squid plus mikrotik

Download Squid Plus Mikrotik

If you can't read please download the document

Upload: safran-nuh

Post on 08-Feb-2016

60 views

Category:

Documents


1 download

DESCRIPTION

hnjficdsnfjcnsddncdsnicujncj nsndkcnisucd

TRANSCRIPT

http://ictsentani.org/?p=258http://opensource.telkomspeedy.com/forum/viewtopic.php?pid=122506#------------------------------------------------------------------------------- E1 Modem1 : 192.168.77.1 -> IP Modem1 : 192.168.77.2 E2 Server : 192.168.88.1 -> IP Server : 192.168.88.2 E3 Hotspot : 192.168.99.1 -> IP Hotspot : 192.168.99.10 - 192.168.99.250 E4 Labkom : 10.10.10.254 -> IP Labkom : 10.10.10.1 - 10.10.10.20#------------------------------------------------------------------------------- ------------------------ [ mikrotik routerboard ] ------------------------ E1 E2 E3 E4 | | | | 192.168.77.2 | | | | 10.10.10.x -------------- | | | | ------------ [ modem adsl ]------| | | |------[ labkom ] -------------- | | ------------ | | -------------- | | ------------- [ hub/switch ]---------| |---------[ hotspot ] -------------- ------------- | 192.168.99.x -------------- [ edp server ] -------------- 192.168.88.2 --------------------------------------------------------------------------------# Setting Interface-------------------------------------------------------------------------------- /interface set ether1 name=Modem1 set ether2 name=Server set ether3 name=Hotspot set ether4 name=Labkom print /ip address add disabled=no interface=Modem1 address=192.168.77.1/24 network=192.168.77.0 broadcast=192.168.77.255 add disabled=no interface=Server address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 add disabled=no interface=Hotspot address=192.168.99.1/24 network=192.168.99.0 broadcast=192.168.99.255 add disabled=no interface=Labkom address=10.10.10.254/24 network=10.10.10.0 broadcast=10.10.10.255 print--------------------------------------------------------------------------------# Setting Route & DHCP-------------------------------------------------------------------------------- /ip dns set servers=192.168.88.2,208.67.222.222 allow-remote-requests=yes /ip route add dst-address=0.0.0.0/0 gateway=192.168.77.2 /ip firewall nat add chain=srcnat action=masquerade out-interface=Modem1 /ip dhcp-server print /ip dhcp-server enable 0--------------------------------------------------------------------------------# Setting Hotspot-------------------------------------------------------------------------------- /ip hotspot setup hotspot interface : Hotspot local address of network : 192.168.99.1/24 masquerade network : yes address pool of network : 192.168.99.10-192.168.99.250 select certificate : none ip address of smtp server : 119.235.250.172 dns servers : 192.168.88.2,208.67.222.222 dns name : hotspot.pasim name of local hotspot : admhotspot password for the user : naonwemoaldibejaan /ip hotspot user profile add name="EDP" shared-users=2 rate-limit="96k/768k" address-pool=none session-timeout=0s idle-timeout=none keepalive-timeout=00:15:00 open-status-page=always transparent-proxy=yes advertise=no profile add name="KDM" shared-users=2 rate-limit="64k/200k" address-pool=none session-timeout=0s idle-timeout=none keepalive-timeout=00:15:00 open-status-page=always transparent-proxy=yes advertise=no--------------------------------------------------------------------------------# Setting Sistem & Security-------------------------------------------------------------------------------- /system ntp client set primary-ntp=203.160.128.178 secondary-ntp=203.89.24.34 mode=unicast enabled=yes /ip service set www port=9090 /ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan" add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan" add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan" add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan" add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan" add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan" add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no--------------------------------------------------------------------------------# Setting Transparent Proxy-------------------------------------------------------------------------------- /ip proxy set enabled=yes set src-address=0.0.0.0 set port=8080 set parent-proxy=0.0.0.0 set parent-proxy-port=0 set cache-administrator="[email protected]" set max-cache-size=unlimited set cache-on-disk=yes set max-client-connections=600 set max-server-connections=600 set max-fresh-time=3d set serialize-connections=no set always-from-cache=no set cache-hit-dscp=4 /ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080--------------------------------------------------------------------------------# Blok Akses Tertentu-------------------------------------------------------------------------------- /ip proxy access #------[Blok Situs]------------------------ add dst-host="*porn*.com" action=deny add dst-host="*sex*.com" action=deny add dst-host=twitter.com action=deny add dst-host=facebook.com action=deny #------[Blok File]------------------------ add path=*.rar action=deny add path=*.zip action=deny add path=*.mov action=deny add path=*.exe action=deny add path=*.msi action=deny add path=*.dat action=deny add path=*.mkv action=deny add path=*.mp4 action=deny add path=*.3gp action=deny add path=*.avi action=deny add path=*.mp3 action=deny #------[Blok Keyword]-------------------- add dst-host=:sex action=deny add dst-host=:nude action=deny add dst-host=:porn action=deny add dst-host=:adult action=deny--------------------------------------------------------------------------------# Batasi Speed Download-------------------------------------------------------------------------------- /ip firewall filter add chain=forward address-list-timeout=00:05:00 content=.mp3 src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.mp4 src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.3gp src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.avi src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.mkv src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.mov src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.exe src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.msi src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.iso src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.zip src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads add chain=forward address-list-timeout=00:05:00 content=.rar src-address=0.0.0.0/0 protocol=tcp action=add-dst-to-address-list address-list=downloads /ip firewall mangle add chain=forward protocol=tcp src-address-list=downloads action=mark-packet new-packet-mark=downloads-paket /queue simple add name=downloads-files max-limit=128000/128000 packet-marks=downloads-paket--------------------------------------------------------------------------------# Setting Simple Queue-------------------------------------------------------------------------------- /queue simple add name=LABKOM-01 target-addresses=10.10.10.1 max-limit=64k/128k interface=Labkom add name=LABKOM-02 target-addresses=10.10.10.2 max-limit=64k/128k interface=Labkom add name=LABKOM-03 target-addresses=10.10.10.3 max-limit=64k/128k interface=Labkom add name=LABKOM-04 target-addresses=10.10.10.4 max-limit=64k/128k interface=Labkom add name=LABKOM-05 target-addresses=10.10.10.5 max-limit=64k/128k interface=Labkom add name=LABKOM-06 target-addresses=10.10.10.6 max-limit=64k/128k interface=Labkom add name=LABKOM-07 target-addresses=10.10.10.7 max-limit=64k/128k interface=Labkom add name=LABKOM-08 target-addresses=10.10.10.8 max-limit=64k/128k interface=Labkom add name=LABKOM-09 target-addresses=10.10.10.9 max-limit=64k/128k interface=Labkom add name=LABKOM-10 target-addresses=10.10.10.10 max-limit=64k/128k interface=Labkom add name=LABKOM-11 target-addresses=10.10.10.11 max-limit=64k/128k interface=Labkom add name=LABKOM-12 target-addresses=10.10.10.12 max-limit=64k/128k interface=Labkom add name=LABKOM-13 target-addresses=10.10.10.13 max-limit=64k/128k interface=Labkom add name=LABKOM-14 target-addresses=10.10.10.14 max-limit=64k/128k interface=Labkom add name=LABKOM-15 target-addresses=10.10.10.15 max-limit=64k/128k interface=Labkom add name=LABKOM-16 target-addresses=10.10.10.16 max-limit=64k/128k interface=Labkom add name=LABKOM-17 target-addresses=10.10.10.17 max-limit=64k/128k interface=Labkom add name=LABKOM-18 target-addresses=10.10.10.18 max-limit=64k/128k interface=Labkom add name=LABKOM-19 target-addresses=10.10.10.19 max-limit=64k/128k interface=Labkom add name=LABKOM-20 target-addresses=10.10.10.20 max-limit=64k/128k interface=Labkom--------------------------------------------------------------------------------# Instalasi & Setting Proxy-------------------------------------------------------------------------------- # Partisi / ext4 40GB primary /boot ext4 100mb /cache reiserfs 20GB swap ---- 2GB /home ext4 ~~~~ # Catatan btrFs : untuk OS 64bit reiserFs : untuk OS 32bit # Ganti Repo & Install paket dasar mv /etc/apt/sources.list /etc/apt/sources.list.asli cat > /etc/apt/sources.list