Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

31
Konfigurasi Warnet Spedy pakai MIkx+LinuxProx Konfigurasi ini menggunakan modem 4 port Dlink dan settingnya seperti berikut : 192.168.1.1 | modem —–192.168.1.3 Proxy -> GW ke Modem yaitu 192.168.1.1 | |MIkrotik 192.168.1.2 Mikrotik –>> GW ke Modem Yaitu 192.168.1.1 | 192.168.0.254 —HUb —-LAN Management BW 1. Konfig Mikrotinya : MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/ Terminal vt102 detected, using multiline input mode [admin@MikroTik] > export # may/20/2007 02:41:49 by RouterOS 2.9.27 # software id = JI4S-NSN # / interface ethernet set Public name=”Public” mtu=1500 mac-address=00:15:E9:EF:86:FE arp=enabled disable-running-check=yes auto-negotiation=yes \ full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no set Lan name=”Lan” mtu=1500 mac-address=00:01:02:97:D0:BE arp=enabled disable- running-check=yes auto-negotiation=yes \ full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no / interface wireless security-profiles set default name=”default” mode=none authentication-types=”” unicast-ciphers=”” group-ciphers=”” wpa-pre-shared-key=”” \ wpa2-pre-shared-key=”” eap-methods=passthrough tls-mode=no-certificates tls- certificate=none static-algo-0=none \ static-key-0=”” static-algo-1=none static-key-1=”” static-algo-2=none static-key-2=”” static-algo-3=none \

description

Konfigurasi ini menggunakan modem 4 port Dlink dengan MikroTik RouterOS 2.9.27

Transcript of Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

Page 1: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

Konfigurasi ini menggunakan modem 4 port Dlink dan settingnya seperti berikut :

192.168.1.1|modem —–192.168.1.3 Proxy -> GW ke Modem yaitu 192.168.1.1||MIkrotik 192.168.1.2 Mikrotik –>> GW ke Modem Yaitu 192.168.1.1|192.168.0.254 —HUb —-LANManagement BW

1. Konfig Mikrotinya :

MMM MMM KKK TTTTTTTTTTT KKKMMMM MMMM KKK TTTTTTTTTTT KKKMMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKKMMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKKMMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKKMMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode[admin@MikroTik] > export# may/20/2007 02:41:49 by RouterOS 2.9.27# software id = JI4S-NSN#/ interface ethernetset Public name=”Public” mtu=1500 mac-address=00:15:E9:EF:86:FE arp=enableddisable-running-check=yes auto-negotiation=yes \full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=noset Lan name=”Lan” mtu=1500 mac-address=00:01:02:97:D0:BE arp=enabled disable-running-check=yes auto-negotiation=yes \full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no/ interface wireless security-profilesset default name=”default” mode=none authentication-types=”” unicast-ciphers=””group-ciphers=”” wpa-pre-shared-key=”” \wpa2-pre-shared-key=”” eap-methods=passthrough tls-mode=no-certificates tls-certificate=none static-algo-0=none \static-key-0=”” static-algo-1=none static-key-1=”” static-algo-2=none static-key-2=””static-algo-3=none \

Page 2: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

static-key-3=”” static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key=”” \radius-mac-authentication=no group-key-update=5m/ interface wireless alignset frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00filter-mac=00:00:00:00:00:00 ssid-all=no \frames-per-second=25 audio-min=-100 audio-max=-20/ interface wireless snooperset multiple-channels=yes channel-time=200ms receive-errors=no/ interface wireless snifferset multiple-channels=no channel-time=200ms only-headers=no receive-errors=nomemory-limit=10 file-name=”” file-limit=10 \streaming-enabled=no streaming-server=0.0.0.0 streaming-max-rate=0/ interface l2tp-server serverset enabled=no max-mtu=1460 max-mru=1460authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption/ interface pptp-server serverset enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2keepalive-timeout=30 \default-profile=default-encryption/ ip pooladd name=”dhcp_pool1″ ranges=192.168.0.1-192.168.0.30/ ip telephony region/ ip telephony gatekeeperset gatekeeper=none remote-id=”” remote-address=0.0.0.0/ ip telephony aaaset use-radius-accounting=no interim-update=0s/ ip telephony codecmove G.711-uLaw-64k/swmove G.711-ALaw-64k/swmove G.729A-8k/swmove G.729-8k/swmove G.723.1-6.3k/swmove GSM-06.10-13.2k/swmove LPC-10-2.5k/sw/ ip accountingset enabled=no account-local-traffic=no threshold=256/ ip accounting web-accessset accessible-via-web=no address=0.0.0.0/0/ ip serviceset telnet port=23 address=0.0.0.0/0 disabled=noset ftp port=21 address=0.0.0.0/0 disabled=noset www port=80 address=0.0.0.0/0 disabled=no

Page 3: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

set ssh port=22 address=0.0.0.0/0 disabled=noset www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes/ ip upnpset enabled=no allow-disable-external-interface=yes show-dummy-rule=yes/ ip arp/ ip socksset enabled=no port=1080 connection-idle-timeout=2m max-connections=200/ ip dnsset primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w/ ip traffic-flowset enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s/ ip addressadd address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255interface=Public comment=”” disabled=noadd address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255interface=Lan comment=”” disabled=no/ ip proxyset enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000maximal-server-connectons=1000/ ip proxy accessadd dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying”disabled=no/ ip neighbor discoveryset Public discover=yesset Lan discover=yes/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=””disabled=no/ ip firewall mangleadd chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=3128 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=http_conn passthrough=yes \comment=”” disabled=no

Page 4: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection new-connection-mark=ym_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=udp dst-port=27015 action=mark-connection new-connection-mark=cs_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=irc_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=8291 action=mark-connection new-connection-mark=mt_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting protocol=tcp dst-port=22 action=mark-connection new-connection-mark=ssh_conn passthrough=yes \comment=”” disabled=noadd chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no comment=”” \disabled=noadd chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-mark=dns passthrough=no comment=”” disabled=noadd chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-mark=ym passthrough=no comment=”” disabled=noadd chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-mark=cs passthrough=no comment=”” disabled=noadd chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-mark=irc passthrough=no comment=”” disabled=noadd chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-mark=mt passthrough=no comment=”” disabled=noadd chain=prerouting connection-mark=email_conn action=mark-packet new-packet-mark=email passthrough=no comment=”” \disabled=no

Page 5: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-mark=ssh passthrough=no comment=”” disabled=noadd chain=prerouting src-address=192.168.0.0/24 action=mark-packet new-packet-mark=test-up passthrough=no comment=”UP \TRAFFIC” disabled=noadd chain=forward src-address=192.168.1.0/29 action=mark-connection new-connection-mark=test-conn passthrough=yes \comment=”CONN-MARK” disabled=noadd chain=forward in-interface=Public connection-mark=test-conn action=mark-packetnew-packet-mark=test-down \passthrough=no comment=” DOWN-DIRECT CONNECTION” disabled=noadd chain=forward in-interface=Public src-address=192.168.1.0/24 action=mark-connection new-connection-mark=test-conn \passthrough=yes comment=”” disabled=noadd chain=output out-interface=Lan dst-address=192.168.0.0/24 action=mark-packetnew-packet-mark=test-down passthrough=no \comment=”DOWN-VIA PROXY” disabled=no/ ip firewall natadd chain=srcnat out-interface=Public action=masquerade comment=”” disabled=noadd chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.3 to-ports=8080 comment=”” disabled=noadd chain=dstnat protocol=tcp dst-port=8080 action=dst-nat to-addresses=192.168.1.3 to-ports=3128 comment=”” disabled=noadd chain=dstnat protocol=tcp dst-port=3128 action=dst-nat to-addresses=192.168.1.3 to-ports=8080 comment=”” disabled=noadd chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=””disabled=yesadd chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 comment=””disabled=yesadd chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080 comment=””disabled=yes/ ip firewall connection trackingset enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no/ ip firewall filteradd chain=input connection-state=invalid action=drop comment=”Drop invalidconnections” disabled=noadd chain=input connection-state=established action=accept comment=”Allowesatblished connections” disabled=noadd chain=input connection-state=related action=accept comment=”Allow related

Page 6: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

connections” disabled=noadd chain=input protocol=udp action=accept comment=”Allow UDP” disabled=noadd chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=noadd chain=input in-interface=!Public action=accept comment=”Allow connection torouter from local network” disabled=noadd chain=input action=drop comment=”Drop everything else” disabled=noadd chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-list=knock address-list-timeout=15s \comment=”” disabled=noadd chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-address-list address-list=safe \address-list-timeout=15m comment=”” disabled=noadd chain=input connection-state=established action=accept comment=”acceptestablished connection packets” disabled=noadd chain=input connection-state=related action=accept comment=”accept relatedconnection packets” disabled=noadd chain=input connection-state=invalid action=drop comment=”drop invalid packets”disabled=noadd chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop portscan connections” disabled=noadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_listaction=tarpit comment=”suppress DoS attack” \disabled=noadd chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-listaddress-list=black_list \address-list-timeout=1d comment=”detect DoS attack” disabled=noadd chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump tochain ICMP” disabled=noadd chain=input action=jump jump-target=services comment=”jump to chain services”disabled=noadd chain=input dst-address-type=broadcast action=accept comment=”Allow BroadcastTraffic” disabled=noadd chain=input action=log log-prefix=”Filter:” comment=”” disabled=noadd chain=input action=accept comment=”Allow access to router from known network”disabled=noadd chain=input src-address=192.168.0.0/24 action=accept comment=”” disabled=noadd chain=input src-address=192.168.1.0/24 action=accept comment=”” disabled=noadd chain=input action=drop comment=”drop everything else” disabled=noadd chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=acceptcomment=”0:0 and limit for 5pac/s” disabled=noadd chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=acceptcomment=”3:3 and limit for 5pac/s” disabled=noadd chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept

Page 7: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

comment=”3:4 and limit for 5pac/s” disabled=noadd chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=acceptcomment=”8:0 and limit for 5pac/s” disabled=noadd chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=acceptcomment=”11:0 and limit for 5pac/s” disabled=noadd chain=ICMP protocol=icmp action=drop comment=”Drop everything else”disabled=noadd chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” \address-list-timeout=2w comment=”Port scanners to list ” disabled=noadd chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=noadd chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” \address-list-timeout=2w comment=”SYN/FIN scan” disabled=noadd chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” \address-list-timeout=2w comment=”SYN/RST scan” disabled=noadd chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port \scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=noadd chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” \address-list-timeout=2w comment=”ALL/ALL scan” disabled=noadd chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port \scanners” address-list-timeout=2w comment=”NMAP NULL scan” disabled=noadd chain=input src-address-list=”port scanners” action=drop comment=”dropping portscanners” disabled=noadd chain=forward connection-state=established action=accept comment=”allowestablished connections” disabled=noadd chain=forward connection-state=related action=accept comment=”allow relatedconnections” disabled=noadd chain=forward connection-state=invalid action=drop comment=”drop invalidconnections” disabled=noadd chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop BlasterWorm” disabled=noadd chain=virus protocol=udp dst-port=135-139 action=drop comment=”DropMessenger Worm” disabled=noadd chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”disabled=noadd chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”

Page 8: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

disabled=noadd chain=virus protocol=tcp dst-port=593 action=drop comment=”________”disabled=noadd chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”disabled=noadd chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”disabled=noadd chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”disabled=noadd chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”disabled=noadd chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”disabled=noadd chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”disabled=noadd chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”disabled=noadd chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”disabled=noadd chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”disabled=noadd chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”disabled=noadd chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”disabled=noadd chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”disabled=noadd chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”disabled=noadd chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom”disabled=noadd chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop BackdoorOptixPro” disabled=noadd chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” disabled=noadd chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”disabled=noadd chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”disabled=noadd chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”disabled=noadd chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”disabled=noadd chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”

Page 9: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

disabled=noadd chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”disabled=noadd chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”disabled=noadd chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ disabled=noadd chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”disabled=noadd chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot,Agobot, Gaobot” disabled=noadd chain=forward action=jump jump-target=virus comment=”jump to the virus chain”disabled=noadd chain=input connection-state=invalid action=drop comment=”Drop Invalidconnections” disabled=noadd chain=input connection-state=established action=accept comment=”AllowEstablished connections” disabled=noadd chain=input protocol=udp action=accept comment=”Allow UDP” disabled=noadd chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=noadd chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access torouter from known network” disabled=noadd chain=input src-address=63.219.6.0/24 action=accept comment=”” disabled=noadd chain=input src-address=125.0.0.0/8 action=accept comment=”” disabled=noadd chain=input action=drop comment=”Drop anything else” disabled=noadd chain=forward protocol=tcp connection-state=invalid action=drop comment=”dropinvalid connections” disabled=noadd chain=forward connection-state=established action=accept comment=”allow alreadyestablished connections” disabled=noadd chain=forward connection-state=related action=accept comment=”allow relatedconnections” disabled=noadd chain=forward src-address=0.0.0.0/8 action=drop comment=”” disabled=noadd chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=noadd chain=forward src-address=127.0.0.0/8 action=drop comment=”” disabled=noadd chain=forward dst-address=127.0.0.0/8 action=drop comment=”” disabled=noadd chain=forward src-address=224.0.0.0/3 action=drop comment=”” disabled=noadd chain=forward dst-address=224.0.0.0/3 action=drop comment=”” disabled=noadd chain=forward protocol=tcp action=jump jump-target=tcp comment=”” disabled=noadd chain=forward protocol=udp action=jump jump-target=udp comment=””disabled=noadd chain=forward protocol=icmp action=jump jump-target=icmp comment=””disabled=noadd chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP”disabled=no

Page 10: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC portmapper”disabled=noadd chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC portmapper”disabled=noadd chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT”disabled=noadd chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs” disabled=noadd chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS”disabled=noadd chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny NetBus”disabled=noadd chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus”disabled=noadd chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny BackOriffice”disabled=noadd chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP”disabled=noadd chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP”disabled=noadd chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRCportmapper” disabled=noadd chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRCportmapper” disabled=noadd chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT”disabled=noadd chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS”disabled=noadd chain=udp protocol=udp dst-port=3133 action=drop comment=”deny BackOriffice”disabled=noadd chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop invalidconnections” disabled=noadd chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allowestablished connections” disabled=noadd chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=”allowalready established connections” disabled=noadd chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow sourcequench” disabled=noadd chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow echorequest” disabled=noadd chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow timeexceed” disabled=noadd chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=”allowparameter bad” disabled=no

Page 11: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add chain=icmp action=drop comment=”deny all other types” disabled=no/ ip firewall service-portset ftp ports=21 disabled=noset tftp ports=69 disabled=yesset irc ports=6667 disabled=noset h323 disabled=yesset quake3 disabled=yesset gre disabled=yesset pptp disabled=yes/ ip hotspot service-portset ftp ports=21 disabled=no/ ip hotspot profileset default name=”default” hotspot-address=0.0.0.0 dns-name=”” html-directory=hotspotrate-limit=”” http-proxy=0.0.0.0:0 \smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no/ ip hotspot user profileset default name=”default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \transparent-proxy=yes open-status-page=always advertise=no/ ip dhcp-serveradd name=”dhcp1″ interface=Lan lease-time=3d address-pool=dhcp_pool1 bootp-support=static add-arp=yes \authoritative=after-2sec-delay disabled=no/ ip dhcp-server configset store-leases-disk=5m/ ip dhcp-server leaseadd address=192.168.0.1 mac-address=00:13:D3:E4:FA:52 client-id=”1:0:13:d3:e4:fa:52″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.2 mac-address=00:13:D3:FD:36:98 client-id=”1:0:13:d3:fd:36:98″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.3 mac-address=00:13:D3:E4:FA:9D client-id=”1:0:13:d3:e4:fa:9d” server=dhcp1 comment=”” disabled=noadd address=192.168.0.4 mac-address=00:13:D3:FD:02:7E client-id=”1:0:13:d3:fd:2:7e”server=dhcp1 comment=”” disabled=noadd address=192.168.0.5 mac-address=00:13:D3:E4:FA:30 client-id=”1:0:13:d3:e4:fa:30″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.6 mac-address=00:13:D3:FD:36:61 client-id=”1:0:13:d3:fd:36:61″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.11 mac-address=00:18:F3:43:D4:66 client-id=”1:0:18:f3:43:d4:66″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.10 mac-address=00:13:D3:FD:37:BA client-id=”1:0:13:d3:fd:37:ba” server=dhcp1 comment=”” disabled=no

Page 12: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add address=192.168.0.9 mac-address=00:13:D3:C9:E7:C1 client-id=”1:0:13:d3:c9:e7:c1″ server=dhcp1 comment=”” disabled=noadd address=192.168.0.8 mac-address=00:13:D3:FD:36:6A client-id=”1:0:13:d3:fd:36:6a” server=dhcp1 comment=”” disabled=noadd address=192.168.0.7 mac-address=00:13:D3:E4:FA:2A client-id=”1:0:13:d3:e4:fa:2a” server=dhcp1 comment=”” disabled=no/ ip dhcp-server networkadd address=192.168.0.0/24 gateway=192.168.0.254 dns-server=192.168.0.254,202.134.0.155,203.130.193.74 comment=””/ ip ipsec proposaladd name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30mlifebytes=0 pfs-group=modp1024 disabled=no/ ip web-proxyset enabled=no src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=noparent-proxy=0.0.0.0:0 \cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-cache-size=none \max-ram-cache-size=unlimited/ ip web-proxy accessadd dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying”disabled=no/ ip web-proxy cacheadd url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages”disabled=no/ system loggingadd topics=info prefix=”” action=memory disabled=noadd topics=error prefix=”” action=memory disabled=noadd topics=warning prefix=”” action=memory disabled=noadd topics=critical prefix=”” action=echo disabled=no/ system logging actionset memory name=”memory” target=memory memory-lines=100 memory-stop-on-full=noset disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=noset echo name=”echo” target=echo remember=yesset remote name=”remote” target=remote remote=0.0.0.0:514/ system upgrade mirrorset enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1duser=””/ system clock dstset dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″ dst-end=”jan/01/1970 00:00:00″/ system watchdogset reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5mautomatic-supout=yes auto-send-supout=no

Page 13: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

/ system consoleadd port=serial0 term=”” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=noset FIXME term=”linux” disabled=no/ system console screenset line-count=25/ system identityset name=”MikroTik”/ system noteset show-at-login=yes note=””/ system gpsset enabled=no set-system-time=yes/ system lcdset enabled=no type=24×4 port=parallel contrast=0/ system lcd pageset time display-time=5s disabled=yesset resources display-time=5s disabled=yesset uptime display-time=5s disabled=yesset packets display-time=5s disabled=yesset bits display-time=5s disabled=yesset version display-time=5s disabled=yesset Public display-time=5s disabled=yesset Lan display-time=5s disabled=yes/ system ntp serverset enabled=no broadcast=no multicast=no manycast=yes/ system ntp clientset enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0/ system routerboard biosset/ system healthset state-after-reboot=enabled/ portset serial0 name=”serial0″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardwareset serial1 name=”serial1″ baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware/ ppp profile

Page 14: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

set default name=”default” use-compression=default use-vj-compression=default use-encryption=default only-one=default \change-tcp-mss=yes comment=””set default-encryption name=”default-encryption” use-compression=default use-vj-compression=default use-encryption=yes \only-one=default change-tcp-mss=yes comment=””/ ppp aaaset use-radius=no accounting=yes interim-update=0s/ queue typeset default name=”default” kind=pfifo pfifo-limit=50set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 \red-burst=20 red-avg-packet=1000set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514add name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000add name=”Download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-addresspcq-total-limit=2000add name=”default-small” kind=pfifo pfifo-limit=10/ queue simpleadd name=”HTTP” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=http \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=”DNS” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=dns direction=both \priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=defaultdisabled=noadd name=”YMessenger” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=ym \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=”CounterStrike” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=cs \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=”IRC” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=irc direction=both \priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=defaultdisabled=noadd name=”Mikrotik” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all

Page 15: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

parent=none packet-marks=mt \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=”Email” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=allparent=none packet-marks=email \direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default disabled=noadd name=”Oasis” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=Lanparent=none direction=both priority=8 \queue=ethernet-default/ethernet-default limit-at=64000/384000 max-limit=64000/384000total-queue=default disabled=noadd name=”1″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”2″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”3″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”4″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”5″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”6″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”7″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \

Page 16: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”8″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”9″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no

Page 17: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

add name=”16″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”17″ target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”18″ target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”19″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”20″ target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”21″ target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”22″ target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”23″ target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”24″ target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-

Page 18: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

limit=0/64000 \total-queue=default disabled=noadd name=”25″ target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=noadd name=”26″ target-addresses=192.168.0.26/32 dst-address=0.0.0.0/0 interface=Lanparent=Oasis packet-marks=test-down \direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-limit=0/64000 \total-queue=default disabled=no/ queue treeadd name=”upstream” parent=global-out packet-mark=test-up limit-at=384000queue=default priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=noadd name=”downstream” parent=Lan packet-mark=test-down limit-at=384000queue=Download priority=8 max-limit=384000 \burst-limit=0 burst-threshold=0 burst-time=0s disabled=no/ useradd name=”admin” group=full address=0.0.0.0/0 comment=”system default user”disabled=no/ user groupadd name=”read”policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policyadd name=”write”policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policyadd name=”full”policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web/ user aaaset use-radius=no accounting=yes interim-update=0s default-group=read/ radius incomingset accept=yes port=1700/ driver/ snmpset enabled=yes contact=”admin” location=”admin”/ snmp communityset public name=”public” address=0.0.0.0/0 read-access=yes/ tool bandwidth-serverset enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10/ tool mac-server pingset enabled=yes/ tool e-mail

Page 19: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

set server=0.0.0.0 from=”<>”/ tool snifferset interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10streaming-enabled=no streaming-server=0.0.0.0 \filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535/ tool graphingset store-every=5min/ tool graphing queueadd simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yesdisabled=no/ tool graphing resourceadd allow-address=0.0.0.0/0 store-on-disk=yes disabled=no/ tool graphing interfaceadd interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no/ routing ospfset router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no redistribute-rip=no \redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20/ routing ospf areaset backbone area-id=0.0.0.0 type=default translator-role=translate-candidateauthentication=none prefix-list-import=”” \prefix-list-export=”” disabled=no/ routing bgpset enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=noredistribute-rip=no \redistribute-ospf=no/ routing ripset redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 \metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3mgarbage-timer=2m[admin@MikroTik] >

2. Konfig LINUX PROXY

a. Squid.conf

http_port 8080#icp_port 3130

Page 20: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

icp_query_timeout 0maximum_icp_query_timeout 5000mcast_icp_query_timeout 2000dead_peer_timeout 10 secondshierarchy_stoplist cgi-bin ? localhostacl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cachecache_mem 6 MBcache_swap_low 98cache_swap_high 99maximum_object_size 128 MBminimum_object_size 0 KBmaximum_object_size_in_memory 32 KBipcache_size 10240ipcache_low 98ipcache_high 99fqdncache_size 256cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSF

### Opsi Tuning Squidrefresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmodrefresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-imsoverride-lastmodrefresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-imsrefresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-

Page 21: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

lastmodrefresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^gopher: 1440 0% 1440refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire#refresh_pattern ^ftp: 1440 20% 10080#refresh_pattern ^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache#cache_dir aufs /cache 20000 16 256cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88#cache_dir aufs /cache 7000 16 256

### Logcache_access_log /var/log/squid/access.loglogfile_rotate 1cache_log nonecache_store_log noneemulate_httpd_log offlog_ip_on_direct onlog_fqdn offlog_icp_queries off

### DNS serverdns_nameservers 127.0.0.1

quick_abort_min 0quick_abort_max 0quick_abort_pct 98%negative_ttl 15 minutepositive_dns_ttl 24 hours

Page 22: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

negative_dns_ttl 5 minutesrange_offset_limit 0 KB

### Opsi Timeoutconnect_timeout 1 minutepeer_connect_timeout 5 secondsread_timeout 30 minuterequest_timeout 1 minute#client_lifetime 10 hourhalf_closed_clients offpconn_timeout 15 secondshutdown_lifetime 15 second

### Opsi ACLacl manager proto cache_objectacl all src 0.0.0.0/0.0.0.0acl client src 192.168.5.0/29acl tidakbebasdownload time 08:00-22:00acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00acl file_terlarang url_regex -i hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i R32.exeacl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang url_regex -i od-teenacl file_terlarang url_regex -i URLDownload.exeacl file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang url_regex -i malaysexacl file_terlarang url_regex -i edita.htmlacl file_terlarang url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i britneynudeacl file_terlarang url_regex -i download.exe

Page 23: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

acl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex -i GnoOS2003acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex -i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex -i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex -i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl file_terlarang url_regex -i dat0.exeacl IIX dst_as 7713 4622 4795 7597 4787 4795 4800acl block url_regex -i\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$acl local-domain dstdomain localhostacl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535acl Virus urlpath_regex winnt/system32/cmd.exe?acl connect method CONNECTacl post method POSTacl ssl method CONNECTacl purge method PURGEacl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$no_cache deny QUERY manager

http_access allow manager IIX Safe_portshttp_access allow clienthttp_access deny porn !nopornhttp_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURLhttp_access deny file_terlaranghttp_access deny all

### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id

### Opsi Akseleratormemory_pools offforwarded_for on

Page 24: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

log_icp_queries officp_hit_stale onminimum_direct_hops 4minimum_direct_rtt 400store_avg_object_size 13 KBstore_objects_per_bucket 20client_db onnetdb_low 9900netdb_high 10000netdb_ping_period 30 secondsquery_icmp offpipeline_prefetch onreload_into_ims onpipeline_prefetch onvary_ignore_expire onmax_open_disk_fds 100nonhierarchical_direct onprefer_direct off

### Pendukung Transparan Proxyhttpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy onhttpd_accel_uses_host_header on

### Membatasi Besar File untuk downloadreply_body_max_size 3512000 allow client block tidakbebasdownload

### SNMP#snmp_port 3401#acl snmppublic snmp_community public#snmp_access allow all

header_access User-Agent deny allheader_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)header_access Accept deny allheader_replace Accept */*header_access Accept-Language deny allheader_replace Accept-Language id, en

http_port 8080#icp_port 3130

Page 25: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

icp_query_timeout 0maximum_icp_query_timeout 5000mcast_icp_query_timeout 2000dead_peer_timeout 10 secondshierarchy_stoplist cgi-bin ? localhostacl QUERY urlpath_regex cgi-bin \? localhost

### Opsi Cachecache_mem 6 MBcache_swap_low 98cache_swap_high 99maximum_object_size 128 MBminimum_object_size 0 KBmaximum_object_size_in_memory 32 KBipcache_size 10240ipcache_low 98ipcache_high 99fqdncache_size 256cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSF

### Opsi Tuning Squidrefresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmodrefresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-imsoverride-lastmodrefresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-imsoverride-lastmodrefresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expirerefresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-imsrefresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-

Page 26: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

lastmodrefresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmodrefresh_pattern ^gopher: 1440 0% 1440refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire#refresh_pattern ^ftp: 1440 20% 10080#refresh_pattern ^gopher: 1440 0% 1440refresh_pattern . 0 20% 4320#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

### Direktori cache#cache_dir aufs /cache 20000 16 256cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88#cache_dir aufs /cache 7000 16 256

### Logcache_access_log /var/log/squid/access.loglogfile_rotate 1cache_log nonecache_store_log noneemulate_httpd_log offlog_ip_on_direct onlog_fqdn offlog_icp_queries off

### DNS serverdns_nameservers 127.0.0.1

quick_abort_min 0quick_abort_max 0quick_abort_pct 98%negative_ttl 15 minutepositive_dns_ttl 24 hours

Page 27: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

negative_dns_ttl 5 minutesrange_offset_limit 0 KB

### Opsi Timeoutconnect_timeout 1 minutepeer_connect_timeout 5 secondsread_timeout 30 minuterequest_timeout 1 minute#client_lifetime 10 hourhalf_closed_clients offpconn_timeout 15 secondshutdown_lifetime 15 second

### Opsi ACLacl manager proto cache_objectacl all src 0.0.0.0/0.0.0.0acl client src 192.168.5.0/29acl tidakbebasdownload time 08:00-22:00acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00acl file_terlarang url_regex -i hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i R32.exeacl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang url_regex -i od-teenacl file_terlarang url_regex -i URLDownload.exeacl file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang url_regex -i malaysexacl file_terlarang url_regex -i edita.htmlacl file_terlarang url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i britneynudeacl file_terlarang url_regex -i download.exe

Page 28: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

acl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex -i GnoOS2003acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex -i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex -i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex -i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl file_terlarang url_regex -i dat0.exeacl IIX dst_as 7713 4622 4795 7597 4787 4795 4800acl block url_regex -i\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$acl local-domain dstdomain localhostacl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535acl Virus urlpath_regex winnt/system32/cmd.exe?acl connect method CONNECTacl post method POSTacl ssl method CONNECTacl purge method PURGEacl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$no_cache deny QUERY manager

http_access allow manager IIX Safe_portshttp_access allow clienthttp_access deny porn !nopornhttp_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURLhttp_access deny file_terlaranghttp_access deny all

### Paramater Administratifcache_mgr [email protected]_effective_user squidcache_effective_group squidvisible_hostname proxy.primadona.war.net.id

### Opsi Akseleratormemory_pools offforwarded_for on

Page 29: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

log_icp_queries officp_hit_stale onminimum_direct_hops 4minimum_direct_rtt 400store_avg_object_size 13 KBstore_objects_per_bucket 20client_db onnetdb_low 9900netdb_high 10000netdb_ping_period 30 secondsquery_icmp offpipeline_prefetch onreload_into_ims onpipeline_prefetch onvary_ignore_expire onmax_open_disk_fds 100nonhierarchical_direct onprefer_direct off

### Pendukung Transparan Proxyhttpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy onhttpd_accel_uses_host_header on

### Membatasi Besar File untuk downloadreply_body_max_size 3512000 allow client block tidakbebasdownload

### SNMP#snmp_port 3401#acl snmppublic snmp_community public#snmp_access allow all

header_access User-Agent deny allheader_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)header_access Accept deny allheader_replace Accept */*header_access Accept-Language deny allheader_replace Accept-Language id, en

b. Named.Conf

Page 30: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

//// named.conf for Red Hat caching-nameserver//

options {directory “/var/named”;dump-file “/var/named/data/cache_dump.db”;statistics-file “/var/named/data/named_stats.txt”;/** If there is a firewall between you and nameservers you want* to talk to, you might need to uncomment the query-source* directive below. Previous versions of BIND always asked* questions using port 53, but BIND 8.1 uses an unprivileged* port by default.*/// query-source address * port 53;forwarders {203.130.193.74;202.134.0.155;202.134.2.5;};};

//// a caching only nameserver config//controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};

zone “.” IN {type hint;file “named.ca”;};

zone “localdomain” IN {type master;file “localdomain.zone”;allow-update { none; };};

zone “localhost” IN {type master;

Page 31: Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

file “localhost.zone”;allow-update { none; };};

zone “0.0.127.in-addr.arpa” IN {type master;file “named.local”;allow-update { none; };};

zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {type master;file “named.ip6.local”;allow-update { none; };};

zone “255.in-addr.arpa” IN {type master;file “named.broadcast”;allow-update { none; };};

zone “0.in-addr.arpa” IN {type master;file “named.zero”;allow-update { none; };};

include “/etc/rndc.key”;

c. Gateway 192.168.1.1