Sep 24

Install proxy server di ubuntu 12.04

5. ubah pemilik file folder cache

chown -R proxy:proxy /cache1

chown -R proxy:proxy /cache2

chown -R proxy:proxy /cache3

chown -R proxy:proxy /cache4

chown -R proxy:proxy /var/log/squid

chmod 777 /cache1

chmod 777 /cache2

chmod 777 /cache3

chmod 777 /cache4

6. Copy file squid ke /etc/init.d/

chmod +x /etc/init.d/squid

update-rc.d squid defaults  

7. Buat sertifikat tanah squid nya

cd /etc/squid

mkdir ssl_cert

cd ssl_cert

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der

mkdir /var/squid cd /var/squid

mkdir ssl_db

cd

chown -R nobody /var/squid/ssl_db/

/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs

chown -R proxy:proxy

/var/squid/ssl_db/

8. Buat dir cache

squid -z

9. Tambahkan file dibawah in pada /etc/rc.local

modprobe xt_TPROXY

modprobe xt_socket

modprobe nf_tproxy_core

modprobe xt_mark

modprobe nf_nat

modprobe nf_conntrack_ipv4

modprobe nf_conntrack

modprobe nf_defrag_ipv4

modprobe ipt_REDIRECT

modprobe iptable_nat

iptables -t mangle -F

iptables -t mangle -X

iptables -t mangle -N DIVERT

iptables -t mangle -A DIVERT -j MARK –set-mark 1

iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A INPUT -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp –dport 80 -j TPROXY –tproxy-mark 0x1/0x1 –on port 3129

iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp –dport 443 -j TPROXY –tproxy-mark 0x1/0x1 –on-port 3127

/sbin/ip rule add fwmark 1 lookup 100

/sbin/ip route add local 0.0.0.0/0 dev lo table 100

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter

echo 1 > /proc/sys/net/ipv4/ip_forward

exit 0

10. Tambahkan mangle pada mikrotik

/ip firewall mangle add action=mark-routing chain=prerouting comment=”TPROXY ROUTING” disabled=no dst-port=80,443 in-interface=ether2-local new-routing-mark=tproxy_rm passthrough=no \ protocol=tcp

add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=ether3-proxy new-connection-mark=tproxy_cm passthrough=yes protocol=tcp \ src-address=!192.168.3.2

add action=mark-routing chain=prerouting connection-mark=tproxy_cm disabled=no in-interface=!ether3-proxy new-routing-mark=tproxy_rm passthrough=no

/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.2 routing-mark=tproxy_rm scope=30 target-scope=10

Pages:

Related posts

Setting ubuntu sebagai gateway internet

Load Balance PCC Mikrotik + Proxy External

Apakah itu proxy dan squid

Translate »