Scribd
Upload
87 views9 pages

Membangun Gateway Dan Proxy Server DHCP Server

1. The document provides instructions for setting up a gateway server on Mikrotik Router and a proxy server on Debian 10. It describes how to configure the IP addresses, interfaces, NAT, DHCP server on the gateway and install and configure Squid proxy on the Debian server. 2. It also explains how to use Squid proxy for blocking access to certain websites by creating a blocklist file and configuring ACLs in Squid. 3. The document ends by describing how to configure firewall on the Mikrotik router to redirect all traffic to the proxy server.

Uploaded by

Hasan Samsuddin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
87 views9 pages

Membangun Gateway Dan Proxy Server DHCP Server

1. The document provides instructions for setting up a gateway server on Mikrotik Router and a proxy server on Debian 10. It describes how to configure the IP addresses, interfaces, NAT, DHCP server on the gateway and install and configure Squid proxy on the Debian server. 2. It also explains how to use Squid proxy for blocking access to certain websites by creating a blocklist file and configuring ACLs in Squid. 3. The document ends by describing how to configure firewall on the Mikrotik router to redirect all traffic to the proxy server.

Uploaded by

Hasan Samsuddin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

JOBSHEET LATIHAN PERSIAPAN UJI KOMPETENSI KEJURUAN

TEKNIK KOMPUTER DAN JARINGAN


MEMBANGUN GATEWAY DAN PROXY SERVER
LANGKAH 1 : MEMBANGUN SERVER GATEWAY DI MIKROTIK-ROUTER

Konfigurasi Identitas Server

# system identity set name = nama_siswa

Konfigurasi set admin password

# user set admin password = tkj

Konfigurasi Interface Ethernet

# interface ethernet print

Konfigurasi IP Address

# ip address add address=[Link]/24 interface=ether1 ( IP Internet/Disesuaika dengan ISP )

# ip address add address = [Link]/26 interface=ether2 ( IP LAN )

Routing ke Gateway Internet

# ip route add gateway=<ip gateway internet/modem>

Konfigurasi NAT pada firewall

# ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

Konfigurasi DHCP Server

# ip dhcp-server setup

dhcp server interface =ether2

dhcp server space = [Link]/26

gateway for dhcp network = [Link]

addressses to give out = [Link]-[Link]

dns servers = < ketikkan dns server yg ada >

leases time = 3d

LANGKAH 2 : MEMBANGUN SERVER PROXY DI DEBIAN 10 (BUSTER)

1. Install Debian 10 Buster


2. Konfigurasi IP Address Server

Pertama silahkan login menggunakan user root

debian@debian:~$ su -
Password: [Masukan Password]
root@debian:~#

Hal pertama yang harus kita lakukan adalah konfigurasi IP Address pada system kita, untuk file
konfigurasi IP Address pada Debian adalah interfaces yang berada pada direktori  /etc/network/
Konfigurasi IP Address secara statis

root@debian:~# nano /etc/network/interfaces

# This file describes the network interfaces available on your system


# and how to activate them. For more information, see interfaces(5).
#source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug enp0s3
auto enp0s3
iface enp0s3 inet static
address [Link]
netmask [Link]
network [Link]
gateway [Link]
broadcast [Link]

Simpan konfigurasi, lalu restart networking.

root@debian:~# systemctl restart [Link]

Cek status konfigurasi network

root@debian:~# systemctl status [Link]


● [Link] - Raise network interfaces
Loaded: loaded (/lib/systemd/system/[Link]; enabled; vendor prese
Active: active (exited) since Tue 2020-10-06 [Link] WIB; 24s ago
Docs: man:interfaces(5)
Process: 582 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=0
Main PID: 582 (code=exited, status=0/SUCCESS)
Oct 06 [Link] debian systemd[1]: Starting Raise network interfaces...
Oct 06 [Link] debian systemd[1]: Started Raise network interfaces.

Untuk melihat IP Address jalankan perintah ip a

root@debian:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback [Link] brd [Link]
inet [Link]/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether [Link] brd [Link]
inet [Link]/24 brd [Link] scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe8d:2f17/64 scope link
valid_lft forever preferred_lft forever

Jika rekan-rekan ingin mendisable IPv6 silahkan buka file [Link]

root@debian:~# nano /etc/[Link]

Lalu tambahkan script seperti dibawah ini.

###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See [Link]
# for what other values do
#[Link]=438
[Link].disable_ipv6 = 1

Simpan konfigurasi lalu jalankan perintah sysctl –p

root@debian:~# sysctl -p
[Link].disable_ipv6 = 1

Untuk mengecek IP Address jalankan ip a. Bisa dilihat sekarang IPv6 sudah tidak aktif.

root@debian:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback [Link] brd [Link]
inet [Link]/8 scope host lo
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether [Link] brd [Link]
inet [Link]/24 brd [Link] scope global enp0s3
valid_lft forever preferred_lft forever
Test ping ke Internet, disini saya coba test ping ke [Link] pastikan Server sudah terhubung ke
internet.

root@debian:~# ping -c 4 [Link]


PING [Link] ([Link]) 56(84) bytes of data.
64 bytes from [Link] ([Link]): icmp_seq=1 ttl=49
time=54.1 ms
64 bytes from [Link] ([Link]): icmp_seq=2 ttl=49
time=37.7 ms
64 bytes from [Link] ([Link]): icmp_seq=3 ttl=49
time=42.4 ms
64 bytes from [Link] ([Link]): icmp_seq=4 ttl=49
time=58.4 ms
--- [Link] ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 37.715/48.157/58.364/8.399 ms

3. Instalasi Paket Proxy

root@debian:~# apt update


root@debian:~# apt install squid

4. Konfigurasi Proxy Server

Lakukan backup file [Link] pada /etc/squid dengan perintah :

root@debian:~# cp /etc/squid/[Link] [Link]

Setelah mem-backup, ketikkan perintah : nano /etc/[Link]

root@debian:~# nano /etc/squid/[Link]

Untuk mengizinkan akses server proxy HTTP bagi siapa saja, buka baris yang berisi string
“http_access deny all” dan ubah menjadi “http_access allow all” . dengan mengetikan perintah
“ctrl-w” pencarian pada editor nano
Menjadi

Kemudian cari teks atau string “http_access deny localnet” kemudian rubah “http_access allow
localnet”

cari teks atau string “http_access deny localhost” kemudian rubah “http_access allow localhost”

Perhatikan gambar dibawah

Dengan mengetikan perintah “systemctl restart squid”


Jika tidak ada masalah maka akan muncul seperti gambar dibawah ini :

Kemudian cek status squid dengan mengetikan perintah “systemctl status squid”, jika muncul
gambar seperti dibawah ini, maka status squid aktif dan tidak ada masalah

Kemudian konfigurasi acl squid, untuk mempercepat pencarian ketikkan “ctrl + w” kemudian
ketikkan “acl”. Perhatikan gambar dibawah ini

Simpan file dan restart squid.

5. Pengaturan Blocking Site

Gunakan Proxy Squid untuk memblokir akses ke situs web tertentu.

Untuk memblokir akses ke situs web tertentu menggunakan Squid, buat file baru bernama [Link]
di lokasi yang sama dengan [Link]. untuk membuat file [Link] lakukan perintah :
touch /etc/squid/[Link]

Sekarang tentukan situs web yang ingin Anda blokir dengan menyebutkan alamatnya dimulai
dengan titik. Perhatikan gambar berikut :

Simpan dan keluar dari editor nano

Kembali ke buka file [Link] dengan mengetikan : nano /etc/squid/[Link]

Sekarang buka kembali file konfigurasi squid dan ketik baris teks “acl blocked_websites
dstdomain”. Tambahkan lokasi file “[Link]” di sini seperti gambar di bawah ini:

Juga tambahkan baris “http_access deny blockir_website” perhatikan gambar di bawah ini :

Simpan file dan restart squid


6. Konfigurasi Firewall di Mikrotik untuk membelokkan seluruh traffic ke proxy

Pengaturan ini penting, karena nantinya seluruh akses menuju jaringan lan akan dipaksakan
langsung ke proxy terlebih dahulu agar terjadi HIT (cache terekam) dan fungsi filtering.

Pengaturan ini dilakukan di mikrotik (router )

admin@routerku >/ ip firewall nat add chain = dstnat srcaddress=[Link]/26 in-


interface=ether1 protocol=tcp dst-port=80 action=dst-nat to-addresses=[Link]
toports=3128

perhatikan gambar berikut :

Silahkan untuk dipelajari dan dipraktekkan.

You might also like