#manual for debian7 ubuntu12/14 after finish your installing of ubuntu / debian # change or replace /etc/apt/sources.list with a local repository debian 7 indonesia= deb http://kambing.ui.ac.id/debian/ wheezy main contrib non-free deb http://kambing.ui.ac.id/debian/ wheezy-updates main contrib non-free deb http://kambing.ui.ac.id/debian-security/ wheezy/updates main contrib non-free for debian error key= aptitude install debian-keyring debian-archive-keyring apt-key update apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 apt-get update && apt-get upgrade -y key input (q) #edit tuning limits.conf at /security/limits.conf add /etc/security/limits.conf ============================================================= * soft nofile 65536 * hard nofile 65536 root soft nofile 65536 root hard nofile 65536 proxy soft nofile 65536 proxy hard nofile 65536 ================================================================ #edit kernel @ .. /etc/sysctl.conf ================================================================= #remove all contents and replace with config below ################################################################ << ..................................................................................... kernel.panic = 30 kernel.panic_on_oops = 30 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 fs.file-max = 65536 vm.swappiness = 5 vm.vfs_cache_pressure=50 vm.mmap_min_addr = 4096 vm.overcommit_ratio = 0 vm.overcommit_memory = 0 kernel.shmmax = 268435456 kernel.shmall = 268435456 vm.min_free_kbytes = 65536 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syn_retries = 5 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_max_syn_backlog = 4096 net.ipv4.ip_forward = 1 net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 net.ipv4.tcp_fin_timeout = 15 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_keepalive_probes = 5 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.conf.all.bootp_relay = 0 net.ipv4.conf.all.proxy_arp = 0 net.ipv4.tcp_dsack = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_fack = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.icmp_echo_ignore_all = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.ip_local_port_range = 1024 65535 net.ipv4.tcp_rfc1337 = 1 net.ipv4.tcp_congestion_control = cubic net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_mem = 65536 131072 262144 net.ipv4.udp_mem = 65536 131072 262144 net.ipv4.tcp_rmem = 8192 87380 16777216 net.ipv4.udp_rmem_min = 16384 net.core.rmem_default = 87380 net.core.rmem_max = 16777216 net.ipv4.tcp_wmem = 8192 65536 16777216 net.ipv4.udp_wmem_min = 16384 net.core.wmem_default = 65536 net.core.wmem_max = 16777216 net.core.somaxconn = 32768 net.core.netdev_max_backlog = 4096 net.core.dev_weight = 64 net.core.optmem_max = 65536 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 16384 net.ipv4.tcp_orphan_retries = 0 net.ipv4.ipfrag_high_thresh = 512000 net.ipv4.ipfrag_low_thresh = 446464 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_moderate_rcvbuf = 1 net.unix.max_dgram_qlen = 50 net.ipv4.neigh.default.gc_thresh3 = 2048 net.ipv4.neigh.default.gc_thresh2 = 1024 net.ipv4.neigh.default.gc_thresh1 = 32 net.ipv4.neigh.default.gc_interval = 30 net.ipv4.neigh.default.proxy_qlen = 96 net.ipv4.neigh.default.unres_qlen = 6 net.ipv4.tcp_ecn = 1 net.ipv4.tcp_reordering = 3 net.ipv4.tcp_retries2 = 15 net.ipv4.tcp_retries1 = 3 <<<........................................................................................................... ============================================================================================================== # install web server apt-get install apache2 php5 php5-mysql mysql-server phpmyadmin -y edit apache2.conf @/etc/apache2/apache2.conf # Include the virtual host configurations: Include sites-enabled/ ServerName localhost <<<< adding # install dns server can bind or unbound I used to wear when unbound, user friendly installation apt-get install unbound /etc/init.d/unbound stop cd /etc/unbound wget ftp://ftp.internic.net/domain/named.cache -O /etc/unbound/named.cache edit unbound.conf= <<<my unbound.conf.... http://pastebin.com/2gTnMNAV edit dns-nameservers in /etc/netwwork/interfaces replace with localhost ip # for mikrotik router <<<.. adding my mikrotik nat dns-server unbound resolver= http://pastebin.com/190MZmtz unbound-control-setup chown unbound:root unbound_* && chmod 440 unbound_* /etc/init.d/unbound restart flush cache unbound= /etc/init.d/unbound reload or unbound control-reload #mulai konfigurasi squid proxy # install packet apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ebtables bridge-utils libcap2 libcap-dev libcap2-dev sysv-rc-conf iproute kernel-package libncurses5-dev fakeroot wget bzip2 debhelper linuxdoc-tools libselinux1-dev htop iftop dnstop perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python ccze pastebinit checkinstall libssl-dev htop iftop iptraf mtr-tiny bwm-ng ccze sysv-rc-conf -y #libecap download libecap= http://www.4shared.com/archive/uMVmB3ADce/libecap-100tar.html download DSI_ecap_youtube.so= http://www.4shared.com/file/rYJcJqyVce/DSI_ecap_youtube.html tar -xzf libecap-1.0.0.tar.gz cd libecap-1.0.0/ ./configure && make && make install echo "/usr/local/lib" >> /etc/ld.so.conf ldconfig #ecap_adapter apt-get install pkg-config wget http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample-1.0.0.tar.gz tar -xzf ecap_adapter_sample-1.0.0.tar.gz cd ecap_adapter_sample-1.0.0 # download patch ecap_adapter in mikrotik squid indonesia group / thanks to Mikrotike N SquidLovers https://www.facebook.com/download/989568241123182/patch_ecap_adapter_sample.patch <<< move patch_ecap_adapter_sample.patch > #to directory= /ecap_adapter_sample-1.0.0 <<< and then input the scripts below >>> eksekusi >> patch -p1 < patch_ecap_adapter_sample.patch ./configure && make && make install #squid installation wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.12.tar.gz tar -xzvf squid-3.5.12.tar.gz cd squid-3* ./configure \ CHOST="x86_64-pc-linux-gnu" \ CFLAGS="-march=core2 -O2 -pipe" \ CXXFLAGS="${CFLAGS}" \ --build=x86_64-linux-gnu \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libdir=/usr/lib \ --sharedstatedir=/usr/com \ --includedir=/usr/include \ --localstatedir=/var \ --libexecdir=/usr/lib/squid \ --srcdir=. \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --infodir=/usr/share/info \ --mandir=/usr/share/man \ --x-includes=/usr/include \ --x-libraries=/usr/lib \ --with-default-user=proxy \ --with-logdir=/var/log/squid \ --with-swapdir=/cache/cache \ --with-pidfile=/var/run/squid.pid \ --enable-err-languages=English \ --enable-default-err-language=English \ --enable-storeio=ufs,aufs,diskd \ --enable-linux-netfilter \ --enable-removal-policies=lru,heap \ --enable-gnuregex \ --enable-follow-x-forwarded-for \ --enable-x-accelerator-vary \ --enable-zph-qos \ --enable-delay-pools \ --enable-snmp \ --enable-underscores \ --with-openssl \ --enable-ssl-crtd \ --enable-http-violations \ --enable-async-io=24 \ --enable-storeid-rewrite-helpers \ --with-large-files \ --with-libcap \ --with-libnetfilter-conntrack \ --with-included-ltdl \ --with-maxfd=65536 \ --with-filedescriptors=65536 \ --with-pthreads \ --without-gnutls \ --without-mit-krb5 \ --without-heimdal-krb5 \ --without-gnugss \ --disable-icap-client \ --disable-wccp \ --disable-wccpv2 \ --disable-dependency-tracking \ --disable-auth --disable-epoll \ --disable-ident-lookups \ --disable-icmp \ --enable-ecap \ PKG_CONFIG_PATH=/usr/local/lib/pkgconfig make && make install chown -R proxy:proxy /cache/cache/ chmod -R 777 /cache/cache/ cd /etc/squid mkdir ssl_certs cd ssl_certs openssl genrsa -out squid.key 2048 openssl req -new -key squid.key -out squid.csr -nodes #input data for certificate squid# openssl x509 -req -days 3652 -in squid.csr -signkey squid.key -out squid.crt /usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db #edit squid.conf my squid.conf for tproxy= http://pastebin.com/18Rb3nD0 my squid.conf non tproxy only virtualbox= http://pastebin.com/uvtLinw8 my store-id.pl= http://pastebin.com/pLK4Jk81 chown -R nobody /etc/squid/ chown -R proxy:proxy /etc/squid/ chmod -R 777 /etc/squid/ /usr/lib/squid/ssl_crtd -c -s /etc/squid/ssl_db cd /var/log/squid/ touch access.log touch cache.log cd ... chown -R proxy:proxy /var/log/squid/access.log chown -R proxy:proxy /var/log/squid/cache.log chmod -R 777 /var/log/squid/access.log chmod -R 777 /var/log/squid/cache.log cd /etc/init.d/ touch squid >> add scripts /etc/init.d/squid= http://pastebin.com/W8xQAD0d edit line 64 squid file @/etc/init.d/squid >>line 64= #cache_dir=`find_cache_dir cache_dir /cache/cache` chmod +x /etc/init.d/squid update-rc.d squid defaults /etc/init.d/squid stop <<< chown -R nobody /etc/squid/ssl_db/ <<< chown -R proxy:proxy /etc/squid/ssl_db/ <<< chmod -R 777 /etc/squid/ssl_db/ # edit /etc/rc.local config rc.local>>>.... http://pastebin.com/3z3s1Hpy squid -z reboot ################################################################################### # your mikrotik add your ip proxy @ ip firewall address list <<and this is mikrotik simple config for tproxy access >>> http://pastebin.com/9uyMpMac ##################################################################################### #back to proxy and login input= /etc/init.d/squid restart #ssl_cert import download ssl_cert your squid directory using winscp >> download ssl_certs on directory /etc/squid/ >> to your computer windows/.... #setting non tproxy manual browser input #add setting your browser mozilla / chrome or etc.... # google chrome= setting >>> add https/ssl >> manage certificates >> click trusted root certification click buttin import >>> and import your squid.crt -on directory /ssl_cets # mozilla/firefox click tools >> advanced >> certificates >> clieck button view certifictes >> import your squid.crt -on directory /ssl_cets ======================================================================================================= # if you install dns-crypt and unbound>> script auto start dns-crypt= <<<... /usr/local/sbin/dnscrypt-proxy -a 127.0.0.1:40 -d -R d0wn-sg-ns1 -e 4096 -p /run/dnscrypt-proxy.pid ========================================================================================================
Manual squid-3 tproxy Installation with mikrotik
Subscribe to:
Post Comments (Atom)
Mikrotik Malicious Spam IP Blacklist – Firewall Auto Update Script
We have published a malicious ip blacklist for free! Combined dshield and spamhaus malicious blacklists formatted for Mikrotik RouterOS .r...
-
We have published a malicious ip blacklist for free! Combined dshield and spamhaus malicious blacklists formatted for Mikrotik RouterOS .r... -
A MikroTik router with DNS feature enabled can be set as a DNS server for any DNS-compliant client. Moreover, MikroTik router can be specifi...
-
# The following creates a PPTP and L2TP VPN server on the MikroTik: # !!! YOU MUST UPDATE DNS IN /PPP PROFILE TO THE CUSTOMERS ISP DNS ...
No comments:
Post a Comment