Konfigurasi Warnet Spedy Pakai Mikx+Linuxprox

Konfigurasi Warnet Spedy pakai MIkx+LinuxProx
Konfigurasi ini menggunakan modem 4 port Dlink dan settingnya seperti berikut :
192.168.1.1
|
modem —–192.168.1.3 Proxy -> GW ke Modem yaitu 192.168.1.1
|
|MIkrotik 192.168.1.2 Mikrotik –>> GW ke Modem Yaitu 192.168.1.1
|
192.168.0.254 —HUb —-LAN
Management BW
1. Konfig Mikrotinya :
MMM MMM KKK TTTTTTTTTTT KKK

MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/
Terminal vt102 detected, using multiline input mode

[admin@MikroTik] > export
# may/20/2007 02:41:49 by RouterOS 2.9.27
# software id = JI4S-NSN
#
/ interface ethernet
set Public name=”Public” mtu=1500 mac-address=00:15:E9:EF:86:FE arp=enabled
disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
set Lan name=”Lan” mtu=1500 mac-address=00:01:02:97:D0:BE arp=enabled disable-
running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment=”” disabled=no
/ interface wireless security-profiles
set default name=”default” mode=none authentication-types=”” unicast-ciphers=””
group-ciphers=”” wpa-pre-shared-key=”” \
wpa2-pre-shared-key=”” eap-methods=passthrough tls-mode=no-certificates tls-
certificate=none static-algo-0=none \
static-key-0=”” static-algo-1=none static-key-1=”” static-algo-2=none static-key-2=””
static-algo-3=none \
static-key-3=”” static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-
key=”” \
radius-mac-authentication=no group-key-update=5m
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00
filter-mac=00:00:00:00:00:00 ssid-all=no \
frames-per-second=25 audio-min=-100 audio-max=-20
/ interface wireless snooper
set multiple-channels=yes channel-time=200ms receive-errors=no
/ interface wireless sniffer
set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no
memory-limit=10 file-name=”” file-limit=10 \
streaming-enabled=no streaming-server=0.0.0.0 streaming-max-rate=0
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2
keepalive-timeout=30 \
default-profile=default-encryption
/ ip pool
add name=”dhcp_pool1″ranges=192.168.0.1-192.168.0.30
/ ip telephony region
/ ip telephony gatekeeper
set gatekeeper=none remote-id=”” remote-address=0.0.0.0
/ ip telephony aaa
set use-radius-accounting=no interim-update=0s
/ ip telephony codec
move G.711-uLaw-64k/sw
move G.711-ALaw-64k/sw
move G.729A-8k/sw
move G.729-8k/sw
move G.723.1-6.3k/sw
move GSM-06.10-13.2k/sw
move LPC-10-2.5k/sw
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=203.130.193.74 secondary-dns=202.134.0.155 allow-remote-
requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-
timeout=15s
/ ip address
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255
interface=Public comment=”” disabled=no
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255
interface=Lan comment=”” disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 maximal-client-connecions=1000
maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying”
disabled=no
/ ip neighbor discovery
set Public discover=yes
set Lan discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=””
disabled=no
/ ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-
mark=http_conn passthrough=yes \
comment=”” disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-
connection-mark=http_conn passthrough=yes \
mark=dns_conn passthrough=yes \
add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-
connection-mark=dns_conn passthrough=yes \
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection new-
connection-mark=ym_conn passthrough=yes \
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection new-
connection-mark=cs_conn passthrough=yes \
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection new-
connection-mark=irc_conn passthrough=yes \
connection-mark=mt_conn passthrough=yes \
connection-mark=email_conn passthrough=yes \
mark=email_conn passthrough=yes \
mark=ssh_conn passthrough=yes \
add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-
mark=http passthrough=no comment=”” \
disabled=no
add chain=prerouting connection-mark=dns_conn action=mark-packet new-packet-
mark=dns passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet new-packet-
mark=ym passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=cs_conn action=mark-packet new-packet-
mark=cs passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet new-packet-
mark=irc passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet new-packet-
mark=mt passthrough=no comment=”” disabled=no
add chain=prerouting connection-mark=email_conn action=mark-packet new-packet-
mark=email passthrough=no comment=”” \
disabled=no
add chain=prerouting connection-mark=ssh_conn action=mark-packet new-packet-
mark=ssh passthrough=no comment=”” disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet new-packet-
mark=test-up passthrough=no comment=”UP \
TRAFFIC” disabled=no
add chain=forward src-address=192.168.1.0/29 action=mark-connection new-connection-
mark=test-conn passthrough=yes \
comment=”CONN-MARK” disabled=no
add chain=forward in-interface=Public connection-mark=test-conn action=mark-packet
new-packet-mark=test-down \
passthrough=no comment=” DOWN-DIRECT CONNECTION” disabled=no
add chain=forward in-interface=Public src-address=192.168.1.0/24 action=mark-
connection new-connection-mark=test-conn \
passthrough=yes comment=”” disabled=no
add chain=output out-interface=Lan dst-address=192.168.0.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no \
comment=”DOWN-VIA PROXY” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=Public action=masquerade comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.3 to-
ports=8080 comment=”” disabled=no
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 comment=””
disabled=yes
disabled=yes
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-
timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-
close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment=”Drop invalid
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Public action=accept comment=”Allow connection to
router from local network” disabled=no
add chain=input action=drop comment=”Drop everything else” disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list address-
list=knock address-list-timeout=15s \
add chain=input protocol=tcp dst-port=7331 src-address-list=knock action=add-src-to-
address-list address-list=safe \
address-list-timeout=15m comment=”” disabled=no
add chain=input connection-state=established action=accept comment=”accept
established connection packets” disabled=no
add chain=input connection-state=related action=accept comment=”accept related
connection packets” disabled=no
add chain=input connection-state=invalid action=drop comment=”drop invalid packets”
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop port
scan connections” disabled=no
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list
action=tarpit comment=”suppress DoS attack” \
disabled=no
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list
address-list=black_list \
address-list-timeout=1d comment=”detect DoS attack” disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to
chain ICMP” disabled=no
add chain=input action=jump jump-target=services comment=”jump to chain services”
disabled=no
add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast
Traffic” disabled=no
add chain=input action=log log-prefix=”Filter:” comment=”” disabled=no
add chain=input action=accept comment=”Allow access to router from known network”
disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”” disabled=no
add chain=input action=drop comment=”drop everything else” disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept
comment=”0:0 and limit for 5pac/s” disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept
add chain=ICMP protocol=icmp action=drop comment=”Drop everything else”
disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-
list=”port scanners” \
address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-
address-list address-list=”port \
scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-
address-list-timeout=2w comment=”SYN/FIN scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-
address-list-timeout=2w comment=”SYN/RST scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-
scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-
list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-
scanners” address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port
scanners” disabled=no
add chain=forward connection-state=established action=accept comment=”allow
established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”allow related
add chain=forward connection-state=invalid action=drop comment=”drop invalid
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster
Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”
disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
disabled=no
add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom”
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor
OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot,
Agobot, Gaobot” disabled=no
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
disabled=no
add chain=input connection-state=invalid action=drop comment=”Drop Invalid
add chain=input connection-state=established action=accept comment=”Allow
Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access to
router from known network” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop comment=”drop
invalid connections” disabled=no
add chain=forward connection-state=established action=accept comment=”allow already
add chain=forward connection-state=related action=accept comment=”allow related
add chain=forward src-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment=”” disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=”” disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=””
disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=””
disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP”
disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC portmapper”
disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC portmapper”
disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT”
disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs” disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS”
disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny NetBus”
disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus”
disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny BackOriffice”
disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP”
disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP”
disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRC
portmapper” disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRC
portmapper” disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT”
disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS”
disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment=”deny BackOriffice”
disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop invalid
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allow
already established connections” disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow source
quench” disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow echo
request” disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow time
exceed” disabled=no
parameter bad” disabled=no
add chain=icmp action=drop comment=”deny all other types” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=yes
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=”default” hotspot-address=0.0.0.0 dns-name=”” html-directory=hotspot
rate-limit=”” http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-
domain=no use-radius=no
/ ip hotspot user profile
set default name=”default” idle-timeout=none keepalive-timeout=2m status-
autorefresh=1m shared-users=1 \
transparent-proxy=yes open-status-page=always advertise=no
/ ip dhcp-server
add name=”dhcp1″interface=Lan lease-time=3d address-pool=dhcp_pool1 bootp-
support=static add-arp=yes \
authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.1 mac-address=00:13:D3:E4:FA:52 client-
id=”1:0:13:d3:e4:fa:52″server=dhcp1 comment=””disabled=no
add address=192.168.0.2 mac-address=00:13:D3:FD:36:98 client-
id=”1:0:13:d3:fd:36:98″server=dhcp1 comment=” ”disabled=no
add address=192.168.0.3 mac-address=00:13:D3:E4:FA:9D client-
id=”1:0:13:d3:e4:fa:9d” server=dhcp1 comment=”” disabled=no
add address=192.168.0.4 mac-address=00:13:D3:FD:02:7E client-id=”1:0:13:d3:fd:2:7e”
server=dhcp1 comment=”” disabled=no
add address=192.168.0.5 mac-address=00:13:D3:E4:FA:30 client-
id=”1:0:13:d3:e4:fa:30″server=dhcp1 comment=””disabled=no
add address=192.168.0.6 mac-address=00:13:D3:FD:36:61 client-
id=”1:0:13:d3:fd:36:61″server=dhcp1 comment=” ”disabled=no
add address=192.168.0.11 mac-address=00:18:F3:43:D4:66 client-
id=”1:0:18:f3:43:d4:66″server=dhcp1 comment=” ”disabled=no
add address=192.168.0.10 mac-address=00:13:D3:FD:37:BA client-
id=”1:0:13:d3:fd:37:ba” server=dhcp1 comment=”” disabled=no
add address=192.168.0.9 mac-address=00:13:D3:C9:E7:C1 client-
id=”1:0:13:d3:c9:e7:c1″server=dhcp1 comment=” ”disabled=no
add address=192.168.0.8 mac-address=00:13:D3:FD:36:6A client-
id=”1:0:13:d3:fd:36:6a” server=dhcp1 comment=”” disabled=no
add address=192.168.0.7 mac-address=00:13:D3:E4:FA:2A client-
id=”1:0:13:d3:e4:fa:2a” server=dhcp1 comment=”” disabled=no
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.254 dns-
server=192.168.0.254,202.134.0.155,203.130.193.74 comment=””
/ ip ipsec proposal
add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=no src-address=0.0.0.0 port=3128 hostname=”proxy” transparent-proxy=no
parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster” max-object-size=4096KiB cache-drive=system max-
cache-size=none \
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying”
disabled=no
/ ip web-proxy cache
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages”
disabled=no
/ system logging
add topics=info prefix=”” action=memory disabled=no
add topics=error prefix=”” action=memory disabled=no
add topics=warning prefix=”” action=memory disabled=no
add topics=critical prefix=”” action=echo disabled=no
/ system logging action
set memory name=”memory” target=memory memory-lines=100 memory-stop-on-
full=no
set disk name=”disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=”echo” target=echo remember=yes
set remote name=”remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d
user=””
/ system clock dst
set dst-delta=+00:00 dst-start=”jan/01/1970 00:00:00″dst-end=”jan/01/1970 00:00:00″
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m
automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=”” disabled=no
set FIXME term=”linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=”MikroTik”
/ system note
set show-at-login=yes note=””
/ system gps
set enabled=no set-system-time=yes
/ system lcd
set enabled=no type=24×4 port=parallel contrast=0
/ system lcd page
set time display-time=5s disabled=yes
set resources display-time=5s disabled=yes
set uptime display-time=5s disabled=yes
set packets display-time=5s disabled=yes
set bits display-time=5s disabled=yes
set version display-time=5s disabled=yes
set Public display-time=5s disabled=yes
set Lan display-time=5s disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard bios
set
/ system health
set state-after-reboot=enabled
/ port
set serial0 name=”serial0″baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-
control=hardware
set serial1 name=”serial1″baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-
control=hardware
/ ppp profile
set default name=”default” use-compression=default use-vj-compression=default use-
encryption=default only-one=default \
change-tcp-mss=yes comment=””
set default-encryption name=”default-encryption” use-compression=default use-vj-
compression=default use-encryption=yes \
only-one=default change-tcp-mss=yes comment=””
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 red-min-
threshold=10 red-max-threshold=50 \
red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-
total-limit=2000
add name=”Download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000
add name=”default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=”HTTP” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=http \
direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-
queue=default disabled=no
add name=”DNS” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=dns direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default
disabled=no
add name=”YMessenger” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=ym \
add name=”CounterStrike” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=cs \
add name=”IRC” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=irc direction=both \
priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default
disabled=no
add name=”Mikrotik” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=mt \
add name=”Email” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=email \
add name=”Oasis” target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=Lan
parent=none direction=both priority=8 \
queue=ethernet-default/ethernet-default limit-at=64000/384000 max-limit=64000/384000
total-queue=default disabled=no
add name=”1″target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=Lan
parent=Oasis packet-marks=test-down \
direction=both priority=8 queue=ethernet-default/ethernet-default limit-at=0/8000 max-
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
limit=0/64000 \
/ queue tree
add name=”upstream” parent=global-out packet-mark=test-up limit-at=384000
queue=default priority=8 max-limit=384000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=”downstream” parent=Lan packet-mark=test-down limit-at=384000
queue=Download priority=8 max-limit=384000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ user
add name=”admin” group=full address=0.0.0.0/0 comment=”system default user”
disabled=no
/ user group
add name=”read”
policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=”write”
policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=”full”
policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=yes port=1700
/ driver
/ snmp
set enabled=yes contact=”admin” location=”admin”
/ snmp community
set public name=”public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=”<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=”” file-limit=10
streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 filter-
address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ tool graphing queue
add simple-queue=all allow-address=0.0.0.0/0 store-on-disk=yes allow-target=yes
disabled=no
/ tool graphing resource
add allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-
static=no redistribute-rip=no \
redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-
rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate
authentication=none prefix-list-import=”” \
prefix-list-export=”” disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no
redistribute-rip=no \
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-
bgp=no metric-static=1 \
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m
garbage-timer=2m
[admin@MikroTik] >
2. Konfig LINUX PROXY
a. Squid.conf
http_port 8080
#icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
### Opsi Cache

cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
### Opsi Tuning Squid

refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-
into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims
override-lastmod
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache

#cache_dir aufs /cache 20000 16 256
cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server

dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
### Opsi Timeout

connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off
pconn_timeout 15 second
shutdown_lifetime 15 second
### Opsi ACL

acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.$compatible;.MSIE.5.5;.Windows.98$$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports

http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratif

cache_mgr support@primadona.war.net.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.primadona.war.net.id
### Opsi Akselerator

memory_pools off
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
pipeline_prefetch on
reload_into_ims on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download

reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all

header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
http_port 8080
#icp_port 3130
icp_query_timeout 0
maximum_icp_query_timeout 5000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
### Opsi Cache

cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
### Opsi Tuning Squid

refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-
into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims
override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims
override-lastmod
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern ^http://*.google.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 reload-into-ims override-
lastmod
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.* 720 100% 4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
### Direktori cache

cache_dir diskd /cache 7000 16 256 Q1=72 Q2=88
### Log
cache_access_log /var/log/squid/access.log
logfile_rotate 1
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
log_fqdn off
log_icp_queries off
### DNS server

dns_nameservers 127.0.0.1
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98%
negative_ttl 15 minute
positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
### Opsi Timeout

connect_timeout 1 minute
peer_connect_timeout 5 seconds
read_timeout 30 minute
request_timeout 1 minute
#client_lifetime 10 hour
half_closed_clients off
pconn_timeout 15 second
shutdown_lifetime 15 second
### Opsi ACL

acl manager proto cache_object
acl all src 0.0.0.0/0.0.0.0
acl client src 192.168.5.0/29
acl tidakbebasdownload time 08:00-22:00
acl porn url_regex -i /usr/local/squid/etc/bokep.txt time 08:00-22:00
acl noporn url_regex -i /usr/local/squid/etc/nobokep.txt time 08:00-22:00
acl file_terlarang url_regex -i hot_indonesia.exe
acl file_terlarang url_regex -i hotsurprise_id.exe
acl file_terlarang url_regex -i best-mp3-download.exe
acl file_terlarang url_regex -i R32.exe
acl file_terlarang url_regex -i rb32.exe
acl file_terlarang url_regex -i mp3.exe
acl file_terlarang url_regex -i HOTSEX.exe
acl file_terlarang url_regex -i Browser_Plugin.exe
acl file_terlarang url_regex -i DDialer.exe
acl file_terlarang url_regex -i od-teen
acl file_terlarang url_regex -i URLDownload.exe
acl file_terlarang url_regex -i od-stnd67.exe
acl file_terlarang url_regex -i Download_Plugin.exe
acl file_terlarang url_regex -i od-teen52.exe
acl file_terlarang url_regex -i malaysex
acl file_terlarang url_regex -i edita.html
acl file_terlarang url_regex -i info.exe
acl file_terlarang url_regex -i run.exe
acl file_terlarang url_regex -i Lovers2Go
acl file_terlarang url_regex -i GlobalDialer
acl file_terlarang url_regex -i WebDialer
acl file_terlarang url_regex -i britneynude
acl file_terlarang url_regex -i download.exe
acl file_terlarang url_regex -i backup.exe
acl file_terlarang url_regex -i GnoOS2003
acl file_terlarang url_regex -i wintrim.exe
acl file_terlarang url_regex -i MPREXE.EXE
acl file_terlarang url_regex -i exengd.EXE
acl file_terlarang url_regex -i xxxvideo.exe
acl file_terlarang url_regex -i Save.exe
acl file_terlarang url_regex -i ATLBROWSER.DLL
acl file_terlarang url_regex -i NawaL_rm
acl file_terlarang url_regex -i Socks32.dll
acl file_terlarang url_regex -i Sc32Lnch.exe
acl file_terlarang url_regex -i dat0.exe
acl IIX dst_as 7713 4622 4795 7597 4787 4795 4800
acl block url_regex -i
\.(aiff|asf|avi|dif|divx|mov|movie|mp3|mpe?g?|mpv2|ogg|ra?m|snd|qt|wav|wmf|wmv)$
acl local-domain dstdomain localhost
acl Bad_ports port 7 9 11 19 22 23 25 53 110 119 513 514
acl Safe_ports port 21 70 80 210 443 488 563 591 777 1025-65535
acl Virus urlpath_regex winnt/system32/cmd.exe?
acl connect method CONNECT
acl post method POST
acl ssl method CONNECT
acl purge method PURGE
acl IpAddrProbeUA browser ^Mozilla/4.0.$compatible;.MSIE.5.5;.Windows.98$$
acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$
no_cache deny QUERY manager
http_access allow manager IIX Safe_ports

http_access allow client
http_access deny porn !noporn
http_access deny Bad_ports Virus IpAddrProbeUA IpAddrProbeURL
http_access deny file_terlarang
http_access deny all
### Paramater Administratif

cache_mgr support@primadona.war.net.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.primadona.war.net.id
### Opsi Akselerator

memory_pools off
forwarded_for on
log_icp_queries off
icp_hit_stale on
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 9900
netdb_high 10000
netdb_ping_period 30 seconds
query_icmp off
reload_into_ims on
vary_ignore_expire on
max_open_disk_fds 100
nonhierarchical_direct on
prefer_direct off
### Pendukung Transparan Proxy

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
### Membatasi Besar File untuk download

reply_body_max_size 3512000 allow client block tidakbebasdownload
### SNMP
#snmp_port 3401
#acl snmppublic snmp_community public
#snmp_access allow all
header_access User-Agent deny all

header_replace User-Agent Mozilla/5.0 (compatible; MSIE 6.0)
header_access Accept deny all
header_replace Accept */*
header_access Accept-Language deny all
header_replace Accept-Language id, en
b. Named.Conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
forwarders {
203.130.193.74;
202.134.0.155;
202.134.2.5;
};
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localdomain” IN {
type master;
file “localdomain.zone”;
allow-update { none; };
};
zone “localhost” IN {
type master;
file “localhost.zone”;
};
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.local”;
};
zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.ip6.local”;
};
zone “255.in-addr.arpa” IN {
type master;
file “named.broadcast”;
};
zone “0.in-addr.arpa” IN {
type master;
file “named.zero”;
};
include “/etc/rndc.key”;
c. Gateway 192.168.1.1

Konfigurasi Warnet Spedy Pakai Mikx+Linuxprox

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Konfigurasi Warnet Spedy Pakai Mikx+Linuxprox

Uploaded by

Copyright:

Available Formats

Konfigurasi Warnet Spedy pakai MIkx+LinuxProx

MMM MMM KKK TTTTTTTTTTT KKK

MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode

2. Konfig LINUX PROXY

### Opsi Cache

### Opsi Tuning Squid

### Direktori cache

### DNS server

### Opsi Timeout

### Opsi ACL

http_access allow manager IIX Safe_ports

### Paramater Administratif

### Opsi Akselerator

### Pendukung Transparan Proxy

### Membatasi Besar File untuk download

header_access User-Agent deny all

### Opsi Cache

### Opsi Tuning Squid

### Direktori cache

### DNS server

### Opsi Timeout

### Opsi ACL

http_access allow manager IIX Safe_ports

### Paramater Administratif

### Opsi Akselerator

### Pendukung Transparan Proxy

### Membatasi Besar File untuk download

header_access User-Agent deny all

You might also like