Scribd
Upload
79 views9 pages

Membangun Gateway Dan Proxy Server DHCP Server

1. The document provides instructions for setting up a gateway server on Mikrotik Router and a proxy server on Debian 10. It describes how to configure the IP addresses, interfaces, NAT, DHCP server on the gateway and install and configure Squid proxy on the Debian server. 2. It also explains how to use Squid proxy for blocking access to certain websites by creating a blocklist file and configuring ACLs in Squid. 3. The document ends by describing how to configure firewall on the Mikrotik router to redirect all traffic to the proxy server.

Uploaded by

Hasan Samsuddin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
79 views9 pages

Membangun Gateway Dan Proxy Server DHCP Server

1. The document provides instructions for setting up a gateway server on Mikrotik Router and a proxy server on Debian 10. It describes how to configure the IP addresses, interfaces, NAT, DHCP server on the gateway and install and configure Squid proxy on the Debian server. 2. It also explains how to use Squid proxy for blocking access to certain websites by creating a blocklist file and configuring ACLs in Squid. 3. The document ends by describing how to configure firewall on the Mikrotik router to redirect all traffic to the proxy server.

Uploaded by

Hasan Samsuddin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

JOBSHEET LATIHAN PERSIAPAN UJI KOMPETENSI KEJURUAN

TEKNIK KOMPUTER DAN JARINGAN


MEMBANGUN GATEWAY DAN PROXY SERVER
LANGKAH 1 : MEMBANGUN SERVER GATEWAY DI MIKROTIK-ROUTER

Konfigurasi Identitas Server

# system identity set name = nama_siswa

Konfigurasi set admin password

# user set admin password = tkj

Konfigurasi Interface Ethernet

# interface ethernet print

Konfigurasi IP Address

# ip address add address=10.100.1.230/24 interface=ether1 ( IP Internet/Disesuaika dengan ISP )

# ip address add address = 192.168.100.1/26 interface=ether2 ( IP LAN )

Routing ke Gateway Internet

# ip route add gateway=<ip gateway internet/modem>

Konfigurasi NAT pada firewall

# ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

Konfigurasi DHCP Server

# ip dhcp-server setup

dhcp server interface =ether2

dhcp server space = 192.168.100.0/26

gateway for dhcp network = 192.168.100.1

addressses to give out = 192.168.100.2-192.168.100.62

dns servers = < ketikkan dns server yg ada >

leases time = 3d

LANGKAH 2 : MEMBANGUN SERVER PROXY DI DEBIAN 10 (BUSTER)

1. Install Debian 10 Buster


2. Konfigurasi IP Address Server

Pertama silahkan login menggunakan user root

debian@debian:~$ su -
Password: [Masukan Password]
root@debian:~#

Hal pertama yang harus kita lakukan adalah konfigurasi IP Address pada system kita, untuk file
konfigurasi IP Address pada Debian adalah interfaces yang berada pada direktori  /etc/network/
Konfigurasi IP Address secara statis

root@debian:~# nano /etc/network/interfaces

# This file describes the network interfaces available on your system


# and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug enp0s3
auto enp0s3
iface enp0s3 inet static
address 192.168.100.2
netmask 255.255.255.0
network 192.168.100.0
gateway 192.168.100.1
broadcast 192.168.100.255

Simpan konfigurasi, lalu restart networking.

root@debian:~# systemctl restart networking.service

Cek status konfigurasi network

root@debian:~# systemctl status networking.service


● networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor prese
Active: active (exited) since Tue 2020-10-06 21:07:07 WIB; 24s ago
Docs: man:interfaces(5)
Process: 582 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0
Main PID: 582 (code=exited, status=0/SUCCESS)
Oct 06 21:07:07 debian systemd[1]: Starting Raise network interfaces...
Oct 06 21:07:07 debian systemd[1]: Started Raise network interfaces.

Untuk melihat IP Address jalankan perintah ip a

root@debian:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 08:00:27:8d:2f:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe8d:2f17/64 scope link
valid_lft forever preferred_lft forever

Jika rekan-rekan ingin mendisable IPv6 silahkan buka file sysctl.conf

root@debian:~# nano /etc/sysctl.conf

Lalu tambahkan script seperti dibawah ini.

###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
net.ipv6.conf.all.disable_ipv6 = 1

Simpan konfigurasi lalu jalankan perintah sysctl –p

root@debian:~# sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1

Untuk mengecek IP Address jalankan ip a. Bisa dilihat sekarang IPv6 sudah tidak aktif.

root@debian:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 08:00:27:8d:2f:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.0.255 scope global enp0s3
valid_lft forever preferred_lft forever
Test ping ke Internet, disini saya coba test ping ke detik.com pastikan Server sudah terhubung ke
internet.

root@debian:~# ping -c 4 detik.com


PING detik.com (203.190.242.211) 56(84) bytes of data.
64 bytes from s2-211-242.190.203.detik.com (203.190.242.211): icmp_seq=1 ttl=49
time=54.1 ms
64 bytes from s2-211-242.190.203.detik.com (203.190.242.211): icmp_seq=2 ttl=49
time=37.7 ms
64 bytes from s2-211-242.190.203.detik.com (203.190.242.211): icmp_seq=3 ttl=49
time=42.4 ms
64 bytes from s2-211-242.190.203.detik.com (203.190.242.211): icmp_seq=4 ttl=49
time=58.4 ms
--- detik.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 37.715/48.157/58.364/8.399 ms

3. Instalasi Paket Proxy

root@debian:~# apt update


root@debian:~# apt install squid

4. Konfigurasi Proxy Server

Lakukan backup file squid.conf pada /etc/squid dengan perintah :

root@debian:~# cp /etc/squid/squid.conf squid.conf.asli

Setelah mem-backup, ketikkan perintah : nano /etc/squid.conf

root@debian:~# nano /etc/squid/squid.conf

Untuk mengizinkan akses server proxy HTTP bagi siapa saja, buka baris yang berisi string
“http_access deny all” dan ubah menjadi “http_access allow all” . dengan mengetikan perintah
“ctrl-w” pencarian pada editor nano
Menjadi

Kemudian cari teks atau string “http_access deny localnet” kemudian rubah “http_access allow
localnet”

cari teks atau string “http_access deny localhost” kemudian rubah “http_access allow localhost”

Perhatikan gambar dibawah

Dengan mengetikan perintah “systemctl restart squid”


Jika tidak ada masalah maka akan muncul seperti gambar dibawah ini :

Kemudian cek status squid dengan mengetikan perintah “systemctl status squid”, jika muncul
gambar seperti dibawah ini, maka status squid aktif dan tidak ada masalah

Kemudian konfigurasi acl squid, untuk mempercepat pencarian ketikkan “ctrl + w” kemudian
ketikkan “acl”. Perhatikan gambar dibawah ini

Simpan file dan restart squid.

5. Pengaturan Blocking Site

Gunakan Proxy Squid untuk memblokir akses ke situs web tertentu.

Untuk memblokir akses ke situs web tertentu menggunakan Squid, buat file baru bernama blokir.txt
di lokasi yang sama dengan squid.conf. untuk membuat file blokir.txt lakukan perintah :
touch /etc/squid/blokir.txt

Sekarang tentukan situs web yang ingin Anda blokir dengan menyebutkan alamatnya dimulai
dengan titik. Perhatikan gambar berikut :

Simpan dan keluar dari editor nano

Kembali ke buka file squid.conf dengan mengetikan : nano /etc/squid/squid.conf

Sekarang buka kembali file konfigurasi squid dan ketik baris teks “acl blocked_websites
dstdomain”. Tambahkan lokasi file “blockir.txt” di sini seperti gambar di bawah ini:

Juga tambahkan baris “http_access deny blockir_website” perhatikan gambar di bawah ini :

Simpan file dan restart squid


6. Konfigurasi Firewall di Mikrotik untuk membelokkan seluruh traffic ke proxy

Pengaturan ini penting, karena nantinya seluruh akses menuju jaringan lan akan dipaksakan
langsung ke proxy terlebih dahulu agar terjadi HIT (cache terekam) dan fungsi filtering.

Pengaturan ini dilakukan di mikrotik (router )

admin@routerku >/ ip firewall nat add chain = dstnat srcaddress=192.168.100.0/26 in-


interface=ether1 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.100.10
toports=3128

perhatikan gambar berikut :

Silahkan untuk dipelajari dan dipraktekkan.

You might also like