Archive for July 17, 2010

TmNet DNS servers

202.188.1.5
202.188.0.133
202.188.1.4
202.188.0.132

Jaring DNS servers

192.228.128.20
192.228.128.18
192.228.128.16
161.142.227.17
61.6.38.139
161.142.2.17
161.142.212.17

TimeNet DNS servers

203.121.16.85
203.121.16.120

Open DNS  Server (overseas)

208.67.222.222
208.67.220.220

add from

http://blog.datakl.com/2009/05/dns-isp/

Thanks to SiXtoSiX Cyber Cafe.

If some want to use this squid.conf please use you “BRAIN” to reconfigure

This script is for guide only.

# Transparent Proxy : Squid 2.7 use “transparent”, Squid 3 use “intercept”.
http_port 44445 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
memory_replacement_policy heap GDSF
#memory_replacement_policy lru
cache_replacement_policy lru
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
cache_dir ufs /maui1/squid_cache 2500 16 256
cache_access_log /var/log/squid.log
#cache_log /var/log/squid.log
#cache_store_log /var/log/squid.log
#cache_access_log /dev/null
cache_log /dev/null
cache_store_log /dev/null
log_ip_on_direct off
pid_filename /usr/local/squid/logs/squid.pid
client_netmask 255.255.255.0
ftp_user XXXXXX
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
dns_nameservers 127.0.0.1 83.170.64.2 8.8.8.8
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet0 src 192.168.1.0/255.255.255.0
acl acsnet0 src 63.87.170.71/255.255.255.255
acl acsnet1 src 58.26.12.35/255.255.255.255
acl tmnet0 src 60.0.0.0/255.0.0.0
acl tmnet1 src 203.0.0.0/255.0.0.0
acl tmnet2 src 124.0.0.0/255.0.0.0
acl tmnet3 src 118.0.0.0/255.0.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 82          # torrent
acl Safe_ports port 83          # webui
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access allow localnet0
http_access allow acsnet0
http_access allow acsnet1
#http_access allow tmnet0
#http_access allow tmnet1
#http_access allow tmnet2
#http_access allow tmnet3
http_access deny all
http_access allow Safe_ports
http_access deny !Safe_ports
http_access allow SSL_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all
reply_header_max_size 20 KB
reply_body_max_size 0 allow all
# —– user-agent spoofing
# —– bypass tmnet international torrent tracker/seeder block
header_access User-Agent deny all
# —– Firefox 3 on X11 FreeBSD user-agent string
#header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/2009060215 Firefox/3.0.11
# —– Firefox 3.5 on X11 FreeBSD user-agent string
#header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/20090624 Firefox/3.5
# —– Firefox 3.5.5 on X11 FreeBSD user-agent string
header_replace User-Agent Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
# —– Firefox 3 on Windows XP
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
# —– Firefox 3.5 on Windows XP
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
# —– Firefox 3.5 on Windows Vista
#header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
# —– IE7 on Windows XP
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
# —– IE7 on Windows Vista user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
# —– IE8 on Windows Vista user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
# —– IE8 on Windows 7 user-agent string
#header_replace User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
# —– end of user-agent spoofing
cache_mgr starbucks.mine.nu
cache_effective_user squid
cache_effective_group squid
client_db off
maximum_single_addr_tries 3
coredump_dir /usr/local/squid/cache
pipeline_prefetch off
request_entities off
request_body_max_size 0 KB
ie_refresh off
# to disable/bypass caching, only proxy.
# cache deny all

# Facebook cache { thanks to MaUi}

server_http11 on

thanks to Red Antigua

# Modify /etc/rc.conf
echo ‘# IPFILTER enabled’ >> /etc/rc.conf
echo ‘ipfilter_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipfilter_program=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfilter_rules=”/etc/ipf.rules”‘ >> /etc/rc.conf
echo ‘ipfilter_flags=””‘ >> /etc/rc.conf
echo ‘# IPNAT enabled’ >> /etc/rc.conf
echo ‘ipnat_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipmon_enable=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfs_enable=”/sbin/ipf”‘ >> /etc/rc.conf
# ipfilter rules for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Allow ALL , loopback’ > /etc/ipf.rules
echo ‘pass in on lo0 all’ >> /etc/ipf.rules
echo ‘pass out on lo0 all’ >> /etc/ipf.rules
echo ‘## Allow ALL, fxp0’ >> /etc/ipf.rules
echo ‘pass in on fxp0 all’ >> /etc/ipf.rules
echo ‘pass out on fxp0 all’ >> /etc/ipf.rules
# ipnat rule for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Redirect incoming TCP traffic port 80 on fxp0 to port 3128 (Squid)’ > /etc/ipnat.rules
echo ‘rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp’ >> /etc/ipnat.rules
# Recompile kernel with ipfilter support, increase the NMBCLUSTERS parameter
cd /sys/i386/conf
cp GENERIC IPFILTER
echo ‘options IPFILTER #ipfilter support’ >> IPFILTER
echo ‘options IPFILTER_LOG #ipfilter logging’ >> IPFILTER
echo ‘options NMBCLUSTERS=32768 #set max mbufs, check with netstat -m’ >> IPFILTER
/usr/sbin/config IPFILTER
cd ../../compile/IPFILTER
make depend
make
make install
reboot
# Squid as transparent cache
# Build
gunzip -c squid-2.5.STABLE6.tar.gz |tar -xf –
cd squid-2*
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent
# Build with WCCP support:
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent –enable-wccp
make all
make install
# Configure /usr/local/squid/etc/squid.conf:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Cache dir size (45000 = 45 GB in this example, don’t use more than half the partition size)
cache_dir ufs /usr/local/squid/var/cache 45000 16 256
#Max object size in memory
cache_mem 64 MB
#Max object size on disk
maximum_object_size 200000 KB
maximum_object_size_in_memory 128 KB
# Disable store.log
cache_store_log none
# The following line requires WCCP on your router redirecting the web traffic to Squid
wccp_router YOUR.ROUTER.IP.HERE
# Startup script
cp squid.sh /usr/local/etc/rc.d/squid.sh
chmod 755 /usr/local/etc/rc.d/squid.sh
# Log file permissions
chown -R nobody:nobody /usr/local/squid/var/logs
# Create cache
mkdir /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/cache
/usr/local/squid/sbin/squid -z
# If the following error:
# FATAL: Could not determine fully qualified hostname. Please set ‘visible_hostname’
# then edit squid.conf:
visible_hostname squid.YOURDOMAINHERE.com
# Start Squid
/usr/local/etc/rc.d/squid.sh start
# Web tools
– Install Apache, configure to run on port 8080
– Install rrdtool from ports, /usr/ports/net/rrdtool
– Install webalizer from ports, /usr/ports/www/webalizer, configure to use squid.conf and incremental log
# Cron jobs
# Run webalizer a quarter to midnight only, as during the day it affects the traffic
45 23 * * * /usr/local/bin/webalizer
# Rotate squid log file at 0:00 AM (midnight)
0 0 * * * /usr/local/squid/sbin/squid -k rotate