1. Spec komputer yang saya gunakan untuk praktek

2. katakanlah anda punya 2 network card

eth0 IPnya: 202.182.191.222 <-internet

eth1 IPnya: 192.168.0.1 <-LAN

3. Sebelum lanjut install dulu squid dan iptables nya

kalo pake fedora core 5 (distro linux favorit saya), cukup

[root@laluvirtual ~]# yum install squid

iptables gak perlu diinstall nanti kita akan buatkan script iptables sendiri

4. [root@laluvirtual ~]# mv /etc/squid/squid.conf.asli

5. [root@laluvirtual ~]# vi /etc/squid/squid.conf

tambahkan baris berikut:

#Squid.conf oleh laluvirtual silahkan diedit sesuai kebutuhan.

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.0.1/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname laluvirtual.web.id
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

6. simpan file tersebut

7. [root@laluvirtual ~]# vi /etc/sysconfig/iptables

berikut ini isinya:

# Example iptables config file.
# Note the this file uses the format of iptables-save
# What follows is an example of this output. However,

# Example iptables config file.
# Note the this file uses the format of iptables-save
# What follows is an example of this output. However,
# the actual rule lines have been commented out.
# DO NOT USE THE -t (table) OPTION IN THIS FILE!

#

#Modified by laluvirtual

*mangle
:PREROUTING ACCEPT [192.168.1.0:24]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -p tcp --dport 22 -j TOS --set-tos 0x10
COMMIT

*filter
:INPUT ACCEPT [32296:2595574]
:FORWARD ACCEPT [327:113979]
:OUTPUT ACCEPT [42157:3445894]
#firewall
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP

:INPUT ACCEPT [192.168.1.0:24]
:FORWARD ACCEPT [192.168.1.0:24]

:OUTPUT ACCEPT [0:0]

COMMIT

# Completed on Wed Jun 21 12:35:13 2006
# Generated by iptables-save v1.2.3 on Wed Jun 21 12:35:13 2006
*nat
:PREROUTING ACCEPT [8009433:454311769]
:POSTROUTING ACCEPT [1529638:95155672]
:OUTPUT ACCEPT [1273134:83856339]
-A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 202.182.191.222:3128
-A POSTROUTING -s 192.168.0.0/255.255.255.240 -o eth0 -j MASQUERADE
COMMIT

8. restart komputer anda tapi sebelumnya pastikan squid servive dan iptables start on boot dan ingat anda harus mendisable setting firewall yg aktive pada saat diinstallMempublikasikan Posting

[root@laluvirtual ~]# chkconfig squid on

[root@laluvirtual ~]# chkconfig iptables on

[root@laluvirtual ~]# reboot

Label: Linux