Instalasi Squid 3.xx
- Login ke Program WinSCP menggunakan user root
- Copy Paste Perintah-Perintah dibawah ini melalui Putty (Copy lalu Klik kanan pada putty tekan Enter) :
apt-get update
apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev
apt-get install sysv-rc-conf
wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.5.tar.gz
tar xzvf squid-3.4.5.tar.gz
cd squid-3.4.5
./configure \
--prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--disable-dependency-tracking \
--disable-strict-error-checking \
--enable-async-io=32 \
--with-aufs-threads=32 \
--with-pthreads \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--with-aio \
--with-dl \
--enable-icmp \
--enable-esi \
--enable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--enable-kill-parent-hack \
--enable-cache-digests \
--disable-select \
--enable-http-violations \
--enable-linux-netfilter \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
--enable-x-accelerator-vary \
--enable-zph-qos \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-swapdir=/var/spool/squid \
--with-large-files \
--enable-ltdl-convenience \
--with-filedescriptors=65536 \
--enable-ssl \
--enable-ssl-crtd \
--disable-auth \
--disable-ipv6
make && make install
chown -R proxy:proxy /cache
chown -R proxy:proxy /var/log/squid
# Copy 2 file berikut menggunakan Program WinSCP
# =================================================
File "squid.conf" dan "store-id.pl" download disini yang telah diubah dan disesuaikan dengan kebutuhan ke folder: /etc/squid/
File "squid" download disini ke folder: /etc/init.d/
# Ijin execute squid
# ==========================
chmod +x /etc/init.d/squid
chown proxy:proxy /cache
chown 777 /cache
chown -Rf proxy:proxy /cache
chown -R proxy:proxy /var/log/squid
chmod +x /etc/squid/store-id.pl
chown proxy /etc/squid/store-id.pl
chown -Rf proxy:proxy /var/spool/squid
# Setup SSL Bump
# ==============
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl genrsa -out ais-tech.blogspot.com.private 2048
openssl req -new -key ais-tech.blogspot.com.private -out ais-tech.blogspot.com.csr
openssl x509 -req -days 3652 -in ais-tech.blogspot.com.csr -signkey ais-tech.blogspot.com.private -out ais-tech.blogspot.com.cert
cd
mkdir /var/squid
cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db/
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/
# Swap dir
# ========
squid -z
# Copy Paste Perintah-Perintah dibawah ini pada file /etc/rc.local
# ================================================================
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
exit 0
# Mangle dan Routing TPROXY di MIKROTIK
/ip firewall mangle
add action=mark-routing chain=prerouting comment="TPROXY ROUTING" disabled=no dst-port=80,443 in-interface=ether2-local new-routing-mark=tproxy passthrough=no protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=ether3-proxy new-connection-mark=proxy passthrough=yes protocol=tcp src-address=!192.168.3.2
add action=mark-routing chain=prerouting connection-mark=proxy disabled=no in-interface=!ether3-proxy new-routing-mark=tproxy passthrough=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.2 routing-mark=tproxy scope=30 target-scope=10