai Parent Proxy SOCKS
# socksParentProxy = “localhost:9050″
# socksProxyType = socks5
# Uncoment this if the parent proxy requires authorisation:
# Uncomment dibawah ini dan setting ke user dan password buat Proxy Parrent:
# parentAuthCredentials = “user:password”
### Memory
### ******
# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):
# Uncoment dibawah ini jika punya memori RAM sedikit
# ( Bahkan Komputer Commodore C-64 bisa dipakai sebagai Polipo Proxy)
# chunkHighMark = 819200
# objectHighMark = 128
# Uncomment this if you’ve got plenty of memory:
# Uncomment ini jika punya banyak memori :
chunkHighMark = 50331648
objectHighMark = 16384
### On-disk data
### ************
# Uncomment this if you want to disable the on-disk cache:
# Un comment dibawah ini jika tidak ingin memakai on-disk cache
# (memakai partisi NFS yang sudah dimount):
# diskCacheRoot = “”
# Uncomment this if you want to put the on-disk cache in a -
# non-standard location :
# Uncoment dibawah ini jika ingin meletakkan on-disk cache -
# ke lokasi lain ( deafultnya di /var/cache/polipo ) :
# diskCacheRoot = “~/.polipo-cache/”
# Uncomment this if you want to disable the local web server:
# Uncomment dibawah ini jika ingin WebServer lokal Polipo di disable:
localDocumentRoot = “”
# Uncomment this if you want to enable the pages under /polipo/index?
# and /polipo/servers?. This is a serious privacy leak if your proxy
# is shared.
# disableIndexing = false
# disableServersList = false
### Domain Name System
### ******************
# Uncomment this if you want to contact IPv4 hosts only (and make DNS
# queries somewhat faster):
# Uncomment dibawah ini jika ingin meng koneksi ke jaringan IPV4 saja
# ( dan membuat Query DNS menjadi lebih cepat)
dnsQueryIPv6 = no
# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
# double-stack hosts:
# dnsQueryIPv6 = reluctantly
# Uncomment this to disable Polipo’s DNS resolver and use the system’s
# default resolver instead. If you do that, Polipo will freeze during
# every DNS query:
# Uncommnet dibawah ini jika ingin memakai DNS resolver system default,
# dan mematikan Polipo DNS resolver, tapi jika anda lakukan ini, Polipo
# akan “freeze” setiap kalau melakukan query DNS:
# dnsUseGethostbyname = yes
dnsUseGethostbyname = reluctantly
### HTTP
### ****
# Uncomment this if you want to slightly reduce the amount of
# information that you leak about yourself:
censoredHeaders = From, Accept-Language
#censoredHeaders = set-cookie, cookie, cookie2, from, accept-language, x-pad
censorReferer = maybe
# Uncomment this if you want to use Poor Man’s Multiplexing; increase
# the sizes if you’re on a fast line. They should each amount to a few
# seconds’ worth of transfer; if pmmSize is small, you’ll want
# pmmFirstSize to be larger.
# Note that PMM is somewhat unreliable.
pmmFirstSize = 16384
pmmSize = 8192
# Uncomment this if your user-agent does something reasonable with
# Warning headers (most don’t):
relaxTransparency = maybe
# Uncomment this if you never want to revalidate instances for which
# data is available (this is not a good idea):
#relaxTransparency = yes
# Uncomment this if you want to avoid revalidating instances with a
# Vary header (this violates RFC 2616):
# mindlesslyCacheVary = true
# Uncomment this if your Polipo is shared, and you like the warm
# feeling that comes from respecting the specs:
# Jika ingin Cache dari Polipo di Share untuk komputer lain, anda set ke “true”
# Jika hanya anda pakai sendiri, anda set ke “false”.
# Jika di Share, maka setting juga range IP dan IP buat Polipo Proxy nya.
cacheIsShared = true
# Jika ingin Halaman web yang redirect tidak di Cache, set ke “true”
# Jika ingin Halaman web yang redirect di Cache, set ke “false”
dontCacheRedirects = false
## Transparant Proxy
## *****************
# Uncoment this if you want Polipo behave as a transparent proxy
# Hilangkan Tanda pagar dibawah ini, jika kamu ingin Polipo menjadi Transparant Proxy
maxAge = 0
maxExpiresAge = 0
allowedPorts = 1-65535
tunnelAllowedPorts = 1-65535
diskCacheTruncateTime = 10
diskCacheUnlinkTime = 60
diskCacheTruncateSize = 4 MB
======================================================================
forbidden buat block iklan
===================================================
# Sample forbidden URLs file for polipo. -*-sh-*-
# Put this in /etc/polipo/forbidden or in ~/.polipo-forbidden.
# Forbid all hosts belonging to a given domain name:
/banners/
/banner/
doubleclick.net
ads.osdn.com
ads.osdn.net
ads.freshmeat.net
ads.netpool.net
flycast.com
ads-webad.sol.no .gif
www.linuxlinks.com/gif/ .gif
imgis.com
adforce.com
ads.admonitor.net
focalink.com
image.linkexchange.com
valueclick.com
bannerspace.com
dezines.com/banners
206.41.20.7 .gif
ads.web.aol.com
ad.preferences.com
209.207.224.220
ads.link4ads.com
sandpiper.net
webreference.com/ads
ads. msn.com/ads
wired.com/advertising
209.249.169.51
mediaplex.com
adclix.com
commonwealth
linuxkonsult.m.se
3rex.net
ads.x10.com
cmpnet.com/ads
hyperbanner.net
bustnet.com/cgi-bin/ads
www.eads.com/adserve
adserver.buttonware.net
adcenter.net
aftonbladet.se/annons
adcontroller.unicast.com
ads.zdnet.com
ads.fool.com
adserver
cgi-acc/clickthru
deja.com/ads
webconnect.net
.deja.com/ads/
www.heise.de/realmedia/ads/
adserv.spiegel.de/images/
media.fastclick.net
tribalfusion.com
gavzad
burstnet
googlesyndication.com
googlesyndication.com/
=====================================================================
dhuronet….profesional dong!!!!
sekitar 3 mingguan ini warnet kecil adikku langganan ke dhuronet, isp lokal di daerah kami yang memberikan layanan akses internet yang konsepnya mengacu ke RT-RW net. selama 3 mingguan ini kami pusing dibuatnya, dari masa trial sampai kami memutuskan untuk berlangganan ada aja problem yang terjadi, koneksi tiba-tiba putuslah, server mereka downlah, kena virus lah…macem-macem
karena marketing bilang kalo pelayanan 24 jam, maka setiap koneksi terputus kami selalu kontak dhuronet, teknisi memang langsung datang, tapi ya itu analisa yang diberikan lucu-lucu, para teknisi tersebut menganggap kami-kami seolah-olah belum tahu tentang jaringan komputer, terutama jaringan dengan wifi…(padahal memang baru tahu dikit he..he) tapi gak apa-apa lah, kan masih baru…cuman masalah yang begitu mengganggu selalu mereka beralasan komputer kami kena virus…padahal kami menggunakan linux..ha..ha..ha (ketawa ngakak sambil korek2 kuping) aku udah pake linux sejak redhat 6, belum pernah sekalipun pcku terkena virus, apalagi virus punyae windows…lha ini ada teknisi bilang (on the phone) pc kami kena virus, itu yang membuat koneksi tiba-tiba mati…..wah jadi bingung aku…..
selang beberapa menit mereka datang dengan jumawanya ke warnet adikku, dan mencoba untuk mengaktifkan koneksi kami lagi, ada kejadian sangat2 lucu disini, giliran lihat server kami pake linux mereka garuk2 kepala…dan bengong didepan pc tanpa tau apa yang harus dilakukan…..lah kok dhuronet teknisi begini direkrut sih, dan parahnya hampir semua teknisi yang pernah datang gak familiar sama linux…..gimana ini, maennya di jaringan kok gak paham linux….?????
tolong dhuronet, profesional dong….kami beli koneksi untuk dijual lagi..lha kalo sering mati gini kapan kami jualannya…..keamanan jaringannya tolong diperbaiki, mahasiswa sini banyak yang nyuri koneksi dari sampeyan lho…(aku tau karena di sini anak2 informatika suka nongkrong)
cari dong teknisi yang sedikit banyak… tahu tentang linux, minimal gimana ngeset ip di linux mereka tahu (dasar sekali kan…?)……
janjinya mana….? kami bayar registrasi penuh lho kok peralatan yang kami dapat cuman access point aja, mentang2 dekat ya….udah bisa konek terus peralatan lainnya gak perlu dipasang….
koneksi sekarang lemot abis, masak aku ngambil paket corporate 1 downlink Int up to 64 Kbps Uplink Int up to 64 Kbps IIX/local up to 128 Kbps tapi tiga hari ini kenyataannya setiap aku test download ke situs kambing.ui.edu dan buaya.klas.or.id yang biasanya cepet sekali (rata2 100Kbps) sekarang cuman dapat rata 5 Kbps, tak test dengan bandwith test dengan mengakses http://www.sijiwae.net/speedtest/ dan http://bwmeter.i2.co.id/ kalo pas beruntung bisa dapet 32Kbps kadang2 malah dua situs itu gak kebuka sama sekali…ampun deh…..perbulan 600 ribu lho (belum ppn), masak koneksinya kalah sama xlgprs flat yang cuman 250 rb perbulan, pake gprs lho gak pake 3G…..
aku udah konfirmasi berkali-kali, tapi tetep aja gak digubris….pusing aku, kalo memang begini terus, bisa2 bolo kurowo tak kerahin nih buat ngehack ini ISP biar mampus sekalian….
coba speedy udah masuk sini, udah tak buang isp ini…..gak profesional blas….ketipu aku…nasib2…
Kelingan sing ora-ora
seminggu ini gak ada ide, ngoprek linux…lagi jenuh, wifi kampus mati lagi..jadi gak bisa cari2 ide …di kantor, puasa2 gini kerjaan sepi, yo wis browsing ae…iseng2 buka friendster…hal yang gak pernah tak lakukan sebelumnya..he..he, coba2 searching..eh ketemu link temen lama jaman kuliah dulu…jadi kelingan sing ora2….kelingan ngobrol bareng..kelingan malu2…ha..ha….
for my old friend, thanks for the sweet memories
Beci’….wifi lo’ bisa…
hotspot kampus mati…pusing gak bisa ngenet gratis…starone mati juga gara2 pindah frekwensi kartuku jadi searching network melulu, mau ke Indosat ganti kartu males…panas jek…puasa lagi…ngrusak body…
