Showing posts with label Ubuntu. Show all posts
Showing posts with label Ubuntu. Show all posts
konfigurasi Jaringan
====================
port ethernet no.3 ------- SQUID
Klien ---- Switch ---- port ethernet no.2
port ethernet no.1-------Modem
Konfigurasi di MikroTik
=======================
#copy paste command dibawah ini menggunakan menu New Terminal di Winbox#
--------------------------------------------------------------------------
kasi nama interface dan IP address
----------------------------------
/interface ethernet
set 2 name=ether3-proxy
/ip address
add address=192.168.5.1/24 interface=ether3-proxy
Instalasi pada PC Proxy
=======================
--Instalasi Web Proxy di Ubuntu Server 12.04 part 1 - Instalasi Ubuntu Server 12.04---
Hardware (silahkan disesuaikan)
========
- Proc Core 2 Duo
- HDD 40 GB
- RAM 1 GB
- CD/DVD RW
Software
========
- Download Ubuntu Server ver 12.04 (iso)
- Download & Install Putty Installer
- Download & Install WinSCP Installer
Persiapan
=========
- Install NIAT terlebih dahulu :-)
- Burn iso file ke CD /DVD
- Set BIOS PC untuk First Boot melalui CD/DVD
Instalasi Ubuntu Server ver 12.04 Lts
=====================================
Silahkan ikuti petunjuk instalasi dibawah ini. Jumlah cache dan besaran cache sila disesuaikan
---- Configure Language, Location, locales ----
- English [ Tekan Enter ]
- Install Ubuntu Server [ Tekan Enter ]
- English [ Tekan Enter ]
- Other [ Tekan Enter ]
- Asia [ Tekan Enter ]
- Indonesia [ Tekan Enter ]
- United States [ Tekan Enter ]
----Configure the keyboard----
- No [ Tekan Enter ]
- English (US) [ Tekan Enter ]
- English (US) [ Tekan Enter ]
---- Configure the network ----
- Continue [ Tekan Enter ]
- Configure Network Manually [ Tekan Enter ]
- IP Address : 192.168.5.2 [ Tekan Enter ]
- Netmask : 255.255.255.0 [ Tekan Enter ]
- Gateway : 192.168.5.1 [ Tekan Enter ]
- Name Server address : 192.168.5.1 [ Tekan Enter ]
- Hostname : BelajarJaringan [ Tekan Enter ]
- Domain name : [ Tekan Enter ]
- Full name for new user : Belajar Jaringan [ Tekan Enter ]
- username for your account : belajar [ Tekan Enter ]
- choose a password for the new user : passwordku [ Tekan Enter ]
- Re-enter password to verify : passwordku [ Tekan Enter ]
- Encrypt your home directory? : No [ Tekan Enter ]
---- Configure the clock ----
- Jakarta
---- Partition disk ----
- Manual
- SCSI1 (0,0,0) (sda) - 42.9 GB [ Tekan Enter ]
- Create New Partition table on this device ? Yes [ Tekan Enter ]
- pri/log 42.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 1 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih /boot - static files of the boot loader [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Bootable flag [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]
- pri/log 41.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 2 GB [ Tekan Enter ]
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih swap area [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]
- pri/log 39.9 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 19.9 GB [ Tekan Enter ] ------------------> Saya sisakan 20 GB untuk cache dir
- Type for the new partition : Primary [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Mount point [ Tekan Enter ]
- Pilih / - the root file system [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]
- pri/log 20 GB FREE SPACE [ Tekan Enter ]
- Create a New Partition
- New Partition size : 20 GB [ Tekan Enter ]
- Type for the new partition : Logical [ Tekan Enter ]
- Location for the new partition : Beginning [ Tekan Enter ]
- Pilih Use [ Tekan Enter ]
- Pilih ReiserFS journaling file system
- Pilih Mount point [ Tekan Enter ]
- Pilih Enter manually [ Tekan Enter ]
- Hapus /Home ganti menjadi /cache1 [ Tekan Enter ]
- Pilih Mount options [ Tekan Enter ]
- Pilih Noatime [Tekan Tombol Spacebar], Pilih Notail [Tekan Tombol Spacebar] [ Tekan Enter ]
- Pilih Done setting up the partition [ Tekan Enter ]
- Pilih Finish partitioning and write changes to disk [ Tekan Enter ]
- Write the changes to disks : Yes [ Tekan Enter ]
--- Configure the package manager ----
- HTTP proxy information (blank for none) : [ Tekan Enter ]
--- Configure tasksel ---
- How do you want to manage upgrade on this system? : No automatic updates [ Tekan Enter ]
--- Software selection ---
- Pilih OpenSSH Server [Tekan Tombol Spacebar] [ Tekan Enter ]
--- Install the GRUB boot loader on a hard disk---
- Install the GRUB boot loader to the master boot record? : Yes [ Tekan Enter ]
--- [!!] Finish the installation ---
- Pilih Continue [ Tekan Enter ]
- keluarkan CD Installer
Mengganti Password root
=======================
1. Login ke Proxy melalui WinSCP/ Putty dengan login yg Anda buat sewaktu install
2. ketik perintah dibawah ini
sudo su [tekan ENTER]
(masukkan password user yang anda buat sewaktu install)
3. ketik lagi
passwd root [tekan ENTER]
ENTER new UNIX password : (masukkan password baru untuk root)
Retype new UNIX password : (masukkan kembali password yang sama)
pastikan muncul tulisan : passwd : password updated successfully
Instalasi Squid 3 HEAD
======================
Petunjuk:
--------------
- Login ke Program WinSCP menggunakan user root
- Copy Paste Perintah-Perintah dibawah ini melalui Putty (Copy lalu Klik kanan pada putty tekan Enter) :
apt-get update
apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev
apt-get install sysv-rc-conf
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.0.2.tar.gz
tar xzvf squid-3.4.0.2.tar.gz
cd squid-3.4.0.2
./configure --prefix=/usr \
--bindir=/usr/bin --sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datadir=/usr/share/squid \
--infodir=/usr/share/info --mandir=/usr/share/man \
--disable-dependency-tracking --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-icmp --enable-esi --enable-icap-client \
--disable-wccp --disable-wccpv2 \
--enable-kill-parent-hack --enable-cache-digests --enable-follow-x-forwarded-for --enable-x-accelerator-vary --enable-zph-qos \
--with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --with-large-files --enable-ltdl-convenience --with-filedescriptors=65536 \
--enable-ssl --enable-ssl-crtd --disable-auth --build=i486-linux-gnu build_alias=i486-linux-gnu
make && make install
chown -R proxy:proxy /cache
chown -R proxy:proxy /var/log/squid
## Copy 2 file berikut menggunakan Program WinSCP
=================================================
- File "squid.conf" (sila download di http://pastebin.com/PKZkLfpD) yang telah diubah dan disesuaikan dengan kebutuhan ke folder: /etc/squid/
- File "squid" (sila download di http://pastebin.com/8xLYXZQC)ke folder: /etc/init.d/
ijin execute squid
==========================
chmod +x /etc/init.d/squid
Setup SSL Bump
==============
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db/
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/
swap dir
========
squid -z
Copy Paste Perintah-Perintah dibawah ini pada file /etc/rc.local
================================================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.5.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d 192.168.5.2/32 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
exit 0
Mangle dan Routing TPROXY
-------------------------
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY ROUTING" disabled=no dst-port=80,443 in-interface=ether2-Lan new-routing-mark=tproxy_rm passthrough=no protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=ether3-Proxy new-connection-mark=tproxy_cm passthrough=yes protocol=tcp src-address=!192.168.2.1
add action=mark-routing chain=prerouting connection-mark=tproxy_cm disabled=yes in-interface=!ether3-Proxy new-routing-mark=tproxy_rm passthrough=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=tproxy_rm scope=30 target-scope=10
---------------------------------------------------------------------------------------------
First enable the root account by running the command...
:~# sudo passwd -u root
Enter your personal password to continue...
Now reset - add the root password by running the command...
:~# sudo passwd root
You will be prompted for a new password for the root user
That's it, you can switch to root with the 'su' command...
:~# su
enter the root password...
Ah, but it's not over, if you try to login via SFTP as root you will find that your ignored, hmm, what have Ubuntu got against root?
Solution is to edit sshd_config...
:~# nano /etc/ssh/sshd_config
and edit line 28 from...
PermitRootLogin without-password
to
PermitRootLogin yes
Save changes and exit...
Then restart SSH...
:~# service ssh restart
There done, now you can login via SFTP as root.
Here endeth the lesson.
keunggulan dari dns unbound adalah simple dan bisa dituning lebih
tinggi. jadi belum dikasih squid saja udah cepet sekali koneknya heuheuhue.
OK kangsung saja ini panduannya yang benar wkwkwkkwkw di internet ga ada yang benar.
cari referensi sulit yaa langsung ke web alsina aja wess website unbound ambil dengan wget di putty
sebelumnya uninstall dulu bind9 dengan tasksel
# tasksel
hilangkan tanda bintang pada dns-server dengan tombol space
[ * ] Server DNS
jadi
[ ] Server DNS
install DNS UNBOUND
# apt-get install unbound
# cd /etc/unbound
# wget ftp://FTP.INTERNIC.NET/domain/named.cache
# unbound-control-setup
# chown unbound:root unbound_*
# chmod 440 unbound_*
saya menganjurkan backup unbound.conf dulu sebelum diobok-obok
# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.asli
hapus semua isi tulisan file /etc/unbound/unbound.conf dan isikan ini
server:
verbosity: 1
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no
interface: 192.168.2.2 # saya revisi harus ada lan / eth1
interface: 127.0.0.1 # penggunaan cpu, nilai 1 = no threading, nilai 2 = go threading
num-threads: 2
# nilai 2 kali dari num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
# gunakan 1/10 dari memory misal memory 512 mb
# msg-cache size = 512 / 10 = 51,2 ato 50 m
# untuk rrset-cache-size = msg-cache-size X 2
rrset-cache-size: 100m
msg-cache-size: 50m
# rumus untuk single core pentium 4 adalah memory : 2
# sedangkan untuk dual core dan lainya rumusnya 1024/cores - 50
outgoing-range: 256
# Larger socket buffer. OS may need config.
so-rcvbuf: 4m
num-queries-per-thread: 1024
cache-max-ttl: 86400
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
key-cache-size: 4m
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control:192.168.2.0/24 allow # saya revisi juga harus ada lan / eth1
access-control: 127.0.0.0/8 allow
chroot: "/etc/unbound"
username: "unbound"
directory: "/etc/unbound"
#logfile: "/etc/unbound/unbound.log"
#use-syslog: yes
logfile: ""
use-syslog: no
#pidfile: "/etc/unbound/unbound.pid"
root-hints: "/etc/unbound/named.cache"
identity: "DNS"
version: "1.4"
hide-identity: yes
hide-version: yes
harden-glue: yes
do-not-query-address:192.168.2.0/24 # saya revisi harus ada lan / eth1
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: "iterator"
#zone localhost
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
#zone cjmedia.net, samakan dengan dhcp
local-zone: "cjmedia.net." staticlocal-data: "cjmedia.net. 86400 IN NS ns1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN SOA cjmedia.net. hostmaster.cjmedia.net. 3 3600 1200 604800 86400"
local-data: "cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "www.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "ns1.cjmedia.net. 86400 IN A 192.168.2.2" # sama didhcp server
# layanan mail
local-data: "mail1.cjmedia.net. 86400 IN A 192.168.2.2"
local-data: "cjmedia.net. 86400 IN MX 10 mail1.cjmedia.net."
local-data: "cjmedia.net. 86400 IN TXT v=spf1 a mx ~all"
# dns bind hanya diremove systemnya bukan file nya dengan tasksel
local-zone: "168.192.in-addr.arpa." staticlocal-data: "168.192.in-addr.arpa. 10800 IN NS cjmedia.net."
local-data: "168.192.in-addr.arpa. 10800 IN SOA cjmedia.net. hostmaster.cjmedia.net. 4 3600 1200 604800 864000"
local-data: "2.2.168.192.in-addr.arpa. 10800 IN PTR cjmedia.net."
forward-zone:
name: "."
forward-addr:192.168.2.2 # ini saya revisi forward dns local harus ada
forward-addr: 180.131.144.144forward-addr: 180.131.145.145
# anda bisa menambah lebih banyak lagi dns spidol
remote-control:
control-enable: yes
control-interface:192.168.2.2 # saya revisi lan / eth1 harus ada
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
save dan tutup kemudian check konfigurasi unbound diputty
# unbound-checkconf /etc/unbound/unbound.conf
jika komeng keluarnya gini
unbound-checkconf: no errors in /etc/unbound/unbound.conf
berarti konfigurasi sudah betul.
tambahkan dns option pada file /etc/network/interfaces agar modem bisa mengarah ke localhost 127.0.0.1
buka file /etc/network/interfaces. tambahakan baris berikut setelah gateway modem dan sebelum auto eth1
lihat tulisan merah
auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
broadcast 192.168.3.255
gateway 192.168.3.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 127.0.0.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255
save dan restart networking
# services networking restart
restart unbound
# /etc/init.d/unbound restart
kemudian check dns lookup dengan cara
# nslookup
> 192.168.2.2
> 127.0.0.1
> localhost
> cjmedia.net
> www.cjmedia.net
> mail1.cjmedia.net
> google.com
> yahoo.com
> gmail.com
> exit
jika tidak ada masalah maka sudah benar dan reboot kompie anda
# reboot
lihat prosesnya di kompi ubuntu server jika lihat prosesnya berarti sudah ok
recursive DNS server unbound [ OK ]
Pdnsd adalah DNS cache proxy...Proses meminta terjemahan nama domain ke
IP address ini dari komputer kita ke DNS server ISP tidak lama,
rata-rata memakan waktu 500 milidetik, alias setengah detik. namun
bayangkan jika DNS server ISP itu bisa kita pindahkan ke dalam jaringan
lokal di rumah, maka proses penerjemahan nama domain tadi bisa disingkat
sampai cuma tinggal 1 milidetik. jika seharian kita melakukan ratusan
permintaan penerjemahan nama domain, banyak waktu yang bisa dihemat jika
DNS server-nya ada di jaringan lokal.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
untuk mengetahui berapa lama proses yang dibutuhkan untuk melakukan penerjemahan nama domain ini, di linux maupun mac bisa digunakan perintah dig.
langkah - langkah :
# sudo apt-get update
# sudo apt-get install pdnsd
edit usr/share/pdnsd/pdnsd-resolvconf.conf
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit lagi di /etc/default/pdnsd :
# do we start pdnsd ?
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
START_DAEMON=yes
# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
AUTO_MODE=
# optional CLI options to pass to pdnsd(8)
START_OPTIONS=
edit lagi di /etc/pdnsd.conf :
/* Debian specific configuration to work with resolvconf */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
global {
perm_cache = 1024;
cache_dir = "/var/cache/pdnsd";
run_as = "pdnsd";
server_ip = any; // Use eth0 here if you want to allow other
// machines on your network to query pdnsd.
status_ctl = on;
paranoid = on;
min_ttl = 15m; // Retain cached entries at least 15 minutes.
max_ttl = 1w; // One week.
timeout = 10; // Global timeout option (10 seconds).
}
/* server {
label = "resolvconf";
proxy_only = on;
} */
server {
label=DNSpeedy;
ip=202.134.0.155;
ip=203.130.193.74;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
server {
label=DNS;
ip=180.211.88.5;
ip=180.211.88.50;
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}
source {
owner = localhost;
file = "/etc/hosts";
}
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
rr {
name = dns.brother.info;
reverse = on;
a = 192.168.2.2;
owner = localhost;
soa = localhost,root.localhost,42,86400,900,86400,86400;
}
/* vim:set ft=c: */
edit /etc/resolv.conf
name-server nameserver 127.0.0.1
edit /etc/dhcp/dhclient.conf :
#prepend domain-name-servers 127.0.0.1; hilangkan tanda #
tambahkan pada rc.local :
/etc/init.d/pdnsd restart
langsung di test :
sudo /etc/init.d/pdnsd restart
semua langkah pengeditan harus di simpan setelah di edit/ditambahkan...
192.168.2.2 IP server... di sesuaikan IP server anda...
Selamat Mencoba ^_^
Beberapa tool tambahan yang mungkin perlu anda periksa/instal:
# vi /etc/network/interfaces
# sudo ufw disable
# apt-get install nmap
Lakukan instalasi dependensi yang di butuhkan: # sudo apt-get update # sudo apt-get install squid # sudo apt-get install squid squidclient squid-cgi # sudo apt-get install gcc # sudo apt-get install build-essential # sudo apt-get install sharutils # sudo apt-get install ccze # sudo apt-get install libzip-dev # sudo apt-get install automake1.9 # sudo apt-get install multitail
# sudo apt-get install unzip
# sudo apt-get install acpid
Download LUSCA_HEAD-r14809:
# cd /tmp# tar -xvjf LUSCA_HEAD-r14809-patch.tar.bz2# cd LUSCA_HEAD-r14809
Compile, configure dan install Lusca Squid dengan perintah berikut:
# make clean./configure --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid \# make# sudo make install
Konfigurasi dan Tunnelling Lusca Squid :
# cd /etc/squid# mv squid.conf squid.conf.original# unzip squid.conf.ubuntu.zip# mv squid.conf.ubuntu squid.conf# tar -xvzf storeurl.pl.tar.gz# chown proxy:proxy /cache1# chown proxy:proxy /cache2# chmod 777 /cache1# chmod 777 /cache2# chown proxy:proxy /etc/squid/storeurl.pl# chmod 777 /etc/squid/storeurl.pl
Membuat folder-folder swap/cache di dalam folder cache yang telah ditentukan dengan perintah:
# squid -f /etc/squid/squid.conf -z
Periksa konfigurasi squid
squid -NDd1 &
Jika tidak terdapat error jalankan squid:
# sudo /etc/init.d/squid restart
Reboot/restart CPU Ubuntu anda
# shutdown -r now sumber : indoit.web.id
|
Hidupkan PC Calon Proxy Server
Masukkan ‘CD Ubuntu Server’ Ke CDROM
Booting dari CDROM
Pilih language English, Enter
Pilih Install Ubuntu Server, Enter
Tekan enter pada ‘Choose Language’ English
Pilih United States
‘Detect Keyboard Layout Pilih ‘No’
Pada Ubuntu ‘Installer Main Menu’ pilih USA
Pada ‘Keyboard Layout’ Pilih USA
Pilih ‘Continue’ pada ‘Configure The Network’
Pilih ‘Configure Network Manually’
Isi IP Address dengan 192.168.2.1 pilih ‘Continue’, lalu tekan Enter
Netmask 255.255.255.0 pilih ‘Continue’, lalu Enter
Pada Gateway sudah terdapat angka ‘192.168.2.2’, biarkan saja terus Tab
Pilih ‘Continue’
Pada Name Server Addresses sudah terdapat angka ‘192.168.2.1’ abaikan dan
Tab pilih ‘Continue’, lalu enter
Hotsname diisi dengan : anjelanet (terserah anda) terus pilih continue
enter
Domain Name: kosongkan saja, pilih ‘Continue’ dan tekan enter
Pada pilihan ‘Configure The Clock’ pilih ‘Select From Worldwide List’ terus
cari Jakarta, lalu tekan Enter
Pada menu ‘Partition Disk’ pilih ‘Manually’
(Penulis menggunakan 2 Harddisk 250 GB & 500 GB 7200 RPM, RAM 2 GB
PC6400, HDD 500 GB dipersiapkan untuk men-cache Video Streaming & MP3. Jika
HDD & RAM anda berbeda sesuaikan dengan kebutuhan, Pola Partition Nomor 1
& 3 tutorial ini mohon tidak di ubah, cukup penyesuaian pada option RAM
saja)
Selanjutnya Jika menggunakan Harddisk bekas pakai, Langkahnya kita hapus
partisi yang ada terlebih dahulu. Pilih Directory Partition yang akan dihapus,
tekan enter dan pilih Delete The Partition (ULANGI PERINTAH INI UNTUK SEMUA
PARTISI YG TERSISA).
Jika telah selesai pilih ‘Guided Partitioning’, kemudian pilih ‘Manually’
arahkan pada FREE SPACE. (UNTUK HARDDISK KOSONG LANGSUNG KE LANGKAH INI).
1. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition I adalah 256 MB, Jadikan sebesar itu. Pilih Continue,
Enter (Usahakan untuk tidak merubah besaran Partisi Harddisk ini)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Mount point = /boot
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Bootable flag = on
- Pilih ‘Done Setting Up The Partition’
2. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition II adalah 30 GB (Sesuaikan kapasitas HDD anda, minimal 10
GB)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Ext4
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Mount point = /
- Mount options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard
- Pilih ‘Done Setting Up The Partition’
3. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besaran Partisi III adalah 4 GB (RAM 2 GB)
(Untuk RAM 1 GB Isikan Partisi III sebesar 2 GB. Rumus = RAM x 2 = Besar
Partisi SWAP AREA)
- Pilih Primary, Enter
- Pilih Beginning, Enter
- Pada pilihan ‘Use As’ = Swap Area
- Pilih ‘Done Setting Up The Partition’
4. Arahkan ke FREE SPACE HDD1 Pilih Create New Partition, Enter
- Besar Partition IV adalah keseluruhan sisa HDD 1 yang masih FREE SPACE
(dalam hal ini Free Space HDD 1 saya 215,8 GB)
- Pilih Primary, Enter
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache1’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail & Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard,, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
(PERHATIAN : JIKA MENGGUNAKAN 1 HARDDISK, ABAIKAN LANGKAH 5 & 6 BERIKUT
INI)
5. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 300 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache2’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
6. Arahkan ke FREE SPACE HDD2 Create New Partition, Enter
- Besar Partition V adalah 200 GB (Sesuaikan kapasitas HDD anda)
- Pilih Primary, Enter
- Pada pilihan ‘Use As’ untuk Ubuntu Server 32/Bit = ReiserFS, untuk Ubuntu
Server 64/Bit Pada pilihan ‘Use As’ = BtrFS
- Jika muncul option ‘Format The Partition’ tekan enter untuk memilih ‘Yes,
Format it’
- Pada Mount point = Enter dan pilih Manually, ‘/home ubah menjadi /cache3’
- Mount options untuk Ubuntu Server 32/Bit pilih ‘Notail &Noatime’
dengan menekan tombol ‘SPACE’ pada keyboard, untuk Ubuntu Server 64/Bit Mount
options pilih ‘Noatime’ dengan menekan tombol ‘SPACE’ pada keyboard.
- Pilih ‘Done Setting Up The Partition’
Pilih Finish Partitioning And Write Changes To Disk, tekan Enter
Pada pilihan Write The Changes To Disk pilih Yes, tekan Enter
Pada Full Name For The New User isi dg anjelanet, pilih continue &
tekan Enter
Pada Username For Your Account isi dg anjelanet, terus continue & tekan
Enter
Pada a password For The New User isi dg anjelanet, terus continue &
tekan Enter
Pada Re-Enter Password To Verify isi dg anjelanet, terus continue &
tekan Enter
Jika muncul pilihan Use Weak Password pilih Yes, tekan Enter
Pada pilihan Encrypt Your Home Directory pilih ‘No’, tekan Enter
Pada pilihan HTTP Proxy Information dikosongkan saja, pilih Continues,
tekan Enter
Pada saat ‘Configuration apt’ mencapai 23% tekan enter, juga pada 72% tekan
Enter
Pada saat pilihan updating pilih ‘No Automatic Update’
Pada Choose Software To Install pilih ‘OpenSSH Server’ dengan menekan
tombol ‘SPACE’ pada keyboard, selanjutnya pilih Continues, tekan Enter
Pada Pilihan ‘Install GRUB Loader’ pilih Yes
Pada saat ‘Ejecting CD Ubuntu Server Installer’ ambil CD-nya tutup kembali
CDROM dan pilih pilih Continues
‘FINISH THE INSTALLATION & CPU ON PROCEED REBOOT, DON’T TOUCH ANYTHING’
‘NOW WAKE UP… PROXY SERVER UBUNTU IS READY FOR NEXT STAGE’
Login pada Ubuntu Server (Isikan sesuai User & Password anda)
- Login as : anjelanet
- Password : anjelanet
Untuk proses agar bisa Login di @root :
- Ketikan perintah : sudo su – dan tekan enter
- Isikan Password : anjelanet
- Ketikan perintah : passwd dan tekan enter
- Isikan Password Baru : anjelanet
- Isikan kembali Password Baru : anjelanet
- Reboot PC dengan mengetikan perintah = reboot –h now
Ketika sedang mau update muncul seperti ini :
E: Could not get lock /var/lib/apt/lists/lock – open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/
Cara Menanggulanginya sebagai berikut :
1. Masuk pada terminal ubuntu atau bisa menggunakan putty
2. ketik : sudo rm /var/lib/apt/lists/lock
3. Selesai. Update Ulang dengan : sudo apt-get update
~ Selamat Mencoba ~
Cara install webmin di Ubuntu 12.04, buka terminal tambahkan repository :
1- Edit /etc/apt/sources.list file
sudo vi /etc/apt/sources.list
2- Tambahkan barisan ini di bawahnya :
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
3- Import GPG key Webmin
wget http://www.webmin.com/jcameron-key.asc sudo apt-key add jcameron-key.asc
4- Update source list
sudo apt-get update
5- Sekarang install webmin
sudo apt-get install webmin
Sekarang bisa akses webmin buka browser anda dan masukkan : http://serveripanda:10000/
Terima Kasih,
Agar update ubuntu kencang gunakan repository lokal, di sini saya ambil dari kambing.ui.ac.id dan bisa anda sesuaikan dengan daerah masing-masing :
ITBdeb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-proposed main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-security main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise-updates main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu/ precise main restricted universe multiverse
Kambing
deb http://kambing.ui.ac.id/ubuntu/ precise-proposed main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-security main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise-updates main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu/ precise main restricted universe multiverse
UKDW
deb http://repo.ukdw.ac.id/ubuntu precise main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-updates main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-security main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-backports main restricted universe multiverse
deb http://repo.ukdw.ac.id/ubuntu precise-proposed main restricted universe multiverse
Komo
deb http://komo.padinet.com/ubuntu/ precise-proposed main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-security main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise-updates main restricted universe multiverse
deb http://komo.padinet.com/ubuntu/ precise main restricted universe multiverse
copykan ke sources.list : etc/apt/sources.list
simpan....
ketik :
# sudo apt-get update
BTRFS ini adalah format file
system pada ubuntu yang katanya sih kenceng banget buat ngecache squid
proxy feat lusca, dari makyuz jadi mak nyuooozzzz...... hehe,,,,,
postingan kali ini hanya sebagai catatan aja daripada lupa, 
dari konsole ketikkan :cek apakah module sudah terload di system :aptitude install zlib1g-dev zlibc btrfs-tools bzip2
lsmod |grep -i btrfs
jika sudah tinggal format/convert saja,utk format partisi ke btrfs
contoh :
mkfs.btrfs /dev/sdxx
untuk convert :Must run fsck first
fsck.ext4 -f /dev/xxxConvert from Ext3/4-> Btrfs
#btrfs-convert /dev/xxxkalau sudah sukses test dengan mount
#mount -t btrfs /dev.sdxx /cachexxx
cek dengan perintah mount :
jika ingin permanin saat boot, edit /etc/fstab#mount
/dev/sda3 on /cache type btrfs (rw)
misal :
/dev/sda3 /cache btrfs noatime,compress,noacl,barrier=0 0 1
selanjutanya step2nya seperi biasanya
tambahan kalau pas perintah modprobe error seperti ini#chown proxy:proxy /cachexx
#chmod 777 /cachexxx
#squid -z
#/etc/init.d/squid start
modprobe libcrc32c zlib_inflate zlib_deflate btrfs
FATAL: Error inserting libcrc32c (/lib/modules/2.6.32-21-generic-pae/kernel/lib/libcrc32c.ko): Unknown symbol in module, or unknown parameter (see dmesg)
harus install kernel-headernya
uname -a
cek dulu dengan uname -aaptitude install linux-headers-”uname-a”
misal disitu pake versi kernel 2.6.32-21-generic-pae
aptitude install linux-headers-2.6.32-21-generic-pae
trs di rebootbaru install :
agar dikenali secara permanen maka lakukanaptitude install btrfs-tools
modprobe btrfs
lsmod |grep -i btrfs
sumber :/etc/modules
modprobe btrfs
- http://www.forummikrotik.com/software/14967-share-mari-incip2-btrfs-untuk-proxy-cache.html
Aktifkan ip forward :
#echo 1 > /proc/sys/net/ipv4/ip_forward
Masquerade IP, untuk masquerade IP client menjadi IP Public sehingga bisa meresolv domain :
iptables -t nat -A POSTROUTING -j MASQUERADE
Redirect port 80 ke port Squid 3128 :
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
Redirect port 80 ke port Squid 3128 :
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.10:3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 –dport 80 –to-ports 3128
iptables –t nat –A PREROUTING –p tcp –s 192.168.0.0/24 – -dport 80 –j REDIRECT – -to-port 3128
sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.10:3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 –dport 80 –to-ports 3128
iptables –t nat –A PREROUTING –p tcp –s 192.168.0.0/24 – -dport 80 –j REDIRECT – -to-port 3128
sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
di sesuaikan dengan kemauan agan ya...
Manual :
di copy ke etc/rc.local
tempatkan di paling bawah.... Ok
