Tuesday, May 15, 2012

SETTING MIKROTIK + PROXY

Mari Berbagi...

=============== Part1 --> Setting Mikrotik :

Internet = 192.168.10.10

Mikrotik (ane pake RB750)

eth0 = Public (192.168.10.11) --> Internet
eth1 = Local (192.168.2.1) --> Warnet
eth2 = Proxy (192.168.3.1)
eth3 = Hotspot (192.168.4.1)
eth4 = Family (192.168.5.1) --> untuk keluarga/pribadi

Ane asumsikan settingan pada mikrotik agan-agan masih dari pabriknya (default)... jika sudah pernah disetting, silahkan browsing bagaimana mereset ulang mikrotik.

Masuk ke Mikrotik dan Copy paste di New Terminal (bagi yg masih Newbie, silahkan browsing cara Copy Paste perintah di Terminal)

_________ Memberikan nama-nama ethernet Mikrotik

/interface ethernet
set 0 comment="Public Interface" name=Public
set 1 comment="Local Interface" name=Local
set 2 comment="Proxy Interface" name=Proxy
set 3 comment="Hotspot Interface" name=Hotspot
set 4 comment="Family Interface" name=Family

_________ Setting IP Address masing-masing ethernet Mikrotik

/ip address
add address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=Local network=192.168.2.0
add address=192.168.3.1/24 broadcast=192.168.3.255 comment="" disabled=no \
interface=Proxy network=192.168.3.0
add address=192.168.4.1/24 broadcast=192.168.4.255 comment="" disabled=no \
interface=Hotspot network=192.168.4.0
add address=192.168.5.1/24 broadcast=192.168.5.255 comment="" disabled=no \
interface=Family network=192.168.5.0
add address=192.168.10.11/24 broadcast=192.168.10.12 comment="" disabled=no \
interface=Public network=192.168.10.0

_________ Isi DNS sesuai dengan DNS Modem = silahkan diganti

/ip dns
set primary dns=203.130.193.74 allow-remote-requests=yes
set secondary dns=203.130.206.250 allow-remote-requests=yes

_________ Setting Gateway

/ip route
add gateway=192.168.10.10 comment="" disabled=no

_________ Membuka Port-port

/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=221
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291

_________ Membuka Port NTP

/system ntp client
set enabled=yes mode=unicast primary-ntp=152.118.24.8 secondary-ntp=\
202.169.224.16

_________ Membuat Daftar Firewall yang akan dimasukkan ke Proxy (squid.conf)

/ip firewall address-list
add address=192.168.3.1/24 comment="" disabled=no list=proxynet
add address=192.168.2.1/24 comment="" disabled=no list=localnet
add address=192.168.4.1/24 comment="" disabled=no list=wifinet
add address=192.168.5.1/24 comment="" disabled=no list=family

_________ Membuat NAT dari Daftar Firewall yang akan diteruskan ke Proxy

/ip firewall nat
add action=masquerade src-address-list=proxynet chain=srcnat comment="NAT-PROXY" disabled=no \
out-interface=Public
add action=masquerade src-address-list=localnet chain=srcnat comment="NAT-LOCAL" disabled=no \
out-interface=Public
add action=masquerade src-address-list=wifinet chain=srcnat comment="NAT-HOTSPOT" disabled=no \
out-interface=Public
add action=masquerade src-address-list=family chain=srcnat comment="NAT-FAMILY" disabled=no \
out-interface=Public
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY1" disabled=no \
dst-address-list=!proxynet dst-port=80,8080,3128 in-interface=Local \
protocol=tcp to-addresses=192.168.3.2 to-ports=3128
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY2" disabled=no \
dst-address-list=!proxynet dst-port=80,8080,3128 in-interface=Hotspot \
protocol=tcp to-addresses=192.168.3.2 to-ports=3128
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY3" disabled=no \
dst-address-list=!proxynet dst-port=80,8080,3128 in-interface=Family \
protocol=tcp to-addresses=192.168.3.2 to-ports=3128


‎=============== Part2 --> Install Ubuntu Server 10.10 :

Dari pada berlama-lama buatnya, agan bisa lihat aja cara instalasi Ubuntu server di :

http://www.wirelessrouterproxy.com/2011/07/cara-install-ubuntu-1104-untuk-di.html

Cuman tutorial diatas pake 11.04, tapi tdk jauh bedalah...

Perlu diperhatikan kembali bahwa :

- Pada "Configure The Network", pilih Configure network manually, dan isi IP Proxy = 192.168.3.2

- Pembagian partisi, dari 80gb ane menggunakan :

/boot = Primary = 1GB = Ext3

/ = Primary = 9GB = Ext3

/usr = Primary = 4GB = Ext3

/var = Primary = 4GB = Ext3

/swap = 2GB

/proxy1 = Logical = 10GB = ReiserFS
/proxy2 = Logical = 10GB = ReiserFS
/proxy3 = Logical = 10GB = ReiserFS
/proxy4 = Logical = 10GB = ReiserFS
/proxy5 = Logical = 10GB = ReiserFS
/proxy6 = Logical = 10GB = ReiserFS



‎=============== Part3 --> Konfigurasi IP Address, DNS dan NAT pada Ubuntu Server 10.10

Setelah install ubuntu server, PC terestart, ubah kembali settingan BIOS dan booting lewat harddisk.

- Masukkan username dan password yg dibuat saat penginstalan
- Ketik sudo su
- Masukkan kembali password, sekarang kita sudah masuk ke root (contoh : root@kuala:/home/kuala# )

- Agar bisa diremote menggunakan PuTTY atau WinSCP, sebaiknya memasukkan kembali password yang tadi dibuat :

root@kuala:/home/kuala# passw root , enter
<masukkan password>, enter
<konfirm password>, enter

_________ sekarang kita mengatur IP dan NAT

- Melihat ethernet proxy yang aktif :

root@kuala:/home/kuala# ifconfig | more
(didapati bahwa nama karta jaringan yang dimiliki pada sistem linux dikenal dengan nama eth0 atau eth1)

- Ketik perintah : nano /etc/network/interfaces
(untuk memulai melakukan konfigurasi aamat IP, hapus semua isinya (ctrl K) dan isi dengan :

auto eth0
iface eth0 inet static
address 192.168.3.2
netmask 255.255.255.0
gateway 192.168.3.1
<save dgn ctrl X, Y, enter>

- Restart kartu jaringan : /etc/init.d/networking restart

- Mengaktifkan kartu jaringan : ifconfig eth0 up

- Restart kembali kartu jaringan : /etc/init.d/networking restart

- Memberikan DNS pada proxy dengan mengetik urutan dibawah ini :

touch /etc/resolv.conf
nano /etc/resolv.conf

- Isi DNS dalam resolv.conf :
nameserver <dns primary dlm mikrotik>
nameserver <dns secondary dlm mikrotik>
<save dgn ctrl X, Y, enter>

- Restart kembali kartu jaringan : /etc/init.d/networking restart

- Silahkan diping ke yahoo misalnya : ping yahoo.com ; apakah ada respon atau tidak, jika tidak, silahkan mengecek mikrotiknya... pastikan bahwa proxy terpasang di eth3 mikrotik

- Selanjutnya, ane asumsikan agan sudah bisa ping, kita melakukan konfigurasi agar semua klien yang berada di jaringan lokal bisa mengakses jaringan luar atau melakukan NAT (sebenarnya langkah ini tidak wajib mengingat kita hanya menggunakan 1 LAN dan sudah menggunakan Mikrotik yang telah di atur NAT-nya ... tapi ane tetap memakainya, ketik :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

- jika ingin perintah ini dibaca otomatis setiap proxy restart, maka masukkan ke rc.local, caranya ketik :

nano /etc/rc.local
<isi kembali perintah di atas>
<save dgn ctrl X, Y, enter>

- Terakhir, reboot proxy dengan mengetik : reboot

- Setelah proxy restart, masukkan kembali username dan password, ketik : sudo su, masukkan lagi passwordnya

- Sekarang agan sudah bisa mengatur IP dan NAT di ubuntu server, silahkan agan mencoba browsing di client, jika bisa, berarti ubuntu agan sudah siap di masukkan squid proxy

ralat :

- Agar bisa diremote menggunakan PuTTY atau WinSCP, sebaiknya memasukkan kembali password yang tadi dibuat :

root@kuala:/home/kuala# passwd root , enter
<masukkan password>, enter
<konfirm password>, enter

Sebelum kita lanjut... ane mau sharing ttng sedikit settingan MT... silahkan mencoba : IP yang ane gunakan, seperti Topologi di atas, jadi sesuaikan aja :

/ ip address
add address=192.168.10.11/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=Public comment="Public Interface" disabled=no
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=Local comment="Local Interface" disabled=no
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 \
interface=Proxy comment="Porxy Interface" disabled=no
add address=192.168.4.1/24 network=192.168.4.0 broadcast=192.168.4.255 \
interface=Wifi comment="Hotspot Interface" disabled=no
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 \
interface=Family comment="Kuala" disabled=no

_________________

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.10.10 scope=255 target-scope=10 \
comment="" disabled=no

_________________

/ip dns
set primary-dns=203.190.55.210 secondary-dns=203.190.55.2
11 \
allow-remote-requests=no cache-size=2048KiB cache-max-ttl=1w
/ip dns static
add name="103.10.80.3" address=103.10.80.3 ttl=1d

_________________

/ip firewall nat
add chain=srcnat src-address-list=proxynet out-interface=Public action=masquerade comment="NAT PROXY" disabled=no
add chain=srcnat src-address-list=localnet out-interface=Public action=masquerade comment="NAT LOCAL" disabled=no
add chain=srcnat src-address-list=wifinet out-interface=Public action=masquerade comment="NAT WIFI" disabled=no
add chain=srcnat src-address-list=family out-interface=Public action=masquerade comment="NAT FAMILY" disabled=no
add chain=dstnat src-address=192.168.2.0/24 in-interface=Local dst-address-list=!proxynet
protocol=tcp dst-port=80,8080,3128 action=dst-nat \
to-addresses=192.168.3.2 to-ports=3128 comment="TRANSPARENT PROXY" disabled=no
add chain=dstnat src-address=192.168.4.0/24 in-interface=Wifi dst-address-list=!proxynet
protocol=tcp dst-port=80,8080,3128 action=dst-nat \
to-addresses=192.168.3.2 to-ports=3128 comment="" disabled=no
add chain=dstnat src-address=192.168.5.0/24 in-interface=Family dst-address-list=!proxynet
protocol=tcp dst-port=80,8080,3128 action=dst-nat \
to-addresses=192.168.3.2 to-ports=3128 comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=443 action=dst-nat \
to-addresses=192.168.3.2 to-ports=443 comment="Untuk HTTPS IPCOP" \
disabled=no

_________________

/ip firewall mangle
add chain=forward content="X-Cache: HIT" action=mark-connection \
new-connection-mark=squid_
con passthrough=yes comment="" disabled=no
add chain=forward connection-mark=squid_con action=mark-packet \
new-packet-mark=squid_pkt passthrough=no comment="" disabled=no
add chain=forward connection-mark=!squid_con
action=mark-connection \
new-connection-mark=all_co
n passthrough=yes comment="" disabled=no
add chain=forward protocol=tcp src-port=80,8080,3128 connection-mark=all_con \
action=mark-packet new-packet-mark=http_pkt passthrough=no comment="" \
disabled=no
add chain=forward protocol=icmp connection-mark=all_con action=mark-packet \
new-packet-mark=icmp_pkt passthrough=no comment="" disabled=no
add chain=forward protocol=tcp dst-port=1973 connection-mark=all_con \
action=mark-packet new-packet-mark=top_pkt passthrough=no comment="" \
disabled=no
add chain=forward connection-mark=all_con action=mark-packet \
new-packet-mark=test_pkt passthrough=no comment="" disabled=no

_________________

/queue simple
add name="Squid_HIT" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=squid_pkt direction=both priority=8 \
queue=default-small/
default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name="Local_Link" dst-address=0.0.0.0/0 interface=all parent=none \
direction=both priority=8 queue=default-small/
default-small limit-at=0/0 \
max-limit=1024000/1024000 total-queue=default-small disabled=no
add name="Game_Link" dst-address=0.0.0.0/0 interface=all \
parent=none packet-marks=top_pkt direction=both priority=1 \
queue=default-small/
default-small limit-at=0/0 max-limit=512000/512000 \
total-queue=default-small disabled=no
add name="Ping_queue" dst-address=0.0.0.0/0 interface=all parent=none \
packet-marks=icmp_pkt direction=both priority=2 \
queue=default-small/
default-small limit-at=0/0 max-limit=0/0 \
total-queue=default-small disabled=no
add name="The_other_port_queue" target-addresses=192.168.3
.0/24 \
dst-address=0.0.0.0/0 interface=all parent=Local_Link packet-marks=http_pkt \
direction=both priority=8 queue=default-small/
default-small \
limit-at=20000/20000 max-limit=256000/256000 total-queue=default-small \
disabled=no
add name="Local Port" target-addresses=192.168.2
.0/24 dst-address=0.0.0.0/0 \
interface=all parent=Local_Link packet-marks=test_pkt direction=both \
priority=8 queue=default-small/
default-small limit-at=0/0 \
max-limit=512000/512000 total-queue=default-small disabled=no
add name="Wifi Port" target-addresses=192.168.4
.0/24 dst-address=0.0.0.0/0 \
interface=all parent=Local_Link packet-marks=test_pkt direction=both \
priority=8 queue=default-small/
default-small limit-at=0/0 \
max-limit=512000/512000 total-queue=default-small disabled=no


=============== Part4 --> Install Squid Proxy Lusca di ubuntu server 10.10 ===> bersambung

Posted by Unknown at 6:42 PM
Labels:

0 comments:

Post a Comment

Silahkan meninggalkan komentar Anda,
Mohon Maaf !!! Jangan meninggalkan Link dan SPAM dalam bentuk apapun, atau komentar Anda akan di laporkan sebagai SPAM...
Setitik komentar Anda, dapat membangun Blog ini...
Terima Kasih atas komentar Anda. . .

Subscribe to: Post Comments (Atom)
Template Design by SkinCorner