Anda di halaman 1dari 5

mungkin kalian sering mendengar atau bahkan menggunakan router di warnet anda

dengan OS seperti linux,


tetapi apalah baiknya bila sekali? kita mencoba untuk mengoptimalkan jantung dari
sebuah warnet,
untuk itu saya sarankan untuk warnet? yang ingin mempunyai sebuah pc router yang
handal sebaiknya menggunakan OS OpenBSD.
Ok, dech klu gitu mari kita mulai
hmm, untuk yang sudah coba instal openBSD jgn lupa untuk membuat sebuah directory
/cache untuk mengganti swap yang nantinya akan digunakan sebagai optimasi dari
squid ini, besarnya kapasitas /cache tergantung dari HD yang tersisa, tp ingat
gunakanlah HD dengan ukuran lebih besar dari 20GB untuk sebuah router openBSD.
Duh, malah banyak critanya nih,kpn mulainya???biggrin.gif
Ok, klu gitu kt mulai aja untuk instal Squidnya,.............

........
........
........

###### SETTING PROXY OpenBSD ####

Download dulu masternya dr situs "http://www.squid-


cache.org/Versions/v2/2.5/squid-2.5.STABLE14-RELEASENOTES.html

Extract squid
# mkdir /usr/local/src
# tar zxvf squid-2.5.STABLE14.tar.gz -C /usr/local/src

Edit squid
# cd /usr/local/src/squid-2.5.STABLE14

# ee src/Makefile.in
Ganti dari DEFAULT_SWAP_DIR=$(localstatedir)/cache
Menjadi DEFAULT_SWAP_DIR=/cache <<<--- bila ada directory /cache masukan smu yg
ada

Kompilasi Squid
# cd /usr/local/src/squid-2.5.STABLE14
./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid \
--sysconfdir=/etc/squid --enable-pf-trannsparent --enable-icp \
--enable-snmp --enable-ssl --enable-remooval-policies=lru,heap \
--enable-default-languages=English --enaable-cache-digests \
--enable-poll --disable-ident-lookups ---disable-hostname-checks \
--enable-err-languages=English --enable--delay-pools --enable-truncate \
--enable-heap-replacement --enable-storeeio=diskd,ufs

hmm (untuk kompilasi ini mungkin bisa di modifikasi sesuka kita yang penting harus
ada
--enable-pf-transparent ----enable-storeeio=diskd,ufs ) kan sudah di kompile
kernel
lanjut

# make
# make install

# groupadd _squid
# useradd -c "Squid Ku" -d /var/empty -g _squid -s /sbin/nologin _squid
# mkdir -p /var/log/squid
# chown _squid:_squid /var/log/squid
# chown _squid:_squid /cache0
# chown _squid:_squid /cache1

# /usr/local/squid/sbin/squid -k parse

Build Cache
# /usr/local/squid/sbin/squid -z

Ok, deh sampai sini selesai tugas kita yg pertama biggrin.gif


oh, iya jangan lupa sebelem Build Cache sebaiknya kita setting dulu squid.conf
untuk peletakan directory cache yg telah kt siapkan. ini saya lampirakan sedikit
untuk squid.conf (letak squid.conf sesuai dengan kompilasi yg telah kita buat td,
biasanya saya meletakannya di /etc/squid/squid.conf)

# Need for transparent proxy


# You need to --enable-ipf-transparent
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# Physical memory / 3
cache_mem 128 MB
# Max out Squid I/O perfomance, 15 GB cache and use Squid special diskd but you
need to recompile the kernel
# To use disk you need to --enable-storeio=diskd,ufs
# Reasonable values for Q1 and Q2 are 72 and 64, respectively.
# Q1 value must bigger Q2
cache_dir diskd /usr/local/squid/cache 15360 16 256 Q1=72 Q2=64

# You can use normal ufs instead


cache_dir ufs /usr/local/squid/cache 15360 16 256

# I dont want to log anything


# The reason is to save some expensive I/O operation.
cache_access_log /dev/null
cache_store_log none
cache_log /dev/null

# Cache replacement policy


# The heap GDSF policy optimizes object-hit rate by keeping smaller popular
# objects in cache, so it has a better chance of getting a hit. It achieves a
# lower byte hit rate than LFUDA, though, since it evicts larger (possibly
popular)
# objects.
# The heap LFUDA ( Least Frequently Used with Dynamic Aging ) policy keeps
# popular objects in cache regardless of their size and thus optimizes byte hit
# rate at the expense of hit rate since one large, popular object will prevent
# many smaller, slightly less popular objects from being cached.
# You need to --enable-removal-policies
cache_replacement_policy GDSF

# Standard Access List


# I have two subnets, one for student and another one for admin
# Modify this according to your network
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl outgoing src 192.168.192.2/255.255.255.255
acl student src 192.168.0.0/255.255.255.0
acl admin src 192.168.192.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager


http_access allow localhost
http_access allow outgoing
http_access allow student
http_access allow admin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

icp_access allow localhost


icp_access allow student
icp_access allow admin
icp_access deny all

# Avoid caching cgi scripts


acl QUERY urlpath_regex cgi-bin
no_cache deny QUERY

acl magic_words1 url_regex -i 192.168


acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi
.mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov

# Delay Pool
# For delay pool, you need to --enable-delay-pools
delay_pools 2

# I have ADSL 2Mbits line


# 2 mbits == 256 kbytes per second
# 256 KB/s, 5 KB/s
# It means 256 KB/s bandwith for the whole network, but 5 KB/s for each node,
which is fair for everybody
delay_class 1 2
delay_parameters 1 256000/256000 5000/256000
delay_access 1 allow magic_words2
delay_access 1 allow student
delay_access 1 allow admin

# -1/-1 means that there are no limits for local traffic.


delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 2 allow magic_words1
# Cancel download if file is bigger than 1MB
reply_body_max_size 1024 KB

# snmp stuff
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
snmp_access deny all

# Change to your domain


# visible_hostname yourdomain.domain.com
# cache_mgr yourname@youremail.com

seep, setting config squid uda selesai, skrg tinggal kita lanjut lagi:D

#####Auto boot####
# ee /etc/rc.local
if [ -x /usr/local/squid/sbin/squid ]; then
echo -n 'squid'; /usr/local/squid/sbin/squid -D
fi

Jalankan dengan

# /usr/local/squid/sbin/squid -D untuk START


# /usr/local/squid/sbin/squid -k shutdown Untuk STOP
# /usr/local/squid/sbin/squid -k reconfigure Untuk restart

##### Transparent proxy #####


# ee /etc/rc.conf
pf=YES

# ee /etc/sysctl.conf
net.inet.ip.forwarding=1

# ee /etc/pf.conf
ext_if="xl0" # public
int_if="rl0" # local

nat on $ext_if from !($int_if) -> ($ext_if)


rdr on $int_if proto tcp from any to any port 80 -> 192.168.0.101 port 3128

# pfctl -f /etc/pf.conf
# pfctl -sn
nat on xl0 from ! (rl0) to any -> (xl0) round-robin
rdr on rl0 inet proto tcp from any to any port = www -> 192.168.0.101 port 3128

# reboot

Ok, sampai disini transparant proxy uda bisa dijalankan.


semoga ini bisa sedikit membantu teman? yg ingin belajar openBSD

special thx for:


www.google.com [paman google]
www.squid-cache.org
You can also edit /etc/rc.local so that Squid is started automatically:

if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'; /usr/local/sbin/squid
fi