Pfsense-zph - Cara Praktis dan cepat, modifikasi untuk PFsense 2 agar berfungsi optimal sebagai prox

A. Tunning Performance Proxy : Lusca B. Hotspot captiveportal Logout popup window : - Counter waktu koneksi - Menampilkan Informasi : username 2. bandwidth up / down, 3. MAC address, 4. IP address, 5. client yg telah konek saat mulai login, 6. url yg dituju. C. Penambahan fitur squid utk Memblok : url berpotensi merusak dan yg mengandung virus conficker, sesuai www.malwarepatrol.net, serta penambahan "safesearch" di beberapa search engine. D. Bandwidth Limiter dengan Squid ZPH (Zero Penalty Hit) berlaku utk semua user yang melalui CP, "allowed IP" address dan "allowed mac address". Untuk mengaktifkan fitur bandwidth limiter wajib mengaktifkan captiveportal, walaupun tidak menggunakan login page. E. Traffic Shapping dan list port dalam bentuk alias untuk Game Online. F. Penyempurnaan safesearch pada squidGuard http://forum.pfsense.org/index.php/topic,26862.0.html Persyaratan : Pfsense beta5 snapshot 32 / 64 bit februari atau pfsense 2.0 dengan paket yang wajib diinstall : 1. Lusca-cache http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Lusca 2. backup Untuk hasil terbaik, rekomendasi paket lain yang diinstall : 1. lightsquid 2. squidGuard Hardware minimal : Intel P4 RAM 1GB, dengan HDD 80GB, 2 NIC Recommendasi : Dual Core, 2GB, 2HDD SATA. Topologi : ADSL --(WAN) -- pfsense --(LAN) --- Switch --- akses point /client Cara Penggunaan : Download PFsense 2.0 www.pfsense.org Instalasi awal lihat di http://forum.pfsense.org/index.php/topic,18932.0.html 1. Install dari package manager : --> 1. squid 2. squidGuard , lalu Install lusca chuddy sesuai dengan petunjuk http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Lusca Setting proxy server - proxy interface LAN - Allow users on interface : v - Transparent proxy : v - Log store directory : /var/squid/log - Transparent X-Forward : v - Disable VIA : v - Use alternate DNS-servers for the proxy-server : 127.0.0.1 - Custom Options : zph_mode tos;zph_local 0x04;zph_parent 0;zph_option 136; Proxy server: Traffic management --> disable dellay pool Untuk menambah extra HDD khusus untuk proxy, supaya lebih garang, bisa mengikuti tutorial di http://doc.pfsense.org/index.php/Local_Disk_Storage_on_Embedded_(soekris) Setting squidGuard Blacklist : v Blacklist URL : http://squidguard.mesd.k12.or.us/blacklists.tgz Common ACL : Target Rules -- > Default access : allow, yang lain terserah kebutuhan... 2. Aktifkan DNS forwarder (terlebih dulu masukkan IP DNS pada System:General Setup) atau bisa menggunakan unbound DNS Jika memasang paket unbound DNS, pastikan set : Enable Unbound dan Services: DNS forwarder disable - network interface : pilih loopback dan LAN. - Enable DNSSEC - Private Address support - Register DHCP static mappings DHCP server, masukkan dns server dan gateway : IP sisi LAN dari pfsense. 3. Update Paket File silakan download di sini http://pfsense-zph.googlecode.com/files/pfsense.bak.12feb.tgz Kemudian melalui package manager install "BACKUP" Diagnostic -- > Backup File/Dir -- > browse masukkan file pfsense.bak.tgz (file yg telah didownload) ---> upload --- > restore ... 4. Aktifkan captiveportal. "Enable logout popup window" dan "Enable per-user bandwidth restriction" isi BW upload dan downloadnya .. Kosongkan "Logout page contents" Untuk WARNET, jika menginginkan PC client tidak mau ada halaman login, maka masukkan IP atau MAC addressnya ke allowed IP / MAC, lengkapi dengan pengaturan banwidthnya. Lakukan juga untuk PC billing Setelah itu restart squid dan captiveportal atau dng reboot system. 5. Traffic shapper dan Rule firewall : (butuh 3x restore dan reboot) 5.1. Rule firewall ---> http://pfsense-zph.googlecode.com/files/filter-config-pfsense.xml WEBGUI: Diagnostic -- > Backup/Restore Restore configuration Restore area --> firewall rule Reboot 5.2. Traffic Shapping --> http://pfsense-zph.googlecode.com/files/shaper-config-pfsense.xml WEBGUI: Diagnostic -- > Backup/Restore Restore configuration Restore area --> Traffic shapper Reboot 5.3. alias utk game online -- > http://pfsense-zph.googlecode.com/files/aliases-config-pfsense-game-online.xml WEBGUI: Diagnostic -- > Backup/Restore Restore configuration Restore area --> alias Reboot 6. Setiap kali install ulang paket lusca / squid / squidGuard ataupun update snapshot, pastikan setelah itu update patch-nya lagi Silakan cek kalau youtube masuk proxy seharusnya di traffic graph akan menembus batas kecepatan dari captiveportalnya. (lihat di gbr) Tampilkan Status: ---> Queues untuk melihat bahwa traffic shapping bekerja .. pengujian lain : tcpdump -nvi re0 | grep 'tos 0x4' re0 bisa disesuaikan dng interface LAN, misal xl0, rl0, dsb ... ketik ipfw list perhatikan yg muncul adalah list dari rule lalu ketik ipfw pipe show perhatikan yg muncul adalah list dari pipe Selamat Mencoba. Salam, Kurnianto



http://code.google.com/p/pfsense-zph

Bookmark and Share          1269



comments powered by Disqus


Related Products

pfSense - Firewall and Routing platform

pfSense is a powerful, flexible firewalling and routing platform. It includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a stateful firewall, by default all rules are stateful. A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

Read more

wipfw

wipfw - IPv4 packet filter and traffic shaper for Windows based on IPFW(FreeBSD firewall).

Read more

nginx - HTTP and reverse proxy server

nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. It supports accelerated reverse proxying with caching, simple load balancing and fault tolerance, SSL and TLS SNI support, Name-based and IP-based virtual servers and lot more.

Read more

shadowsocks - a lightweight tunnel proxy which can help you get through firewalls

a lightweight tunnel proxy which can help you get through firewalls

Read more

SmoothWall - Express Open Source Firewall Project

SmoothWall is a open source Firewall distribution. It Supports LAN, DMZ, and Wireless networks, Static Ethernet, DHCP Ethernet, PPPoE, PPPoA using various USB and PCI DSL modems. It provides traffic stats, POP3 email proxy with Anti-Virus, Web proxy for accelerated browsing and lot more.

Read more

Zentyal - Linux Small Business Server

Zentyal is a Linux Small Business Server, good alternative Windows Business Server. Zentyal can act as a Gateway, Infrastructure Manager, Unified Threat Manager, Office Server, Unified Communication Server or a combination of them. It is built on Ubuntu Linux distribution. This package includes LDAP server, Mail server, Firewall, Network infrastructure, VPN support, Web server, File server, Print server, FTP server, Groupware, VoIP server, Virtual Machines management and lot more.

Read more

Varnish - Web Application Accelerator.

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.

Read more

Squid - HTTP reverse proxy optimizes web delivery

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Cached content means data is served locally and users will see this through faster download speeds with frequently-used content.

Read more

OWASP Joomla Vulnerability Scanner Project

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

Read more

Subversion

Subversion is an open source version control system. Founded in 2000 by CollabNet, Inc., the Subversion project and software have seen incredible success over the past decade. The open source community has used Subversion widely: for example in projects such as Apache Software Foundation, Free Pascal, FreeBSD, GCC, Django, Ruby, Mono, SourceForge, ExtJS, Tigris.org, PHP and MediaWiki. Google Code also provides Subversion hosting for their open source projects.

Read more

Related Tags
Browse projects by tags.

We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs.