8287286 konfigurasi warnet spedy pakai mikrotik

8/8/2019 8287286 Konfigurasi Warnet Spedy Pakai Mikrotik

1/31

Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

Konfigurasi ini menggunakan modem 4 port Dlink dan settingnya seperti berikut :

192.168.1.1|modem 192.168.1.3 Proxy -> GW ke Modem yaitu 192.168.1.1||MIkrotik 192.168.1.2 Mikrotik >> GW ke Modem Yaitu 192.168.1.1|192.168.0.254 HUb -LANManagement BW

1. Konfig Mikrotinya :

MMM MMM KKK TTTTTTTTTTT KKKMMMM MMMM KKK TTTTTTTTTTT KKKMMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKKMMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKKMMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKKMMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode[admin@MikroTik] > export# may/20/2007 02:41:49 by RouterOS 2.9.27# software id = JI4S-NSN#

/ interface ethernetset Public name=Public mtu=1500 mac-address=00:15:E9:EF:86:FE arp=enableddisable-running-check=yes auto-negotiation=yes \full-duplex=yes cable-settings=default speed=100Mbps comment= disabled=noset Lan name=Lan mtu=1500 mac-address=00:01:02:97:D0:BE arp=enabled disable-running-check=yes auto-negotiation=yes \full-duplex=yes cable-settings=default speed=100Mbps comment= disabled=no

/ interface wireless security-profilesset default name=default mode=none authentication-types= unicast-ciphers=group-ciphers= wpa-pre-shared-key= \wpa2-pre-shared-key= eap-methods=passthrough tls-mode=no-certificates tls-certificate=none static-algo-0=none \static-key-0= static-algo-1=none static-key-1= static-algo-2=none static-key-2=static-algo-3=none \


2/31

static-key-3= static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key= \

radius-mac-authentication=no group-key-update=5m/ interface wireless alignset frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00filter-mac=00:00:00:00:00:00 ssid-all=no \frames-per-second=25 audio-min=-100 audio-max=-20

/ interface wireless snooperset multiple-channels=yes channel-time=200ms receive-errors=no

/ interface wireless snifferset multiple-channels=no channel-time=200ms only-headers=no receive-errors=nomemory-limit=10 file-name= file-limit=10 \streaming-enabled=no streaming-server=0.0.0.0 streaming-max-rate=0

/ interface l2tp-server serverset enabled=no max-mtu=1460 max-mru=1460authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption

/ interface pptp-server serverset enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2keepalive-timeout=30 \default-profile=default-encryption

/ ip pooladd name=dhcp_pool1 ranges=192.168.0.1-192.168.0.30

/ ip telephony region/ ip telephony gatekeeper

set gatekeeper=none remote-id= remote-address=0.0.0.0/ ip telephony aaaset use-radius-accounting=no interim-update=0s

/ ip telephony codecmove G.711-uLaw-64k/swmove G.711-ALaw-64k/swmove G.729A-8k/swmove G.729-8k/swmove G.723.1-6.3k/swmove GSM-06.10-13.2k/swmove LPC-10-2.5k/sw

/ ip accountingset enabled=no account-local-traffic=no threshold=256/ ip accounting web-accessset accessible-via-web=no address=0.0.0.0/0

/ ip serviceset telnet port=23 address=0.0.0.0/0 disabled=noset ftp port=21 address=0.0.0.0/0 disabled=noset www port=80 address=0.0.0.0/0 disabled=no


3/31

set ssh port=22 address=0.0.0.0/0 disabled=noset www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes

/ ip upnpset enabled=no allow-disable-external-interface=yes show-dummy-rule=yes

/ ip arp/ ip socksset enabled=no port=1080 connection-idle-timeout=2m max-connections=200

/ ip dnsset primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w

/ ip traffic-flowset enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s

/ ip addressadd address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255interface=Public comment= disabled=noadd address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255interface=Lan comment= disabled=no

/ ip proxyset enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000maximal-server-connectons=1000

/ ip proxy accessadd dst-port=23-25 action=deny comment=block telnet & spam e-mail relayingdisabled=no

/ ip neighbor discoveryset Public discover=yesset Lan discover=yes

/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=disabled=no

/ ip firewall mangleadd chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-

connection-mark=http_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=3128 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment= disabled=no


4/31

add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \

comment= disabled=noadd chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection new-connection-mark=ym_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=udp dst-port=27015 action=mark-connection new-connection-mark=cs_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection new-

connection-mark=irc_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=8291 action=mark-connection new-connection-mark=mt_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment= disabled=noadd chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment= disabled=no

add chain=prerouting protocol=tcp dst-port=22 action=mark-connection new-connection-mark=ssh_conn passthrough=yes \comment= disabled=noadd chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no comment= \disabled=noadd chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-mark=dns passthrough=no comment= disabled=noadd chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-mark=ym passthrough=no comment= disabled=noadd chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-

mark=cs passthrough=no comment= disabled=noadd chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-mark=irc passthrough=no comment= disabled=noadd chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-mark=mt passthrough=no comment= disabled=noadd chain=prerouting connection-mark=email_conn action=mark-packet new-packet-mark=email passthrough=no comment= \disabled=no


5/31

add chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-mark=ssh passthrough=no comment= disabled=no

add chain=prerouting src-address=192.168.0.0/24 action=mark-packet new-packet-mark=test-up passthrough=no comment=UP \TRAFFIC disabled=noadd chain=forward src-address=192.168.1.0/29 action=mark-connection new-connection-mark=test-conn passthrough=yes \comment=CONN-MARK disabled=noadd chain=forward in-interface=Public connection-mark=test-conn action=mark-packetnew-packet-mark=test-down \passthrough=no comment= DOWN-DIRECT CONNECTION disabled=noadd chain=forward in-interface=Public src-address=192.168.1.0/24 action=mark-connection new-connection-mark=test-conn \

passthrough=yes comment= disabled=noadd chain=output out-interface=Lan dst-address=192.168.0.0/24 action=mark-packetnew-packet-mark=test-down passthrough=no \comment=DOWN-VIA PROXY disabled=no

/ ip firewall natadd chain=srcnat out-interface=Public action=masquerade comment= disabled=noadd chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.3 to-ports=8080 comment= disabled=noadd chain=dstnat protocol=tcp dst-port=8080 action=dst-nat to-addresses=192.168.1.3 to-ports=3128 comment= disabled=noadd chain=dstnat protocol=tcp dst-port=3128 action=dst-nat to-addresses=192.168.1.3 to-

ports=8080 comment= disabled=noadd chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=disabled=yesadd chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=disabled=yesadd chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment=disabled=yes

/ ip firewall connection trackingset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-

close-timeout=10s udp-timeout=10s \udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no/ ip firewall filteradd chain=input connection-state=invalid action=drop comment=Drop invalidconnections disabled=noadd chain=input connection-state=established action=accept comment=Allowesatblished connections disabled=noadd chain=input connection-state=related action=accept comment=Allow related


6/31

connections disabled=noadd chain=input protocol=udp action=accept comment=Allow UDP disabled=no

add chain=input protocol=icmp action=accept comment=Allow ICMP disabled=noadd chain=input in-interface=!Public action=accept comment=Allow connection torouter from local network disabled=noadd chain=input action=drop comment=Drop everything else disabled=noadd chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-list=knock address-list-timeout=15s \comment= disabled=noadd chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-address-list address-list=safe \address-list-timeout=15m comment= disabled=noadd chain=input connection-state=established action=accept comment=accept

established connection packets disabled=noadd chain=input connection-state=related action=accept comment=accept relatedconnection packets disabled=noadd chain=input connection-state=invalid action=drop comment=drop invalid packetsdisabled=noadd chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=detect and drop portscan connections disabled=noadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_listaction=tarpit comment=suppress DoS attack \disabled=noadd chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list

address-list=black_list \address-list-timeout=1d comment=detect DoS attack disabled=noadd chain=input protocol=icmp action=jump jump-target=ICMP comment=jump tochain ICMP disabled=noadd chain=input action=jump jump-target=services comment=jump to chain servicesdisabled=noadd chain=input dst-address-type=broadcast action=accept comment=Allow BroadcastTraffic disabled=noadd chain=input action=log log-prefix=Filter: comment= disabled=noadd chain=input action=accept comment=Allow access to router from known networkdisabled=no

add chain=input src-address=192.168.0.0/24 action=accept comment= disabled=noadd chain=input src-address=192.168.1.0/24 action=accept comment= disabled=noadd chain=input action=drop comment=drop everything else disabled=noadd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=acceptcomment=0:0 and limit for 5pac/s disabled=noadd chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=acceptcomment=3:3 and limit for 5pac/s disabled=noadd chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept


7/31

comment=3:4 and limit for 5pac/s disabled=noadd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept

comment=8:0 and limit for 5pac/s disabled=noadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=acceptcomment=11:0 and limit for 5pac/s disabled=noadd chain=ICMP protocol=icmp action=drop comment=Drop everything elsedisabled=noadd chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=port scanners \address-list-timeout=2w comment=Port scanners to list disabled=noadd chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=port \scanners address-list-timeout=2w comment=NMAP FIN Stealth scan disabled=no

add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=port scanners \address-list-timeout=2w comment=SYN/FIN scan disabled=noadd chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=port scanners \address-list-timeout=2w comment=SYN/RST scan disabled=noadd chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=port \scanners address-list-timeout=2w comment=FIN/PSH/URG scan disabled=noadd chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=port scanners \

address-list-timeout=2w comment=ALL/ALL scan disabled=noadd chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=port \scanners address-list-timeout=2w comment=NMAP NULL scan disabled=noadd chain=input src-address-list=port scanners action=drop comment=dropping portscanners disabled=noadd chain=forward connection-state=established action=accept comment=allowestablished connections disabled=noadd chain=forward connection-state=related action=accept comment=allow relatedconnections disabled=noadd chain=forward connection-state=invalid action=drop comment=drop invalid

connections disabled=noadd chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop BlasterWorm disabled=noadd chain=virus protocol=udp dst-port=135-139 action=drop comment=DropMessenger Worm disabled=noadd chain=virus protocol=tcp dst-port=445 action=drop comment=Drop Blaster Wormdisabled=noadd chain=virus protocol=udp dst-port=445 action=drop comment=Drop Blaster Worm


8/31

disabled=noadd chain=virus protocol=tcp dst-port=593 action=drop comment=________

disabled=noadd chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=________disabled=noadd chain=virus protocol=tcp dst-port=1080 action=drop comment=Drop MyDoomdisabled=noadd chain=virus protocol=tcp dst-port=1214 action=drop comment=________disabled=noadd chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requesterdisabled=noadd chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm serverdisabled=no

add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen castdisabled=noadd chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafxdisabled=noadd chain=virus protocol=tcp dst-port=1377 action=drop comment=cichliddisabled=noadd chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Wormdisabled=noadd chain=virus protocol=tcp dst-port=2745 action=drop comment=Bagle Virusdisabled=noadd chain=virus protocol=tcp dst-port=2283 action=drop comment=Drop Dumaru.Y

disabled=noadd chain=virus protocol=tcp dst-port=2535 action=drop comment=Drop Beagledisabled=noadd chain=virus protocol=tcp dst-port=2745 action=drop comment=Drop Beagle.C-Kdisabled=noadd chain=virus protocol=tcp dst-port=3127 action=drop comment=Drop MyDoomdisabled=noadd chain=virus protocol=tcp dst-port=3410 action=drop comment=Drop BackdoorOptixPro disabled=noadd chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm disabled=noadd chain=virus protocol=udp dst-port=4444 action=drop comment=Worm

disabled=noadd chain=virus protocol=tcp dst-port=5554 action=drop comment=Drop Sasserdisabled=noadd chain=virus protocol=tcp dst-port=8866 action=drop comment=Drop Beagle.Bdisabled=noadd chain=virus protocol=tcp dst-port=9898 action=drop comment=Drop Dabber.A-Bdisabled=noadd chain=virus protocol=tcp dst-port=10000 action=drop comment=Drop Dumaru.Y


9/31

disabled=noadd chain=virus protocol=tcp dst-port=10080 action=drop comment=Drop MyDoom.B

disabled=noadd chain=virus protocol=tcp dst-port=12345 action=drop comment=Drop NetBusdisabled=noadd chain=virus protocol=tcp dst-port=17300 action=drop comment=Drop Kuang2disabled=noadd chain=virus protocol=tcp dst-port=27374 action=drop comment=Drop SubSevendisabled=noadd chain=virus protocol=tcp dst-port=65506 action=drop comment=Drop PhatBot,Agobot, Gaobot disabled=noadd chain=forward action=jump jump-target=virus comment=jump to the virus chaindisabled=no

add chain=input connection-state=invalid action=drop comment=Drop Invalidconnections disabled=noadd chain=input connection-state=established action=accept comment=AllowEstablished connections disabled=noadd chain=input protocol=udp action=accept comment=Allow UDP disabled=noadd chain=input protocol=icmp action=accept comment=Allow ICMP disabled=noadd chain=input src-address=192.168.0.0/24 action=accept comment=Allow access torouter from known network disabled=noadd chain=input src-address=63.219.6.0/24 action=accept comment= disabled=noadd chain=input src-address=125.0.0.0/8 action=accept comment= disabled=noadd chain=input action=drop comment=Drop anything else disabled=no

add chain=forward protocol=tcp connection-state=invalid action=drop comment=dropinvalid connections disabled=noadd chain=forward connection-state=established action=accept comment=allow alreadyestablished connections disabled=noadd chain=forward connection-state=related action=accept comment=allow relatedconnections disabled=noadd chain=forward src-address=0.0.0.0/8 action=drop comment= disabled=noadd chain=forward dst-address=0.0.0.0/8 action=drop comment= disabled=noadd chain=forward src-address=127.0.0.0/8 action=drop comment= disabled=noadd chain=forward dst-address=127.0.0.0/8 action=drop comment= disabled=noadd chain=forward src-address=224.0.0.0/3 action=drop comment= disabled=no

add chain=forward dst-address=224.0.0.0/3 action=drop comment= disabled=noadd chain=forward protocol=tcp action=jump jump-target=tcp comment= disabled=noadd chain=forward protocol=udp action=jump jump-target=udp comment=disabled=noadd chain=forward protocol=icmp action=jump jump-target=icmp comment=disabled=noadd chain=tcp protocol=tcp dst-port=69 action=drop comment=deny TFTPdisabled=no


10/31

add chain=tcp protocol=tcp dst-port=111 action=drop comment=deny RPC portmapperdisabled=no

add chain=tcp protocol=tcp dst-port=135 action=drop comment=deny RPC portmapperdisabled=noadd chain=tcp protocol=tcp dst-port=137-139 action=drop comment=deny NBTdisabled=noadd chain=tcp protocol=tcp dst-port=445 action=drop comment=deny cifs disabled=noadd chain=tcp protocol=tcp dst-port=2049 action=drop comment=deny NFSdisabled=noadd chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=deny NetBusdisabled=noadd chain=tcp protocol=tcp dst-port=20034 action=drop comment=deny NetBusdisabled=no

add chain=tcp protocol=tcp dst-port=3133 action=drop comment=deny BackOrifficedisabled=noadd chain=tcp protocol=tcp dst-port=67-68 action=drop comment=deny DHCPdisabled=noadd chain=udp protocol=udp dst-port=69 action=drop comment=deny TFTPdisabled=noadd chain=udp protocol=udp dst-port=111 action=drop comment=deny PRCportmapper disabled=noadd chain=udp protocol=udp dst-port=135 action=drop comment=deny PRCportmapper disabled=noadd chain=udp protocol=udp dst-port=137-139 action=drop comment=deny NBT

disabled=noadd chain=udp protocol=udp dst-port=2049 action=drop comment=deny NFSdisabled=noadd chain=udp protocol=udp dst-port=3133 action=drop comment=deny BackOrifficedisabled=noadd chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=drop invalidconnections disabled=noadd chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=allowestablished connections disabled=noadd chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=allowalready established connections disabled=no

add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=allow sourcequench disabled=noadd chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=allow echorequest disabled=noadd chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=allow timeexceed disabled=noadd chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=allowparameter bad disabled=no


11/31

add chain=icmp action=drop comment=deny all other types disabled=no/ ip firewall service-port

set ftp ports=21 disabled=noset tftp ports=69 disabled=yesset irc ports=6667 disabled=noset h323 disabled=yesset quake3 disabled=yesset gre disabled=yesset pptp disabled=yes

/ ip hotspot service-portset ftp ports=21 disabled=no

/ ip hotspot profileset default name=default hotspot-address=0.0.0.0 dns-name= html-directory=hotspot

rate-limit= http-proxy=0.0.0.0:0 \smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no

/ ip hotspot user profileset default name=default idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \transparent-proxy=yes open-status-page=always advertise=no

/ ip dhcp-serveradd name=dhcp1 interface=Lan lease-time=3d address-pool=dhcp_pool1 bootp-support=static add-arp=yes \authoritative=after-2sec-delay disabled=no

/ ip dhcp-server configset store-leases-disk=5m

/ ip dhcp-server leaseadd address=192.168.0.1 mac-address=00:13:D3:E4:FA:52 client-id=1:0:13:d3:e4:fa:52 server=dhcp1 comment= disabled=noadd address=192.168.0.2 mac-address=00:13:D3:FD:36:98 client-id=1:0:13:d3:fd:36:98 server=dhcp1 comment= disabled=noadd address=192.168.0.3 mac-address=00:13:D3:E4:FA:9D client-id=1:0:13:d3:e4:fa:9d server=dhcp1 comment= disabled=noadd address=192.168.0.4 mac-address=00:13:D3:FD:02:7E client-id=1:0:13:d3:fd:2:7eserver=dhcp1 comment= disabled=no

add address=192.168.0.5 mac-address=00:13:D3:E4:FA:30 client-id=1:0:13:d3:e4:fa:30 server=dhcp1 comment= disabled=noadd address=192.168.0.6 mac-address=00:13:D3:FD:36:61 client-id=1:0:13:d3:fd:36:61 server=dhcp1 comment= disabled=noadd address=192.168.0.11 mac-address=00:18:F3:43:D4:66 client-id=1:0:18:f3:43:d4:66 server=dhcp1 comment= disabled=noadd address=192.168.0.10 mac-address=00:13:D3:FD:37:BA client-id=1:0:13:d3:fd:37:ba server=dhcp1 comment= disabled=no


12/31

add address=192.168.0.9 mac-address=00:13:D3:C9:E7:C1 client-id=1:0:13:d3:c9:e7:c1 server=dhcp1 comment= disabled=no

add address=192.168.0.8 mac-address=00:13:D3:FD:36:6A client-id=1:0:13:d3:fd:36:6a server=dhcp1 comment= disabled=noadd address=192.168.0.7 mac-address=00:13:D3:E4:FA:2A client-id=1:0:13:d3:e4:fa:2a server=dhcp1 comment= disabled=no

/ ip dhcp-server networkadd address=192.168.0.0/24 gateway=192.168.0.254 dns-server=192.168.0.254,202.134.0.155,203.130.193.74 comment=

/ ip ipsec proposaladd name=default auth-algorithms=sha1 enc-algorithms=3des lifetime=30mlifebytes=0 pfs-group=modp1024 disabled=no

/ ip web-proxy

set enabled=no src-address=0.0.0.0 port=3128 hostname=proxy transparent-proxy=noparent-proxy=0.0.0.0:0 \cache-administrator=webmaster max-object-size=4096KiB cache-drive=system max-cache-size=none \max-ram-cache-size=unlimited

/ ip web-proxy accessadd dst-port=23-25 action=deny comment=block telnet & spam e-mail relayingdisabled=no

/ ip web-proxy cacheadd url=:cgi-bin \\? action=deny comment=dont cache dynamic http pagesdisabled=no

/ system loggingadd topics=info prefix= action=memory disabled=noadd topics=error prefix= action=memory disabled=noadd topics=warning prefix= action=memory disabled=noadd topics=critical prefix= action=echo disabled=no

/ system logging actionset memory name=memory target=memory memory-lines=100 memory-stop-on-full=noset disk name=disk target=disk disk-lines=100 disk-stop-on-full=noset echo name=echo target=echo remember=yesset remote name=remote target=remote remote=0.0.0.0:514

/ system upgrade mirrorset enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1duser=

/ system clock dstset dst-delta=+00:00 dst-start=jan/01/1970 00:00:00 dst-end=jan/01/1970 00:00:00

/ system watchdogset reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5mautomatic-supout=yes auto-send-supout=no


13/31

/ system consoleadd port=serial0 term= disabled=no

set FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=noset FIXME term=linux disabled=no

/ system console screenset line-count=25

/ system identity

set name=MikroTik/ system noteset show-at-login=yes note=

/ system gpsset enabled=no set-system-time=yes

/ system lcdset enabled=no type=244 port=parallel contrast=0

/ system lcd pageset time display-time=5s disabled=yesset resources display-time=5s disabled=yesset uptime display-time=5s disabled=yes

set packets display-time=5s disabled=yesset bits display-time=5s disabled=yesset version display-time=5s disabled=yesset Public display-time=5s disabled=yesset Lan display-time=5s disabled=yes

/ system ntp serverset enabled=no broadcast=no multicast=no manycast=yes

/ system ntp clientset enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0

/ system routerboard biosset

/ system healthset state-after-reboot=enabled/ portset serial0 name=serial0 baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardwareset serial1 name=serial1 baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware

/ ppp profile


14/31

set default name=default use-compression=default use-vj-compression=default use-encryption=default only-one=default \

change-tcp-mss=yes comment=set default-encryption name=default-encryption use-compression=default use-vj-compression=default use-encryption=yes \only-one=default change-tcp-mss=yes comment=

/ ppp aaaset use-radius=no accounting=yes interim-update=0s

/ queue typeset default name=default kind=pfifo pfifo-limit=50set ethernet-default name=ethernet-default kind=pfifo pfifo-limit=50set wireless-default name=wireless-default kind=sfq sfq-perturb=5 sfq-allot=1514set synchronous-default name=synchronous-default kind=red red-limit=60 red-min-

threshold=10 red-max-threshold=50 \red-burst=20 red-avg-packet=1000set hotspot-default name=hotspot-default kind=sfq sfq-perturb=5 sfq-allot=1514add name=Upload kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000add name=Download kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-addresspcq-total-limit=2000add name=default-small kind=pfifo pfifo-limit=10

/ queue simpleadd name=HTTP target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=http \

direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=DNS target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=dns direction=both \priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=defaultdisabled=noadd name=YMessenger target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=ym \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=CounterStrike target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all

parent=none packet-marks=cs \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=IRC target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=irc direction=both \priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=defaultdisabled=noadd name=Mikrotik target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all


15/31

parent=none packet-marks=mt \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-

queue=default disabled=noadd name=Email target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=email \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=Oasis target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=Lanparent=none direction=both priority=8 \queue=ethernet-default/ethernet-default limit-at=64000/384000 max-limit=64000/384000total-queue=default disabled=noadd name=1 target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \

direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=2 target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=3 target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-

limit=0/64000 \total-queue=default disabled=noadd name=4 target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=5 target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \

total-queue=default disabled=noadd name=6 target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=7 target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \


16/31

direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \

total-queue=default disabled=noadd name=8 target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=9 target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no

add name=10 target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=11 target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=12 target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=Lan

parent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=13 target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=14 target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \

direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=15 target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no


17/31

add name=16 target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \

direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=17 target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=18 target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-

limit=0/64000 \total-queue=default disabled=noadd name=19 target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=20 target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \

total-queue=default disabled=noadd name=21 target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=22 target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no

add name=23 target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=24 target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-


18/31

limit=0/64000 \total-queue=default disabled=no

add name=25 target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=26 target-addresses=192.168.0.26/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no

/ queue tree

add name=upstream parent=global-out packet-mark=test-up limit-at=384000queue=default priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name=downstream parent=Lan packet-mark=test-down limit-at=384000queue=Download priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

/ useradd name=admin group=full address=0.0.0.0/0 comment=system default userdisabled=no

/ user groupadd name=read

policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policyadd name=writepolicy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policyadd name=fullpolicy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web

/ user aaaset use-radius=no accounting=yes interim-update=0s default-group=read

/ radius incomingset accept=yes port=1700

/ driver/ snmp

set enabled=yes contact=admin location=admin/ snmp communityset public name=public address=0.0.0.0/0 read-access=yes

/ tool bandwidth-serverset enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10

/ tool mac-server pingset enabled=yes

/ tool e-mail


19/31


20/31

icp_query_timeout 0maximum_icp_query_timeout 5000

mcast_icp_query_timeout 2000dead_peer_timeout 10 secondshierarchy_stoplist cgi-bin ? localhostacl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cachecache_mem 6 MBcache_swap_low 98cache_swap_high 99maximum_object_size 128 MBminimum_object_size 0 KB

maximum_object_size_in_memory 32 KBipcache_size 10240ipcache_low 98ipcache_high 99fqdncache_size 256cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSF

### Opsi Tuning Squidrefresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-imsoverride-lastmod

refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmodrefresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-imsoverride-lastmodrefresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-imsrefresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-


21/31

lastmodrefresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-

lastmodrefresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod

refresh_pattern ^gopher: 1440 0% 1440refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire#refresh_pattern ^ftp: 1440 20% 10080#refresh_pattern ^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache#cache_dir aufs /cache 20000 16 256cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88#cache_dir aufs /cache 7000 16 256

### Logcache_access_log /var/log/squid/access.loglogfile_rotate 1cache_log nonecache_store_log noneemulate_httpd_log offlog_ip_on_direct onlog_fqdn offlog_icp_queries off

### DNS serverdns_nameservers 127.0.0.1

quick_abort_min 0quick_abort_max 0quick_abort_pct 98%negative_ttl 15 minutepositive_dns_ttl 24 hours


22/31

negative_dns_ttl 5 minutesrange_offset_limit 0 KB

### Opsi Timeoutconnect_timeout 1 minutepeer_connect_timeout 5 secondsread_timeout 30 minuterequest_timeout 1 minute#client_lifetime 10 hourhalf_closed_clients offpconn_timeout 15 secondshutdown_lifetime 15 second

### Opsi ACLacl manager proto cache_objectacl all src 0.0.0.0/0.0.0.0acl client src 192.168.5.0/29acl tidakbebasdownload time 08:00-22:00acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00acl file_terlarang url_regex -i hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i R32.exe

acl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang url_regex -i od-teenacl file_terlarang url_regex -i URLDownload.exeacl file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang url_regex -i malaysex

acl file_terlarang url_regex -i edita.htmlacl file_terlarang url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i britneynudeacl file_terlarang url_regex -i download.exe


23/31

acl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex -i GnoOS2003

acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex -i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex -i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex -i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl file_terlarang url_regex -i dat0.exeacl IIX dst_as 7713 4622 4795 7597 4787 4795 4800

acl block url_regex -i\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$acl local-domain dstdomain localhostacl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535acl Virus urlpath_regex winnt/system32/cmd.exe?acl connect method CONNECTacl post method POSTacl ssl method CONNECTacl purge method PURGEacl IpAddrProbeUA browser ^Mozilla/4.0.$compatible;.MSIE.5.5;.Windows.98$$

acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$no_cache deny QUERY manager

http_access allow manager IIX Safe_portshttp_access allow clienthttp_access deny porn !nopornhttp_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURLhttp_access deny file_terlaranghttp_access deny all

### Paramater Administratif

cache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id

### Opsi Akseleratormemory_pools offforwarded_for on


24/31

log_icp_queries officp_hit_stale on

minimum_direct_hops 4minimum_direct_rtt 400store_avg_object_size 13 KBstore_objects_per_bucket 20client_db onnetdb_low 9900netdb_high 10000netdb_ping_period 30 secondsquery_icmp offpipeline_prefetch onreload_into_ims on

pipeline_prefetch onvary_ignore_expire onmax_open_disk_fds 100nonhierarchical_direct onprefer_direct off

### Pendukung Transparan Proxyhttpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy onhttpd_accel_uses_host_header on

### Membatasi Besar File untuk downloadreply_body_max_size 3512000 allow client block tidakbebasdownload

### SNMP#snmp_port 3401#acl snmppublic snmp_community public#snmp_access allow all

header_access User-Agent deny allheader_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)

header_access Accept deny allheader_replace Accept */*header_access Accept-Language deny allheader_replace Accept-Language id, en

http_port 8080#icp_port 3130


25/31

icp_query_timeout 0maximum_icp_query_timeout 5000

mcast_icp_query_timeout 2000dead_peer_timeout 10 secondshierarchy_stoplist cgi-bin ? localhostacl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cachecache_mem 6 MBcache_swap_low 98cache_swap_high 99maximum_object_size 128 MBminimum_object_size 0 KB

maximum_object_size_in_memory 32 KBipcache_size 10240ipcache_low 98ipcache_high 99fqdncache_size 256cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSF

### Opsi Tuning Squidrefresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-imsoverride-lastmod

refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmodrefresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-imsoverride-lastmodrefresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire

refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-imsrefresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-


26/31

lastmodrefresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-

lastmodrefresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod

refresh_pattern ^gopher: 1440 0% 1440refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire#refresh_pattern ^ftp: 1440 20% 10080#refresh_pattern ^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache#cache_dir aufs /cache 20000 16 256cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88#cache_dir aufs /cache 7000 16 256

### Logcache_access_log /var/log/squid/access.loglogfile_rotate 1cache_log nonecache_store_log noneemulate_httpd_log offlog_ip_on_direct onlog_fqdn offlog_icp_queries off

### DNS serverdns_nameservers 127.0.0.1

quick_abort_min 0quick_abort_max 0quick_abort_pct 98%negative_ttl 15 minutepositive_dns_ttl 24 hours


27/31

negative_dns_ttl 5 minutesrange_offset_limit 0 KB

### Opsi Timeoutconnect_timeout 1 minutepeer_connect_timeout 5 secondsread_timeout 30 minuterequest_timeout 1 minute#client_lifetime 10 hourhalf_closed_clients offpconn_timeout 15 secondshutdown_lifetime 15 second

### Opsi ACLacl manager proto cache_objectacl all src 0.0.0.0/0.0.0.0acl client src 192.168.5.0/29acl tidakbebasdownload time 08:00-22:00acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00acl file_terlarang url_regex -i hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i R32.exe

acl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang url_regex -i od-teenacl file_terlarang url_regex -i URLDownload.exeacl file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang url_regex -i malaysex

acl file_terlarang url_regex -i edita.htmlacl file_terlarang url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i britneynudeacl file_terlarang url_regex -i download.exe


28/31

acl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex -i GnoOS2003

acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex -i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex -i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex -i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl file_terlarang url_regex -i dat0.exeacl IIX dst_as 7713 4622 4795 7597 4787 4795 4800

acl block url_regex -i\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$acl local-domain dstdomain localhostacl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535acl Virus urlpath_regex winnt/system32/cmd.exe?acl connect method CONNECTacl post method POSTacl ssl method CONNECTacl purge method PURGEacl IpAddrProbeUA browser ^Mozilla/4.0.$compatible;.MSIE.5.5;.Windows.98$$

acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$no_cache deny QUERY manager

http_access allow manager IIX Safe_portshttp_access allow clienthttp_access deny porn !nopornhttp_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURLhttp_access deny file_terlaranghttp_access deny all

### Paramater Administratif

cache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id

### Opsi Akseleratormemory_pools offforwarded_for on


29/31

log_icp_queries officp_hit_stale on

minimum_direct_hops 4minimum_direct_rtt 400store_avg_object_size 13 KBstore_objects_per_bucket 20client_db onnetdb_low 9900netdb_high 10000netdb_ping_period 30 secondsquery_icmp offpipeline_prefetch onreload_into_ims on

pipeline_prefetch onvary_ignore_expire onmax_open_disk_fds 100nonhierarchical_direct onprefer_direct off

### Pendukung Transparan Proxyhttpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy onhttpd_accel_uses_host_header on

### Membatasi Besar File untuk downloadreply_body_max_size 3512000 allow client block tidakbebasdownload

### SNMP#snmp_port 3401#acl snmppublic snmp_community public#snmp_access allow all

header_access User-Agent deny allheader_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)

header_access Accept deny allheader_replace Accept */*header_access Accept-Language deny allheader_replace Accept-Language id, en

b. Named.Conf


30/31

//// named.conf for Red Hat caching-nameserver

//

options {

directory /var/named;

dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;

/*

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND always asked* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.*/

// query-source address * port 53;

forwarders {203.130.193.74;

202.134.0.155;

202.134.2.5;

};};

//

// a caching only nameserver config//

controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

zone . IN {

type hint;

file named.ca;

};

zone localdomain IN {type master;

file localdomain.zone;

allow-update { none; };};

zone localhost IN {

type master;


31/31

file localhost.zone;allow-update { none; };

};

zone 0.0.127.in-addr.arpa IN {

type master;

file named.local;allow-update { none; };

};

zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IN {

type master;file named.ip6.local;

allow-update { none; };};

zone 255.in-addr.arpa IN {

type master;

file named.broadcast;allow-update { none; };

};

zone 0.in-addr.arpa IN {

type master;

file named.zero;allow-update { none; };

};

include /etc/rndc.key;

c. Gateway 192.168.1.1

8287286 konfigurasi warnet spedy pakai mikrotik

Documents