Selasa, 15 Februari 2011

Instal Squid On-line

Buka mozila

1. masuk terminal
2. apt-get update
3. apt- install squid
4. buka file system>etc>squid>squid.conf (copy)>>dibuka squid.conf jika sdh di copy
5. buka wordpress>> download file squid>> buka file downlload>> lalu buka
6. ctrl +A >> ctrl +c
7. ctrl +A >>ctrl+ V(copy yang ada di bawah ini)
8. lalu isi kan sesuai yang ada dibawah ini

# NETWORK OPTIONS
# ————————————————–
http_port 10.10.10.4 (ip ubuntu) : 3128 transparent
icp_port 0

# OPTIONS WHICH AFFECT THE CACHE SIZE
# ————————————————–
cache_mem 8 MB

cache_swap_low 90
cache_swap_high 95

maximum_object-size 40 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB

ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# —————————————————
cache_dir diskd /cache 9000 16 256 Q1=72 Q2=64

cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none

log_ip_on_direct on
mime_table /etc/squid/mime.conf

______________

log_mime_hdrs off

debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# —————————————————-

ftp_user Squid@
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# OPTIONS FOR TUNING THE CACHE
# —————————————————-

request_header_max_size 15 KB
request_body_max_size 10 MB

refresh_pattern -i cgi-bin 1 20% 2
refresh_pattern -i \? 1 20% 2

refresh_pattern -i \.asp$ 4800 50% 22160
refresh_pattern -i \.acgi$ 4800 50% 22160
refresh_pattern -i \.cgi$ 4800 50% 22160
refresh_pattern -i \.shtml$ 4800 50% 22160
refresh_pattern -i \.php3$ 4800 50% 22160
refresh_pattern -i \.pl$ 4800 50% 22160
refresh_pattern -i \.bom\.gov\.au 30 20% 120
refresh_pattern -i \.html$ 4800 50% 22160
refresh_pattern -i \.htm$ 4800 50% 22160
refresh_pattern -i \.gif$ 22160 95% 43200
refresh_pattern -i \.jpg$ 22160 95% 120960
refresh_pattern -i \.class$ 10080 90% 43200
refresh_pattern -i \.zip$ 22160 95% 43200
refresh_pattern -i \.jpeg$ 22160 95% 120960
refresh_pattern -i \.mid$ 22160 95% 120960
refresh_pattern -i \.exe$ 22160 95% 120960
refresh_pattern -i \.thm$ 10080 90% 43200
refresh_pattern -i \.wav$ 22160 95% 120960
refresh_pattern -i \.txt$ 22160 95% 43200
refresh_pattern -i \.cab$ 22160 95% 120960
refresh_pattern -i \.au$ 22160 95% 120960
refresh_pattern -i \.mov$ 22160 95% 120960
refresh_pattern -i \.xbm$ 10080 90% 43200
refresh_pattern -i \.ram$ 22160 95% 120960
refresh_pattern -i \.avi$ 22160 95% 120960
refresh_pattern -i \.chtml$ 4800 50% 22160
refresh_pattern -i \.thb$ 10080 90% 43200
refresh_pattern -i \.dcr$ 10080 90% 43200
refresh_pattern -i \.bmp$ 22160 95% 120960
refresh_pattern -i \.phtml$ 4800 50% 22160
refresh_pattern -i \.mpege$ 22160 95% 120960
refresh_pattern -i \.pdf$ 22160 95% 120960
refresh_pattern -i \.art$ 10080 90% 43200
refresh_pattern -i \.swf$ 22160 95% 43200
refresh_pattern -i \.mp3$ 22160 98% 120960
refresh_pattern -i \.ra$ 10080 95% 120960
refresh_pattern -i \.spl$ 10080 90% 43200
refresh_pattern -i \.viv$ 10080 95% 120960
refresh_pattern -i \.doc$ 22160 95% 43200
refresh_pattern -i \.gz$ 22160 95% 120960
refresh_pattern -i \.z$ 22160 95% 120960
refresh_pattern -i \.tgz$ 22160 95% 120960
refresh_pattern -i \.tar$ 22160 95% 120960
refresh_pattern -i \.vrm$ 10080 90% 43200
refresh_pattern -i \.vrml$ 10080 90% 43200
refresh_pattern -i \.aif$ 10080 95% 43200
refresh_pattern -i \.aifc$ 10080 90% 43200
refresh_pattern -i \.aiff$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.c$ 10080 90% 43200
refresh_pattern -i \.cpt$ 10080 90% 43200
refresh_pattern -i \.dir$ 10080 90% 43200
refresh_pattern -i \.dxr$ 10080 90% 43200
refresh_pattern -i \.hqx$ 10080 90% 43200
refresh_pattern -i \.jpe$ 22160 95% 120960
refresh_pattern -i \.lha$ 22160 95% 120960
refresh_pattern -i \.lzh$ 22160 95% 120960
refresh_pattern -i \.midi$ 22160 95% 120960
refresh_pattern -i \.movie$ 22160 95% 120960
refresh_pattern -i \.mp2$ 22160 95% 120960
refresh_pattern -i \.mpe$ 22160 95% 120960
refresh_pattern -i \.mpeg$ 22160 95% 120960
refresh_pattern -i \.mpga$ 10080 95% 120960
refresh_pattern -i \.pl$ 10080 90% 43200
refresh_pattern -i \.ppt$ 22160 95% 120960
refresh_pattern -i \.ps$ 10080 95% 43200
refresh_pattern -i \.qt$ 22160 95% 120960
refresh_pattern -i \.qtm$ 22160 95% 120960
refresh_pattern -i \.ras$ 10080 90% 43200
refresh_pattern -i \.sea$ 10080 90% 43200
refresh_pattern -i \.sit$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
refresh_pattern -i \.snd$ 10080 90% 43200
refresh_pattern -i \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 1440 20% 10080
refresh_pattern ^gopher:// 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 95

negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB

# TIMEOUTS
# —————————————————-

forward_timeout 4 minutes
connect_timeout 1 minute

read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minutes

client_lifetime 1 day
half_closed_clients off
pconn_timeout 120 seconds
shutdown_lifetime 3 seconds

# ACCESS CONTROLS
# —————————————————-

acl all src 0.0.0.0/0.0.0.0
acl number proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl lokal src 127.16.0.0/24 (range jaringan)
#acl lokal-domain dstdomain localhost 10.10.10.2 117.103.56.248
acl bloc_situs(web yang di blokir) time MTWHFA 07:00-17:30
acl bloc_kata (kata-kata yang di larang) time MTWHFA 07:00-17:30
acl bloc_ip (ip yg di blokir) time MTWHFA 07:00-17:30
acl SSL_ports port 443 563
acl Safe_ports port 80
acl CONNECT method CONNECT

#always_direct allow localhost lokal-domain

acl situs.txt url-regex -i “/etc/squid/situs.txt”
http_access deny situs.txt bloc_situs

acl kata.txt url-regex -i “/etc/squid/kata.txt”
http_access deny kata.txt bloc_kata

acl ip.txt url-regex -i “/etc/squid/ip.txt”
http_access deny ip.txt bloc_ip

http_access allow manager localhost
http_access allow manager lokal
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
http_access deny to_localhost
http_access allow lokal
http_access allow localhost
http_access deny all

http_reply_access allow all
icp_access deny all
miss_access allow lokal
miss_access deny all

reply_header_mac_size 20 KB
reply_body_max_size 0 allow all

header_access Accept-Encoding allow all
header_access Via allow all

# ADMINISTRATIVE PARAMETERS
# —————————————————

cache_mgr bintang4u@yahoo.com
cache_effective_user proxy
cache_effective_group proxy
visible_hostname aniaja.wordpress.com
unique_hostname aniaja.wordpress.com

# HTTPD-ACCELERATOR OPTIONS
# —————————————————

#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_single_host off
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on

# MISCELLANEOUS
# —————————————————

# append domain .yourdomain.com
tcp_recv_bufsize 0 bytes

#memory_pools on
#memory_pools_limit (bytes)

forwarder_for on

#cachemgr_passwd secret shutdown
cachemgr_passwd aloh4 info stats/objects
#cachemgr_passwd disable all

store_avg_object_size 13 KB
store_object_per_bucket 20

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# ——————————————————————

acl dl1 rep_mime_type -i ^application/octet-stream$ ^audio/mpeg ^video/mpeg$
acl dl2 rep_mime_type -i ^audio/x-realaudio$ ^audio/x-pn-realaudio$
acl dl3 urlpath_regex -i \.mp3$ \.mov$ \.mpg$ \.wav$ \.mpeg$ \.asfs \.iso$
acl dl4 proto FTP
acl dltime time 10:00-13:30
delay pools 2 # 2 delay pools

delay_class 1 2 # pool 1 is a class 2 pool
delay_class 2 2 # pool 2 is a class 2 pool
delay_access 1 allow lokal dl1 dltime
delay_access 1 allow lokal dl2 dltime
delay_access 1 allow lokal dl3 dltime
delay_access 1 deny all
delay_access 2 allow lokal dl4 dltime
delay_access 2 deny all
delay_parameters 1 15360/-1 15360/131072
delay_parameters 2 -1/-1 15360/-1
delay_initial_bucket_level 50

uri_whitespace strip
nonhierarchical_direct on
prefer_direct off

strip_query_terms on
coredump_dir none
ignore_unknown_nameservers on

# ERROR DIRECTORY
# ——————————————————————-

client_persistent_connections on
server_persistent_connections on

pipeline_prefetch off

store_dir_select_algorithm round-robin
ie refresh on





Masuk terminal:

#mkdir /cache

#chown proxy:proxy /cache

#chmod 777 /cache

#squid -7

Cara Merubah Login Root di Gui

1. Klik system>>administration>>user administration
2. Klik root>>klik unlock>>masukkan password user biasa>>authentication (tanpa di clouse)
3. Pilih application>>accesories>>terminal
4. Ketikkan cd /etc/gdm
5. Ketikkan ls
6. ketikkan pico gdm.conf (nama file)
7. mencari AllowRoot (ctrl + w)
8. Pada Allow Root=ganti dg true
9. ctrl+x (save)>>clouse
10. Masuk lagi ke root
11. Root klik 2x
12. Diisi password yg baru
13. Ok >> clouse
14. lalu kembali ke root
15. klik /root 2x
16. lalu isi kan paswword yang baru>OK> clouse
17. lalu klik pojok kanan atas lalu klik logout

Jumat, 28 Januari 2011

Firewall

/ip firewall nat add chain=dst nat dst-address=192.168.0.1
protocol=tcp dst-port=80 action=dst-nat to-address=192.168.5.1
to-ports=80

IP Firewall


1. add chain=input action=drop protocol=tcp ip-in interface=lan dst-port=135-139, 445
2. add chain=input action-dropprotocol-udp in interface-lan dst-port=135-139, 445
3. add chain=forward action=drop protocol=tcp in-interface=lan dst-port=25, 135, 137- 139, 445, 593, 1025, 4691, 5933
4. add chain=forward action=drop protocol=udp in-interface=lan dst-port=25, 135, 137-139, 445, 593, 1025, 4691, 5933
5. add chain=forward action-drop-p2p-bit-torrent
6. add chain=forward action=accept connection-state=esfableshed
7. add chain=forward action=accept connection-state=related
8. add chain-forward action=accept-drop connection-state=invalid