I cant to understand about you honey

Setting Web-Proxy dengan Mikrotik
web proxy dengan menggunakan SquidNT

konfigurasi jaringan

internet
|
|
mikrotik = Internet= 192.10.11.1
| Lan = 192.168.0.1
|
|
switch/hub—-Client = 192.168.0.2-192.168.0.11
|
|
Web proxy SquidNT= 192.168.0.12 (multi fungsi dengan billing server)

dan ini settingan Mikrotik

[admin@XXXXX] > ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Sharing Internet
chain=srcnat out-interface=WAN_eth1 src-address=192.168.0.0/24
action=masquerade
1 ;;; Web Proxy
chain=dstnat in-interface=LOKAL LAN_eth3 protocol=tcp dst-port=80
src-address-list=Ip_List_Web_ProXy action=redirect to-ports=8080
#=============================
[admin@XXXXX] > ip web-proxy pr
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “BagusNet”
transparent-proxy: yes
parent-proxy: 192.168.0.1:3128
cache-administrator: “Situs_Porno_Ngak_Dapat_Di_Akses_Selama_Bulan_Puasa_
By_sherayusuf@localhost”

max-object-size: 10000KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 5269504KiB
reserved-for-ram-cache: 25600KiB
#=============================
[admin@XXXXX] > ip proxy pr
enabled: yes
port: 3128
parent-proxy: 0.0.0.0:1
maximal-client-connecions: 1000
maximal-server-connectons: 1000

dan ini settingan Squid.conf saya

http_port 8080
http_port 3128
#http_port 80
icp_port 3130

#====================================================
# TAG: hierarchy_stoplist
# A list of words which, if found in a URL, cause the object to
# be handled directly by this cache. In other words, use this
# to not query neighbor caches for certain objects. You may
# list this option multiple times.
#We recommend you to use at least the following line.
#=====================================================
hierarchy_stoplist cgi-bin ? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost visicom indosat.net.id
no_cache deny QUERY
#============================================================$
# OPTION UKURAN CACHE
#============================================================$
cache_mem 64 MB
maximum_object_size 16 MB
maximum_object_size_in_memory 128 KB
minimum_object_size 2 KB
fqdncache_size 1024
cache_swap_low 98%
cache_swap_high 99%
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
high_memory_warning 70 MB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
#============================================================$
# DIREKTORI LOG DAN CACHE
#============================================================$
cache_access_log c:/squid/var/logs/access.log
cache_log c:/squid/var/logs/cache.log
cache_store_log c:/squid/var/logs/store.log
mime_table c:/squid/etc/mime.conf
pid_filename c:/squid/var/logs/squid.pid
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off
#============================================================$
# TIMEOUT
#============================================================$
half_closed_clients off
#============================================================$
# FTP section
#============================================================$
ftp_passive on
ftp_sanitycheck on
#============================================================$
# DNS resolution section
#============================================================$
dns_nameservers 127.0.0.1/8 202.72.208.8/29 202.149.69.254/24
#============================================================$
# AUTH section
#============================================================$
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#============================================================$
# Refresh Rate TUNING CACHE PROXY
#============================================================$
refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern \.png 4320 50% 43200
refresh_pattern \.jpeg 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*korea.*/.* 720 100% 4320
refresh_pattern ^http://*.akamai.*/.* 720 100% 4320
refresh_pattern ^http://*.windowsmedia.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
refresh_pattern ^ftp: 10080 95% 40320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims override-lastmod
negative_ttl 1 minutes

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100%

#============================================================$
# ACL section AKSES KONTROL
#============================================================$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl mikrotik src 192.168.0.1
acl localnet src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl localhost src 127.0.0.1/255.255.255.255
#acl our_networks src 192.168.0.0/24 192.10.11.0/24 202.72.208.8/29
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 5004 # telnet Mikrotik bima dan bagus net
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl blokdomain dstdomain -i regex “C:\squid\etc\blocklist.txt”
#acl blokdomain dstdomain “C:\squid\etc\blocklist.txt”
acl blocker dstdomain -i regex “c:\squid\etc\blocklist.txt”

#acl ipblok dst “C:\squid\etc\blocklist.txt”
acl porno url_regex -i “C:\squid\etc\blocklist.txt”
no_cache deny porno
acl noporno url_regex -i “C:\squid\etc\nonporno.txt”
http_access deny porno all
#http_access deny ipblok
http_access deny blokdomain
#http_access deny files
http_access allow manager localhost
http_access deny manager
http_access allow noporno all
http_access allow localnet
http_access allow localhost
#http_access deny blocker
http_access allow mikrotik

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT
#http_access deny all

maximum_object_size 10240 KB
maximum_object_size_in_memory 32 KB
minimum_object_size 4 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
fqdncache_size 4096
shutdown_lifetime 10 second
cachemgr_passwd flashdisk
cache_effective_user squid
cache_effective_group squid
memory_pools off
buffered_logs off
log_icp_queries off
logfile_rotate 0
log_fqdn off
forwarded_for on
icp_hit_stale on
query_icmp on
reload_into_ims on
emulate_httpd_log off
negative_ttl 2 minutes
pipeline_prefetch on
vary_ignore_expire on
half_closed_clients off
high_memory_warning 32 MB
high_response_time_warning 2000
high_page_fault_warning 2
cache_mgr Selama_Bulan_Puasas_Situs_Porno_tidak_dapat_Di_Akses_By_yusuf_sexerchivest@yahoo.com
visible_hostname bagusnet_proxy_web_filter_by_yusuf
header_access Accept-Encoding deny all
#============================================================$
# Transparent proxy setting
#============================================================$
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
httpd_accel_single_host off
half_closed_clients off
#forwarded_for on

#============================================================$
# MISCELLANEOUS
#============================================================$
logfile_rotate 3
negative_ttl 2 minutes
#digest_rebuild_period 30 minute
#digest_rewrite_period 30 minute
#digest_swapout_chunk_size 4096 bytes
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 5 seconds
cachemgr_passwd flashdisk
ie_refresh on
cache_effective_user proxy
cache_effective_group proxy

Setting Queue Simple

auto”>[admin@XXXXXXqueue simple> pr
Flags: X - disabled, I - invalid, D - dynamic
0 X name=”Operator-iix” target-addresses=192.168.0.12/32
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-iix
direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=0/0 total-queue=default-small

1 X name=”Operator-intl” target-addresses=192.168.0.12/32
dst-address=0.0.0.0/0 interface=all parent=none packet-marks=paket-intl
direction=both priority=8 queue=default-small/default-small
limit-at=0/0 max-limit=0/0 total-queue=default-small

2 name=”bagus1-iix” target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=paket-iix direction=both
priority=8 queue=default-small/default-small limit-at=0/0
max-limit=256000/384000 total-queue=default-small

Setting IP firewall

[admin@xxxxxx] ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Pisahin INT sama IIX
chain=prerouting in-interface=LOKAL LAN_eth3 dst-address-list=nice
action=mark-connection new-connection-mark=con-iix passthrough=yes

1 chain=prerouting connection-mark=con-iix action=mark-packet
new-packet-mark=paket-iix passthrough=no

2 chain=prerouting action=mark-packet new-packet-mark=paket-intl
passthrough=no

3 X ;;; ICMP
chain=forward protocol=icmp action=mark-connection
new-connection-mark=icmp_conn passthrough=yes

4 X chain=prerouting connection-mark=icmp_conn action=mark-packet
new-packet-mark=icmp passthrough=yes

5 X chain=prerouting packet-mark=icmp action=mark-packet
new-packet-mark=icmp_other passthrough=yes