05 January 2011

DEBIAN 5.0.7 LENNY : Simple Gateway

DEBIAN 5.0.7 Lenny isa di dapatkan di sini :

http://kambing.ui.ac.id/iso/debian/current/i386/iso-cd/debian-507-i386-netinst.iso

WAN IP :192.168.1.1/24
LAN IP : 192.168.0.0/24
DNS ISP : 8.8.8.8
(pake punya google)

Bakar/burning .iso file tadi, kemudian install seperti biasa.


Konfigurasi simple :

Konfigurasi IP untuk masing-masing ethernet card, eth0 dan eth1

Edit file /etc/network/interfaces

#ke Localhost
auto lo
iface lo inet loopback

#ke WAN
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8

#ke LAN
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0

Untuk  resolv DNS bisa juga manual dengan cara menambahkan file /etc/resolv.conf yang isinya seperti ini :

nameserver 8.8.8.8

Update repositori
edit file /etc/apt/sources.list (kasi tanda # semuanya) dan tambahkan repo kambing

deb http://kambing.ui.ac.id/debian lenny main contrib non-free

kemudian jalankan perintah dibawah ini
apt-get update

Aktifkan NAT
edit file /etc/sysctl.conf

net.ipv4.ip_forward = 1

kemudian jalankan perintah ini :

sysctl -p /etc/sysctl.conf

Setelah itu restart network yang ada dengan perintah sebagai berikut :

/etc/init.d/networking restart

Install SSH Server

apt-get install openssh-server

Install Monitoring Tool

apt-get install htop iftop iptraf

Install Proxy Server

apt-get install squid squidclient

Konfigurasi iptables untuk NAT
NAT, jalankan perintah ini:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Transparant Proxy

iptables -A PREROUTING -t nat -p tcp --dport 8080 -j REDIRECT --to-port 3128

Simpan rule firewall / iptables diatas :

iptables-save -c > /etc/iptables.conf

Agar setiap kali server di restart atau network di restart aturan iptables di atas di jalankan, edit file /etc/network/interfaces dan tambahkan baris berikut :

post-down iptables-save -c > /etc/iptables.conf
pre-up iptables-restore < /etc/iptables.conf

Jadi hasil akhir dari file /etc/network/interfaces seperti ini :

auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8
post-down iptables-save -c > /etc/iptables.conf
pre-up iptables-restore < /etc/iptables.conf

Konfigurasi Proxy Server menggunakan squid
ubah file /etc/squid/squid.conf menjadi /etc/squid/squid.conf-default


mv /etc/squid/squid.conf /etc/squid/squid.conf-default

buat file konfigurasi baru untuk squid proxy server

nano /etc/squid/squid.conf

dan paste kode konfigurasi contoh squid.conf dibawah ini :


http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 64 MB
maximum_object_size 128000 KB
minimum_object_size 0 KB
cache_dir diskd /var/spool/squid 50000 16 256
cache_store_log none
#cache_access_log /var/log/squid/access.log
cache_access_log none
half_closed_clients off
cache_swap_high 100%
cache_swap_low 80%
log_mime_hdrs off
forwarded_for off
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl mynetwork src 192.168.0.0/255.255.255.0
http_access allow mynetwork
http_access allow localnet
http_access allow localhost
http_reply_access allow all
icp_access allow all
visible_hostname Server@LENNY
#append_domain .javanet.net
err_html_text bayu@blitar.org
memory_pools off
coredump_dir /var/spool/squid
ie_refresh on

Restart squid proxy server

/etc/init.d/squid restart

Selesai.

5 comments:

Bamboo-net said...

pak dhe wes tak jajal, trs carane nat mikrotik nang ngisore proxy pye?

bayu said...

wis..
cekidot

http://bayu.blitarian.com/2011/01/debian-dnat-ke-lokal-server.html

abror said...

mas bayu lek proxy sejajar lan dengan satu lancard gimana?? apakah sama settingan utuk proxy nya....

bayu said...

sama aja mas, kecuali minus NAT

yg penting mesin proxy, isa akses ke internet, meskipun pake 1 ethernet gak masalah.

yino said...

kang bayou...klo debian di aktifkan nat dgn 1 eth bs g?