2 ISP 1 ROUTER WITH LOAD BALANCING (MIKROTIK)

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment=”” \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment=”” disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment=”” disabled=no
/ ip firewall mangle
add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment=”” disabled=no
add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment=”” disabled=no
/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment=”” disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment=”” disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment=”” \
disabled=no

Mangle

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment=”” \
disabled=no
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2 \
comment=”” disabled=no
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1 \
comment=”” disabled=no

router punya 2 upstream (WAN) interfaces dengan ip address 10.111.0.2/24 and 10.112.0.2/24. dan interface LAN dengan nama

interface “Local” dan ip address 192.168.0.1/24.

/ ip firewall mangle

add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes comment=”” \
disabled=no

add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment=”” disabled=no

add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment=”” \
disabled=no
add chain=prerouting in-interface=Local connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment=”” disabled=no

NAT

/ ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 \
to-ports=0-65535 comment=”” disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 \
to-ports=0-65535 comment=”” disabled=no

Routing

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even \
comment=”” disabled=no
add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 comment=”” \
disabled=no comment=”gateway for the router itself”

NB : NTH yaitu :

Angka Pertama = Every (N)
Angka Kedua = Counter (T)
Angka Ketiga = Packet (H)

1,1,0 berarti

1 ( 2 paket, 0-1)
1 ( 1 paket)
0 ( paket yg pertama)

MIKROTIK PISAH DOWNLOAD, BROWSE DAN GAME DI 1 LINE

Test running well di RB750 OS ver.4.11

Mangle:
GAME
contoh buat Point Blank, game lain sesuaikan aja port/ip nya
chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190 comment=”Point Blank”
chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010
chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no connection-mark=Game
chain=prerouting action=jump jump-target=game
POKER
chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp dst-address-list=LOAD POKER comment=”POKER”
chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp content=statics.poker.static.zynga.com
chain=forward action=mark-packet new-packet-mark=Poker passthrough=no connection-mark=Poker_con
BROWSING
chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment=”BROWSE”
chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http
UPLOAD
chain=prerouting action=mark-packet new-packet-mark=Upload passthrough=no protocol=tcp src-address=192.168.0.0/24 in-interface=Lan packet-mark=!icmp_pkt comment=”UPLOAD”
LIMIT DOWNLOAD
chain=forward action=mark-connection new-connection-mark=Download passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Poker_con connection bytes=262146-4294967295 comment=”LIMIT DOWNLOAD”
chain=forward action=mark-packet new-packet-mark=Download_pkt passthrough=no packet-mark=!Game_pk> connection-mark=Download
QUEUE
queue type
name=”Download” kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
name=”Http” kind=pcq pcq-rate=1M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
name=”Game” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000
name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
Queue Tree
name=”Main Browse” parent=Lan limit-at=0 priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name=”Browse” parent=Main Browse packet-mark=http_pkt limit-at=0 queue=Http priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name=”Game” parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name=”Poker” parent=global-out packet-mark=Poker limit-at=0 queue=Game priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name=”Download” parent=global-out packet-mark=Download_pkt limit-at=0 queue=Download priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s
name=”Main Upload” parent=global-in limit-at=0 priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s
name=”Upload” parent=Main Upload packet-mark=Upload limit-at=0 queue=Upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
HASILNYA
BROWSING 1Mbs bagi rata sekampung (baca: satu jaringan)
DOWNLOAD 256Kbps bagi rata sekampung
GAME seadanya bandwith sesuai kebutuhan sekampung
POKER seadanya bandwith sesuai kebutuhan sekampung
UPLOAD seadanya bandwith bagi rata sesuai kebutuhan sekampung

LOAD BALANCING pada MIKROTIK VERSI 4.11 di RB 750

LOAD BALANCING pada MIKROTIK VERSI 4.11 di RB 750

Disini mencoba membuat load balancing dengan menggunakan routerboard RB 750 indoor yang mempunyai 5 interface, apabila kita ingin membuat load balancing failover pada mikrotik versi 4.11, disini saya menggunakan 2 jalur input WAN dengan 1 jalur output yang ditujukan pada Local Area Network.

Disini diatur interface dengan setting

- LAN = 192.168.1.0/24

- Uplink = WAN 1 = 192.168.20.6/28

- Uplink = WAN 2 = 192.168.10.12/24

Disini saya menggunakan 2 ISP WLAN, kalo di tempat anda menggunakan telkom speedy maka lihat dulu line tersebut mempunyai gateway yang sama atau tidak .  Apabila gateway sama,  anda harus setting PPPOE (mikrotik yang dial PPPOE sendiri),  maka anda pilih salahsatu dari gateway yang sama itu buat PPPOE yang lain bikin setting PPPOE dial dari modem yaitu modem yang jadi gateway.  Hal ini digunakan biar traffik jalan dengan maksimal, biasanya kalo cuma PPPOE dial mikrotik dengan gateway yang sama loadbalancing kurang maksimal bahkan sering terjadi 1 gateway saja yang jalan aktif.

Setting di mikrotik versi 4.11 adalah sebagai berikut :

/ ip firewall mangle

add chain=prerouting action=mark-connection new-connection-mark=conn_1
passthrough=yes connection-state=new in-interface=LAN nth=2,1

add chain=prerouting action=mark-routing new-routing-mark=conn_1
passthrough=no in-interface=LAN connection-mark=conn_1

add chain=prerouting action=mark-connection new-connection-mark=conn_2
passthrough=yes connection-state=new in-interface=LAN nth=1,1

add chain=prerouting action=mark-routing new-routing-mark=conn_2
passthrough=no in-interface=LAN connection-mark=conn_2

/ip firewall nat

add chain=srcnat action=masquerade out-interface=WAN1 connection-mark=conn_1

add chain=srcnat action=masquerade out-interface=WAN2 connection-mark=conn_2

/ip route

add dst-address=0.0.0.0/0 gateway=192.168.20.14 scope=255 target-scope=10 routing-mark=conn_1 comment=”"disabled=no

add dst-address=0.0.0.0/0 gateway=192.168.10.100 scope=255 target-scope=10 routing-mark=conn_2 comment=”"disabled=no

add dst-address=0.0.0.0/0 gateway=192.168.20.14 scope=255 target-scope=10 comment=”"disabled=no

Hasil settingan diatas

Selamat mencoba dan good luck.

Tips dan Cara Memperbaiki Windows XP Tanpa Instalasi Ulang.

Memperbaiki Instalasi ( Repair Install )

Jika Windows XP Anda rusak (corrupted) dimana Anda tidak mempunyai sistem operasi lain untuk booting,
Anda dapat melakukan perbaikan instalasi (Repair Install) yang bekerja sebagaimana setting (pengaturan)
yang awal.  Kemudian …

• Pastikan Anda mempunyai kunci (key) Windows XP yang valid.
• Keseluruhan proses akan memakan waktu kurang lebih 1/2 atau 1 jam, tergantung spek komputer Anda.
• Jika Anda dimintai password administrator, sebaiknya Anda memilih opsi perbaikan (repair) yang kedua,
  bukan yang pertama.
• Masukkan CD Windows XP Anda dan lakukan booting dari CD tersebut.
• Ketika sudah muncul opsi perbaikan kedua R=Repair, tekan tombol R
  Ini akan memulai perbaikan.
• Tekan tombol F8 untuk menyetujui proses selanjutnya “I Agree at the Licensing Agreement”
• Tekan tombol R saat direktori tempat Windows XP Anda terinstal. Biasanya C:\WINDOWS
  Selanjutnya akan dilakukan pengecekan drive C: dan mulai menyalin file-file.
  Dan secara otomatis restart jika diperlukan. Biarkan CD Anda dalam drivenya.
• Berikutnya Anda akan melihat sebuah gambar “progress bar” yang merupakan bagian dari perbaikan,
  dia nampak seperti instalasi XP normal biasanya, meliputi “Collecting Information, Dynamic Update,

Preparing Installation, Installing Windows, Finalizing Installation

• Ketika ditanya, klik tombol Next
• Ketika ditanya untuk memasukkan kunci, masukkan kunci (key) Windows XP Anda yang valid.
• Normalnya Anda menginginkan tetap berada dalam nama Domain atau Workgroup yang sama.
• Komputer akan restart.
• Kemudian Anda akan mempunyai layar yang sama sebagaimana pengaktifan sistem ketika instalasi normal.
• Register jika Anda menginginkannya (biasanya tidak diperlukan).
• Selesai 

Sekarang Anda bisa log in dengan account Anda yang sudah ada.

NTOSKRNL Rusak atau Hilang (Missing or Corrupt)

Jika Anda mendapati pesan error bahwa “NTOSKRNL not found” / NTOSKRNL tak ditemukan, lakukan:

• Masukkan CD Windows XP dan booting dari CD tersebut.
• Pada saat muncul opsi R=Repair yang pertama, tekan tombol R.

• Tekan angka sesuai dengan lokasi instalasi Windows yang ingin diperbaiki yang sesuai.
• Biasanya #1
• Pindahlah ke drive CD Drive Anda berada.
• Tulis: CD i386
• Tulis: expand ntkrnlmp.ex_ C:\Windows\System32\ntoskrnl.exe
• Jika Windows XP Anda terinstal di tempat lain, maka ubahlah sesuai dengan lokasinya.
• Keluarkan CD Anda dan ketikkan EXIT
• Selesai

HAL.DLL Rusak atau Hilang (Missing or Corrupt)

Jika Anda mendapatkan error berkenaan dengan rusak atau hilangnya file hal.dll, ada kemungkinan
file BOOT.INI mengalami salah konfigurasi (misconfigured).

• Masukkan CD Windows XP dan booting dari CD tersebut.
• Pada saat muncul opsi R=Repair yang pertama, tekan tombol R.
• Tekan angka sesuai dengan lokasi instalasi Windows yang ingin diperbaiki yang sesuai.
• Biasanya #1
• Tulis: bootcfg /list

Menampilkn isi/masukan pada file BOOT.INI saat ini

• Tulis: bootcfg /rebuild

Memperbaiki konfigurasi dari file BOOT.INI

• Keluarkan CD Anda dan ketikkan EXIT

Direktori \WINDOWS\SYSTEM32\CONFIG rusak atau hilang

Jika Anda mendapatkan error dengan tulisan :

“Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\CONFIG\SYSTEM or \WINDOWS\SYSTEM32\CONFIG\SOFTWARE”

• Masukkan CD Windows XP dan booting dari CD tersebut.
• Pada saat muncul opsi R=Repair yang pertama, tekan tombol R.
• Tekan angka sesuai dengan lokasi instalasi Windows yang ingin diperbaiki yang sesuai.
• Biasanya #1
• Masukkan password administrator jika diperlukan.
• Tulis: cd \windows\system32\config
• Berikutnya tergantung di bagian mana letak terjadinya kerusakan:
• Tulis: ren software software.rusak ATAU ren system system.rusak
• Berikutnya lagi juga tergantung di bagian mana letak terjadinya kerusakan:
• Tulis: copy \windows\repair\system
• Tulis: copy \windows\repair\software
• Keluarkan CD Anda dan ketikkan EXIT

NTLDR atau NTDETECT.COM tak ditemukan (NTLDR or NTDETECT.COM Not Found)

Jika Anda mendapati error bahwa NTLDR tak ditemukan saat booting:

1. Untuk partisi tipe FAT

Silakan Anda melakukan booting dari disket Win98 Anda dan salinlah file NTLDR atau NTDETECT.COM
dari direktori i386 ke drive induk/akar (root) C:\

2.  Untuk partisi tipe NTFS

• Masukkan CD Windows XP dan booting dari CD tersebut.
• Pada saat muncul opsi R=Repair yang pertama, tekan tombol R.
• Tekan angka sesuai dengan lokasi instalasi Windows yang ingin diperbaiki yang sesuai.
• Biasanya #1
• Masukkan password administrator jika diperlukan.
• Masukkan perintah berikut, dimana X: adalah alamat drive dari CD ROM Anda (Sesuaikan!).
• Tulis: COPY X:\i386\NTLDR C\:
• Tulis: COPY X:\i386\NTDETECT.COM C:\
• Keluarkan CD Anda dan ketikkan EXIT

SELESAI, Moga bisa ngebantu yang lainnya 

sharing install squid 2.7.STABLE9 dengan TPROXY-4.1 di ubuntu 10.04

ane belom pernah pake squid dari package ubuntu, jadi ane kurang tau paket dari ubuntu server udah support TPROXY belom.

buat install squid agar optimal bisa tweaking dulu system ubuntu anda
1. tweaking limit open file & ip forwarding

Code:

echo "*                soft    nofile          65535" >> /etc/security/limits.conf
echo "*                hard    nofile          65535" >> /etc/security/limits.conf
echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

2. install build essential & libcap-dev

Code:

apt-get install build-essential
apt-get install libcap-dev

setelah itu selesai semua barulah kita install squid

1. download squid2.7.STABLE9 & patch

Code:

wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gz
wget http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch

2. extract & patch squid

Code:

tar -zxvf squid-2.7.STABLE9.tar.gz
cd squid-2.7.STABLE9
patch -p1 < ../squid-2.7s9-tproxy-4.patch

3. compile & install squid

Code:

./configure '--prefix=/usr/local/squid' \
'--enable-async-io=24' \
'--enable-storeio=ufs,aufs,null,diskd' \
'--enable-auth=basic' \
'--enable-err-languages=English' \
'--disable-ident-lookups' \
'--disable-cache-digests' \
'--enable-follow-x-forwarded-for' \
'--enable-delay-pools' \
'--enable-http-violations' \
'--enable-arp-acl' \
'--with-maxfd=65535' \
'--enable-linux-netfilter' \
'--enable-linux-tproxy' \
'--with-libcap'
make
make install

option2 diatas optional bisa ditambah/dikurangi pake option2 yang anda inginkan

4. di squid.conf anda tambahkan option ini pada bagian

Code:

http_port 8080 tansparent tproxy
max_filedescriptors 65535

baris ke2 optional, nilai defaultnya 1024

5. setting iproute2 & iptables untuk intercepting tproxy (transparent proxy)

Code:

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080

jalankan squid seperti biasa.. selamat mencoba ^_^

DNS Unbound + Ubuntu

langsung aja

Code:

apt-get install unbound
cd /etc/unbound
wget  ftp://FTP.INTERNIC.NET/domain/named.cache
unbound-control-setup
chown unbound:root unbound_*
chmod 440 unbound_*

trus ubah settingan di /etc/unbound/unbound.conf, dan servis dns lainnya (bind/dnsmasq dll) harus di stop agar tidak bentrok

Code:

 server:
         verbosity: 1
         statistics-interval: 120
         num-threads: 1
         interface: 192.168.20.29

         outgoing-range: 512
         num-queries-per-thread: 1024

         msg-cache-size: 16m
         rrset-cache-size: 32m 

         msg-cache-slabs: 4
         rrset-cache-slabs: 4

         cache-max-ttl: 86400
         infra-host-ttl: 60
         infra-lame-ttl: 120

         infra-cache-numhosts: 10000
         infra-cache-lame-size: 10k

         do-ip4: yes
         do-ip6: no
         do-udp: yes
         do-tcp: yes
         do-daemonize: yes

         #access-control: 0.0.0.0/0 allow
         access-control: 192.168.0.0/16 allow
         access-control: 172.16.0.0/12 allow
         access-control: 10.0.0.0/8 allow
         access-control: 127.0.0.0/8 allow
         access-control: 0.0.0.0/0 refuse

         chroot: "/etc/unbound"
         username: "unbound"
         directory: "/etc/unbound"
         #logfile: "/etc/unbound/unbound.log"
         #use-syslog: yes
         logfile: ""
         use-syslog: no
         pidfile: "/etc/unbound/unbound.pid"
         root-hints: "/etc/unbound/named.cache"

        identity: "DNS"
        version: "1.4"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-not-query-address: 127.0.0.1/8
        do-not-query-localhost: yes
        module-config: "iterator"

        #zone localhost
        local-zone: "localhost." static
        local-data: "localhost. 10800 IN NS localhost."
        local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1" 

        local-zone: "127.in-addr.arpa." static
        local-data: "127.in-addr.arpa. 10800 IN NS localhost."
        local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." 

        #zone cache.dns.sky.net.id
        local-zone: "cache.dns.sky.net.id." static
        local-data: "sky.net.id. 86400 IN NS cache.dns.sky.net.id."
        local-data: "sky.net.id. 86400 IN SOA sky.net.id. proxy.sky.net.id.  3 3600 1200 604800 86400"
        local-data: "sky.net.id. 86400 IN A 192.168.20.29"
        local-data: "www.sky.net.id. 86400 IN A 192.168.20.29"
        local-data: "cache.dns.sky.net.id. 86400 IN A 192.168.20.29"

       local-zone: "20.168.192.in-addr.arpa." static
       local-data: "20.168.192.in-addr.arpa. 10800 IN NS sky.net.id."
       local-data: "20.168.192.in-addr.arpa. 10800 IN SOA sky.net.id. proxy.sky.net.id. 4 3600 1200 604800 864000"
       local-data: "29.20.168.192.in-addr.arpa. 10800 IN PTR sky.net.id."

forward-zone:
        name: "."
        forward-addr: 203.130.193.74
     forward-addr: 125.160.4.82
     forward-addr: 125.160.18.25
     forward-addr: 125.160.16.10
        forward-addr: 203.130.209.242
        forward-addr: 202.134.0.62
        forward-addr: 222.124.18.62
        forward-addr: 203.130.196.5
        forward-addr: 203.130.196.155
        forward-addr: 202.134.1.10
        forward-addr: 222.124.204.34
        forward-addr: 202.134.0.155
        forward-addr: 8.8.4.4
        forward-addr: 8.8.8.8

remote-control:
        control-enable: yes
        control-interface: 192.168.20.29
        control-port: 953
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"

sesuaikan saja terus 

Code:

root@ubuntu:~# /etc/init.d/unbound restart
root@sky:~# nslookup 192.168.20.29
Server:         192.168.20.29
Address:        192.168.20.29#53

29.20.168.192.in-addr.arpa      name = sky.net.id.

root@sky:~# nslookup sky.net.id.
Server:         192.168.20.29
Address:        192.168.20.29#53

Name:   sky.net.id
Address: 192.168.20.29

pemakaian resouce pun lebih hemat dibanding bind

www.forummikrotik.com/software/14263-share-mari-incip2-dns-unbound-high-performance.html 

squid.conf v.2

http://tempat-sampah.googlecode.com
=======================================

#start of config
http_port 3128 transparent
server_http11 on
icp_port 0
# cache_peer 203.128.88.193 parent 8910 0 no-query no-netdb-exchange no-digest

# File Squid
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
error_directory /usr/share/squid/errors/en/
icon_directory /usr/share/squid/icons
mime_table /usr/share/squid/mime.conf
visible_hostname proxy

# Log Squid
access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log /dev/null

# Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off

ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

acl localnet src 192.168.90.0/24

uri_whitespace strip

#DNS NAMESERVER
dns_nameservers /etc/resolv.conf

cache_mem 8 MB
maximum_object_size_in_memory 4 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /cache1 15000 32 256
cache_dir aufs /cache2 15000 32 256

minimum_object_size 128 bytes
maximum_object_size 1024 MB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# Setup some default acls
acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet

# Default block all to be sure
http_access deny all
header_access X-Forwarded-For deny all

tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

# Caching Youtube
acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\.xtube\.com\/(.*)flv
acl videocache_allow_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.youporn\.com\/(.*)\.flv
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i \.tube8\.com\/(.*)\.(flv|3gp)
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram|m4v)
acl videocache_allow_url url_regex -i \.break\.com\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i redtube\.com\/(.*)\.flv
acl videocache_allow_dom dstdomain .mccont.com .metacafe.com .cdn.dailymotion.com
acl videocache_deny_dom dstdomain .download.youporn.com .static.blip.tv
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access deny videocache_deny_dom
storeurl_access allow videocache_allow_url
storeurl_access allow videocache_allow_dom
storeurl_access deny all

storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 7
storeurl_rewrite_concurrency 10

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv ?) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|v ideodownload\?|\.flv?) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale

refresh_pattern \.(ico|video-stats) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern \.etology\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 43200 999999% 43200 override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.co ntextweb\.com|bstats\.adbrite\.com|a1\.interclick\ .com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtend media\.com|\.googlesyndication\.com|advertising\.c om|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\. com|doubleclick\.net|adserving\.cpxinteractive\.co m|syndication\.com|media.fastclick.net).* 43200 20% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 43200 999999% 43200 override-expire ignore-reload ignore-private store-stale negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg 43200 999999% 43200 override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 43200 999999% 43200 override-expire ignore-reload store-stale
refresh_pattern garena\.com 43200 999999% 43200 override-expire reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 43200 999999% 43200 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 43200 999999% 43200 ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 43200 999999% 43200 reload-into-ims override-expire ignore-private store-stale
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 43200 999999% 43200 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 43200 999999% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern (avgate|avira).*(idx|gz)$ 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky.*\.avc$ 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern kaspersky 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 1440 999999% 10080 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

refresh_pattern windowsupdate.com/.*\.(cab|exe) 10080 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern update.microsoft.com/.*\.(cab|exe) 10080 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale
refresh_pattern download.microsoft.com/.*\.(cab|exe) 10080 999999% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims store-stale

#images facebook
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

# games facebook
refresh_pattern ^http:\/\/apps.facebook.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern -i \.zynga.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.farmville.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.ninjasaga.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.mafiawars.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.crowdstar.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
refresh_pattern -i \.popcap.com.*\/ 10080 999999% 43200 ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 99999% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store store-stale ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj| lha|lzh|zip|tar) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|o g(x|v|a|g)|rm|r(a|p)m|snd|vob) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z |t)|xl(s?x)|do(c?x)|flv|x-flv) 43200 999999% 43200 ignore-no-cache ignore-no-store ignore-must-revalidate override-expire override-lastmod reload-into-ims store-stale

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 43200 override-lastmod reload-into-ims store-stale
refresh_pattern . 00 95% 43200 override-lastmod reload-into-ims store-stale

snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
snmp_access deny all

header_access Accept-Encoding deny all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
range_offset_limit 512 KB
read_timeout 30 minutes
client_lifetime 6 hours
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
logfile_rotate 3
store_dir_select_algorithm round-robin
cache_effective_user proxy
cache_effective_group proxy
max_filedescriptors 8192

squid.conf

### Konfigurasi Port

http_port 3128 transparent

prefer_direct off

### Bypass javascript, perl website (jika perlu) dan situs2 yang dekat (satu network) deklarasikan disini

### Untuk caching Facebook, lebih efektif jika ini di comment (nonaktif)

#hierarchy_stoplist cgi-bin ? localhost

#acl QUERY urlpath_regex cgi-bin \? localhost

#no_cache deny QUERY

### Tuning Cache & Objek

cache_mem 8 MB

cache_swap_low 95

cache_swap_high 97

max_filedesc 8192

#server_http11 on

maximum_object_size 700 MB

minimum_object_size 0 bytes

maximum_object_size_in_memory 32 KB

ipcache_size 4096

ipcache_low 95

ipcache_high 97

fqdncache_size 4096

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

### Lokasi Cache

cache_dir aufs /cache6 20240 32 256

cache_dir aufs /cache1 20240 32 256
cache_dir aufs /cache5 20240 32 256

cache_dir aufs /cache2 20240 32 256

cache_dir aufs /cache4 20240 32 256

cache_dir aufs /cache3 20240 32 256

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log none

cache_swap_log /var/log/squid/swap.state

### DNS Server & Cache Queries

#dns_nameservers 203.34.118.10 203.34.118.12

#dns_nameservers 127.0.0.1

### Cache Options

emulate_httpd_log off

hosts_file /etc/hosts

### Objek-objek statis waktu peyimpanannya diperlama
refresh_pattern -i \.(jp?g|gif|pnp|png|\?bm?)$  0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.jar$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.klz$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.dif$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.avi$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.iso$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.3gp$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.mpeg$      0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.xml$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.exe$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.zip$       0       90%     40320   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.mp3$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.dll$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.rar$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.ver$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.erl$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.npz$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.xt$        0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.xtp$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.cfg$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.des$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.new$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.t2bk$      0       90%     43200   ignore-reload override-expire reload-into-ims
refresh_pattern -i \.smd$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.gi$        0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.dat$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.luc$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.flv$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.html$      0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.htm$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.php$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.jsp$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.swf$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.bin$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.pdf$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i \.mp4$       0       90%     43200   ignore-reload override-expire reload-into-ims

refresh_pattern -i (/cgi-bin/|\?)     0     0%      0       ignore-reload override-expire reload-into-ims

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               480     50%     22160   reload-into-ims

### Access Control

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563              # https, snews

acl SSL_ports port 873                  # rsync

acl Safe_ports port 80                  # http

acl Safe_ports port 21                  # ftp

acl Safe_ports port 443 563             # https, snews

acl Safe_ports port 70                  # gopher

acl Safe_ports port 210                 # wais

acl Safe_ports port 1025-65535          # unregistered ports

acl Safe_ports port 280                 # http-mgmt

acl Safe_ports port 488                 # gss-http

acl Safe_ports port 591                 # filemaker

acl Safe_ports port 777                 # multiling http

acl Safe_ports port 631                 # cups

acl Safe_ports port 873                 # rsync

acl Safe_ports port 901                 # SWAT

acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$

acl inputIP url_regex ^http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

#http_access deny inputIP

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

### ACL Akses

acl cybernet src 192.168.15.0/24 

http_access allow localhost

http_access allow cybernet

http_access deny all

### Administratif Squid

cache_mgr starnet

#cachemgr_passwd cybernet all

visible_hostname proxy.starnet

cache_effective_user proxy

cache_effective_group proxy

coredump_dir /var/spool/squid

pid_filename /var/run/squid.pid

shutdown_lifetime 5 seconds

logfile_rotate 7

### Monitoring SNMP

#snmp_port 3401#acl snmpsquid snmp_community public

#snmp_access allow snmpsquid localhost

#snmp_access deny all

### Marking ZPH

zph_mode tos

zph_local 0x30

#zph_parent 0

#tcp_outgoing_tos 0x30 all

cache speedtest

acl speedtest dstdomain .speedtest.telkomspeedy.com
acl speedtest dstdomain .speedtest.cbn.net.id
acl speedtest dstdomain .speedtest.net
acl speedtest dstdomain .speedtest.biznetnetworks.com
acl speedtest dstdomain .speedtest.indosatm2.com
acl speedtest dstdomain .xl.co.id/XLInternet/SpeedTest

acl ganti ini
acl speedtest dstdom_regex -i speedtest.*\.

storeurl_access allow speedtest

refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|tx t|js) 0 50% 180 store-stale negative-ttl=0

Load Balancing 2 Speedy Mikrotik RouterOS V.3.x.xx dan V.4.x.xx

Load Balancing 2 Speedy Mikrotik RouterOS V.3.x.xx dan V.4.x.xx

Langka pertama
Ip modem 1 192.168.1.1
Ip modem 2 192.168.2.1
colokkan modem 1 pada ether1
colokkan modem 2 pada ether2
colokkan yang dari hub pada ether3
posisi PPoE dari modem
--------------------------------------------------------------------------
Pada mikrotik
buka pada winbox.
muncul baru pertama kali remove all configuration
--------------------------------------------------------------------------

    /interface
    set 0 name=modem1
    set 1 name=modem2
    set 2 name=lokal

---------------------------------------------------------------------------------------------------------------------------------------
buat IP di masing2 ethernet
---------------------------------------------------------------------------------------------------------------------------------------

    /ip address
    add address=192.168.1.2/24 netmask=255.255.255.0 interface=modem1
    add address=192.168.2.2/24 netmask=255.255.255.0 interface=modem2
    add address=192.168.0.254/24 netmask=255.255.255.0 interface=lokal

---------------------------------------------------------------------------------------------------------------------------------------
buat mangle untuk load balancing
---------------------------------------------------------------------------------------------------------------------------------------

    /ip firewall mangle
    add chain=prerouting in-interface=lokal connection-state=new nth=2,1 action=mark-connection new-connection-mark=speedy1 passthrough=yes
    add chain=prerouting in-interface=Lokal connection-mark=speedy1 action=mark-routing new-routing-mark=speedy1 passthrough=no
    add chain=prerouting in-interface=lokal connection-state=new nth=2,2 action=mark-connection new-connection-mark=speedy2 passthrough=yes
    add chain=prerouting in-interface=Lokal connection-mark=speedy1 action=mark-routing new-routing-mark=speedy2 passthrough=no

---------------------------------------------------------------------------------------------------------------------------------------
buat NAT untuk load balancing
---------------------------------------------------------------------------------------------------------------------------------------

    /ip firewall nat
    chain=srcnat out-interface=modem1 action=masquerade
    chain=srcnat out-interface=modem2 action=masquerade

---------------------------------------------------------------------------------------------------------------------------------------
buat ip route
---------------------------------------------------------------------------------------------------------------------------------------

    /ip route
    add gateway=192.168.1.1
    add gateway=192.168.2.1 routing-mark=speedy2

---------------------------------------------------------------------------------------------------------------------------------------

Tips and Trik
apabila salah satu speedy down, silahkan semua mangle.
misalnya speedy2 down silahkan disable gateway yang mengarah speedy2
misalnya speedy1 down silahkan disable gateway yang mengarah speedy1 dan hilangkan routing-mark speedy2