1.install pfsense DOWNLOAD di pfSense-2.0.1-RELEASE-i386.iso.gz menu lengkap di http://files.nl.pfsense.org/mirror/downloads
2.set dns
3.install unbound
4.install squid
5.squidguard
6.lighsquid
7.lusca>>>Diagnostic -> Command promt http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Lusca
8.setting instalan di atas
9.oprek squid,stoururl
10.enjoy
SETTING PROXY SERVER
Setting proxy server
- proxy interface LAN
- Allow users on interface : v
- Transparent proxy : v
- Log store directory : /var/squid/log
- Disable VIA : v
- Use alternate DNS-servers for the proxy-server : 127.0.0.1
- Custom Options :
zph_mode tos;zph_local 0x04;zph_parent 0;zph_option 136;
Proxy server: Traffic management --> disable dellay pool
Setting squidGuard
Blacklist : v
Blacklist URL :
http://xover2.jkt.3d.x.indowebster.com/download-vip/
82/p16otgonug141j14ieao215rs3kq3.gz/%5Bwww.indowebster.com%5D-bigblacklist.tar.gz
Common ACL : Target Rules -- > Default access : allow, yang lain terserah kebutuhan...
SETTING UNBOUND
Settingan ini sudah di posting http://pfzones.blogspot.com/
Ini adalah screenshot setting standar Unbound dnssec. Bukan Tutorial..
Jadi kalo ada yang tanya kegunaannya untuk apa, silahkan cari di google.
Settingan ini real dan bisa berjalan normal (buat saya). Mudah2an ada manfaatnya.
Cara install dan Setting Unbound DNS di PFSENSE sangat mudah urutannya sebagai berikut :
1) Advance >>> package >>> Unbound klik add
2) Untuk menjalankan unbund dns, syarat mutlaknya adalah dns forwader harus di disable
3) Buka Service >>> Ubound DNS
4) Centang enable unbound dns seperti gambar dibawah ini :
Lanjutan gambar nya :
5) Unbound dns advance setting, kira-kira gambarnya seperti ini
Lanjutan gambar nya :
6) Unbound ACL terserah isikan ip yang diperbolehkan untuk ikut unbound dns.
7) Unbound Status, gambar nya kira-kira seperti ini :
Cek Status server unbound dns ada di status service, gambar dibawah ini :
9 ) Langkah terakhir adalah dengan melakukan TEST DNSSEC Online melalui : http://test.dnssec-or-not.org/
Dns isp (speedy) gk perlu dimasukan, kecuali Unbound sebagai Unbound publik Ip
SETTING SETURURL.PL
/usr/local/etc/squid/storeurl.pl
#!/usr/bin/perl
# $Rev$
# by chudy_fernandez@yahoo.com
# Youtube updates at http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
$|=1;
while (<>) {
@X = split;
# $X[1] =~ s/&sig=.*//;
$x = $X[0] . " ";
$_ = $X[1];
$u = $X[1];
#photos-X.ak.fbcdn.net where X a-z
if (m/^http:\/\/photos-[a-z]?(.ak.fbcdn.net.*)/) {
print $x . "http://photos" . $1 . "\n";
#maps.google.com
} elsif (m/^http:\/\/(khm|mt)[0-9]?(.google.com.*)/) {
print $x . "http://" . $1 . $2 . "\n";
#youtube All itag (semua resolusi)
} elsif ($X[1] =~ /(youtube|google).*videoplayback\?/){
@itag = m/[&?](itag=[0-9]*)/;
@id = m/[&?](id=[^\&]*)/;
@range = m/[&?](range=[^\&\s]*)/;
@begin = m/[&?](begin=[^\&\s]*)/;
@redirect = m/[&?](redirect_counter=[^\&]*)/;
print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/@itag&@id&@range@begin@redirect\n";
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
print $x . "http://www.google-analytics.com/__utm.gif\n";
#Cache High Latency Ads
} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive)(.*)/) {
$y = $3;$z = $2;
for ($y) {
s/pixel;.*/pixel/;
s/activity;.*/activity/;
s/(imgad[^&]*).*/\1/;
s/;ord=[?0-9]*//;
s/;×tamp=[0-9]*//;
s/[&?]correlator=[0-9]*//;
s/&cookie=[^&]*//;
s/&ga_hid=[^&]*//;
s/&ga_vid=[^&]*//;
s/&ga_sid=[^&]*//;
# s/&prev_slotnames=[^&]*//
# s/&u_his=[^&]*//;
s/&dt=[^&]*//;
s/&dtd=[^&]*//;
s/&lmt=[^&]*//;
s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
s/[;&?]ord=[?0-9]*//;
s/[;&]mpvid=[^&;]*//;
s/&xpc=[^&]*//;
# yieldmanager
s/\?clickTag=[^&]*//;
s/&u=[^&]*//;
s/&slotname=[^&]*//;
s/&page_slots=[^&]*//;
}
print $x . "http://" . $1 . $2 . $y . "\n";
#cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
print $x . "http://" . $1 . "\n";
#cdn, varialble 1st path
} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/[a-z0-9]{2,5}/cdn./;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
#rapidshare
} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n";
} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";
#domain/path/.*/path/filename
} elsif (($u =~ /fucktube/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?[^\/]*\/[^\/]*)\/(.*)\/([^\/]*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
@y = ($1,$2,$4,$5,$6);
$y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "/" . $y[3] . "." . $y[4] . "\n";
#like porn hub variables url and center part of the path, filename etention 3 or 4 with or without ? at the end
} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?(\.[a-z]*)?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
print $x . "http://cdn." . $4 . $6 . "\n";
#for yimg.com video
} elsif (m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
print $x . "http://cdn.yimg.com//" . $3 . "\n";
#for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
print $x . "http://cdn.yimg.com/" . $3 . "\n";
#for yimg.com with &sig=
} elsif (m/^http:\/\/([^\.]*)\.yimg\.com\/(.*)/) {
@y = ($1,$2);
$y[0] =~ s/[a-z]+([0-9]+)?/cdn/;
$y[1] =~ s/&sig=.*//;
print $x . "http://" . $y[0] . ".yimg.com/" . $y[1] . "\n";
#youjizz. We use only domain and filename
} elsif (($u =~ /media[0-9]{1,5}\.youjizz/) && (m/^http:\/\/(.*?)(\.[^\.\-]*?\.[^\/]*)\/(.*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})(\?.*?)$/)) {
@y = ($1,$2,$4,$5);
$y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|([^\.]*cdn[^\.]*)|([^\.]*cache[^\.]*))/cdn/;
print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
#general purpose for cdn servers. add above your specific servers.
} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
print $x . "http://squid-cdn-url//" . $2 . "." . $3 . "\n";
# spicific extention
# } elsif (m/^http:\/\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf).*?/) {
# @y = ($1,$2);
# $y[0] =~ s/((cache|cdn)[-\d]*)|([a-zA-A]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
# print $x . "http://" . $y[0] . "." . $y[1] . "\n";
#generic http://variable.domain.com/path/filename."ex", "ext" or "exte"
#http://cdn1-28.projectplaylist.com
#http://s1sdlod041.bcst.cdn.s1s.yimg.com
} elsif (m/^http:\/\/(.*?)(\.[^\.\-]*?\..*?)\/([^\?\&\=]*)\.([\w\d]{2,4})\??.*$/) {
@y = ($1,$2,$3,$4);
$y[0] =~ s/([a-z][0-9][a-z]dlod[\d]{3})|((cache|cdn)[-\d]*)|([a-zA-A]+-?[0-9]+(-[a-zA-Z]*)?)/cdn/;
print $x . "storeurl://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";
# all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
print $x . "http://" . $1 . "/" . $2 . "\n";
} else {
print $x . $_ . "\n";
}
}
SETTING SQUID BIAR BISA EDIT PERMANEN
agar konfigurasi squid yang kita edit tidak hilang lagi setelah reboot pfsense
edit file :
1. /usr/local/pkg/squid.inc
2. find file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf);
dan ubah/tambah terserah “squid.conf” menjadi “squid.conf.bak” atau nama lain terserah dan sesukanya dan di save.
3.masuk ke direktori “/usr/local/etc/squid” dan copy file “squid.conf” menjadi file baru “squid.conf.bak” yang kamu ubah tadi diatas
4. dan sekarang “squid.conf”nya di ubah dan diedit sesuka hati
SQUID CONF+DELAYPOOL
/usr/local/etc/squid/squid.conf
# Do not edit manually !
http_port 192.168.10.1:3128 transparent
http_port 127.0.0.1:80 transparent
icp_port 0
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log none
cache_log /var/squid/logs/cache.log
cache_store_log none
shutdown_lifetime 0 seconds
# Allow local network(s) on interface(s)
acl localnet src 192.168.10.0/255.255.255.0
uri_whitespace strip
dns_nameservers 127.0.0.1 192.168.10.1
cache_mem 32 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 30000 16 256
minimum_object_size 0 KB
maximum_object_size 4000 MB
offline_mode off
cache_swap_low 90
cache_swap_high 95
# No redirector configured
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl partialcontent_req req_header Range .*
#acl dynamic urlpath_regex cgi-bin \?
include /usr/local/etc/squid/include.conf
acl allowed_subnets src 192.168.10.0/24
#cache deny dynamic
http_access allow manager localhost
# Allow external cache managers
acl ext_manager_1 src 127.0.0.1
http_access allow manager ext_manager_1
acl ext_manager_2 src 192.168.10.1
http_access allow manager ext_manager_2
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
quick_abort_min 0 KB
quick_abort_max 128 KB
quick_abort_pct 75
range_offset_limit 0 MB
request_body_max_size 0 allow all
reply_body_max_size 0 deny all
# Custom options
zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136
acl admin src 192.168.10.0/24
acl waktunyakerjajgndonloadaja time MTWHFA 09:00-21:00
##Delay pools on 04-04-2008
#acl download url_regex -i "/etc/squid/bigfile"
acl download url_regex -i ftp \.exe$ \.mp3$ \.3gp$ \.mp4$ \.mar$ \.flv$
acl download url_regex -i \.pdf$
#acl download url_regex -i \.rpm$ \.tar.bz2$ \.tar.gz$ \.gz$
acl download url_regex -i \.zip$ \.rar$ \.iso$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$
#youtube contoh dari forum ini...
acl youtube dstdomain -i *.youtube.com *.ytimg.com
acl streaming url_regex -i get_video\?video_id videodownload\?
#youtube
#aturan delay
delay_pools 2
delay_class 2 1
delay_parameters 2 4000/8000 2000/50000
delay_access 2 allow download waktunyakerjajgndonloadaja
delay_access 2 deny all
delay_class 2 1
delay_parameters 2 2000/8000 2000/50000
#pengennya sih menghemat BW dari situs2 Broadcast...
delay_access 2 allow youtube waktunyakerjajgndonloadaja
delay_access 2 allow streaming waktunyakerjajgndonloadaja
delay_access 2 deny all
##End of Delay pools on 04-04-2008
# OPTIONS FOR TUNING THE CACHE
#
#refresh_pattern ((facebook.com)|(69.63.181.11|69.63.181.12|69.63.1 89.11|69.63.189.16)).*.(jpg|png|gif|swf|mp3|mp4|m pg|3gp|flv|swf|wmv|zip|rar) 12960 99% 12960
refresh_pattern -i .facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600
refresh_pattern -i .fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129690
refresh_pattern -i .zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 999999% 129609
refresh_pattern -i .crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 999999% 129609
refresh_pattern ^http://static.ak.fbcdn.net*.(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 999999% 129600
refresh_pattern ^http://videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://*.channel.facebook.com/(.*)(js|css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://video.ak.facebook.com*.(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://profile.ak.fbcdn.net*.(jpg|gif|png) 129600 999999% 129600
refresh_pattern ^http://platform.ak.fbcdn.net/.* 720 100% 4320
refresh_pattern ^http://creative.ak.fbcdn.net/.* 720 100% 4320
refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320
refresh_pattern ^http://static.ak.fbcdn.net*.(js|css|jpg|gif|png) 129600 999999% 129600
refresh_pattern ^http://statics.poker.static.zynga.com/(.*)(swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100% 4320
refresh_pattern ^http://*.zynga.com*.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://*.crowdstar.com*.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600
refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320
refresh_pattern -i .kaskus.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600
refresh_pattern -i .kaskus.us.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600
refresh_pattern ^http://*.kaskus.us*.*(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 999999% 129600
##DELAY POOL
##cara keempat - class 1###
# bila client melakukan download file apapun
#acl jupukfile url_regex -i \.*
# bila client melakukan streaming video
#acl delokvideo url_regex -i watch\? get_video\?video_id videodownload\? videoplayback\? videoplay\? dailymotion video\.[a-z]\.fbcdn\.net video\flv video\mpg video\quicktime video\x-flv video\mp4 video\x-avi video\x-mpeg video\x-wmv video\flash video\x-mpeg4 video\x-mpg video\x-mov video\mov video\avi
# dibuat 2 aturan
#delay_pools 2
# aturan 1, tidak ada pembatasan untuk browsing
#delay_class 1 1
#delay_parameters 1 -1/-1
#delay_access 1 deny jupukfile
#delay_access 1 deny delokvideo
#delay_access 1 allow all
# aturan 2, setelah download/streaming 512000 bytes mk download/streaming menjadi 48000 bytes/s
#delay_class 2 1
#delay_parameters 2 35000/30000
#delay_access 2 allow jupukfile
#delay_access 2 allow delokvideo
#delay_access 2 deny all
####EOF cara keempat - class 1####
# FIREWALL - DROPPING VIRUS#---------------------------------------------------------------#
#
ACL VIRUS PORTSacl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 32768acl CONFIC port 135 136 137 138 139 445acl VIRUS urlpath_regex winnt/system32/cmd.exe?acl limit maxconn 20# ACL BINARY VIRUSacl file_terlarang url_regex -i hot_indonesia.exeacl file_terlarang url_regex -i hotsurprise_id.exeacl file_terlarang url_regex -i best-mp3-download.exeacl file_terlarang url_regex -i R32.exeacl file_terlarang url_regex -i rb32.exeacl file_terlarang url_regex -i mp3.exeacl file_terlarang url_regex -i HOTSEX.exeacl file_terlarang url_regex -i Browser_Plugin.exeacl file_terlarang url_regex -i DDialer.exeacl file_terlarang url_regex -i od-teen21acl file_terlarang url_regex -i URLDownload.exeacl file_terlarang url_regex -i od-stnd67.exeacl file_terlarang url_regex -i Download_Plugin.exeacl file_terlarang url_regex -i od-teen52.exeacl file_terlarang url_regex -i malaysexacl file_terlarang url_regex -i edita.htmlacl file_terlarang url_regex -i info.exeacl file_terlarang url_regex -i run.exeacl file_terlarang url_regex -i Lovers2Goacl file_terlarang url_regex -i GlobalDialeracl file_terlarang url_regex -i WebDialeracl file_terlarang url_regex -i britneynudeacl file_terlarang url_regex -i download.exeacl file_terlarang url_regex -i backup.exeacl file_terlarang url_regex -i GnoOS2003acl file_terlarang url_regex -i wintrim.exeacl file_terlarang url_regex -i MPREXE.EXEacl file_terlarang url_regex -i exengd.EXEacl file_terlarang url_regex -i xxxvideo.exeacl file_terlarang url_regex -i Save.exeacl file_terlarang url_regex -i ATLBROWSER.DLLacl file_terlarang url_regex -i NawaL_rmacl file_terlarang url_regex -i Socks32.dllacl file_terlarang url_regex -i Sc32Lnch.exeacl file_terlarang url_regex -i dat0.exeacl file_terlarang url_regex -i loadadv.exeacl file_terlarang url_regex -i loadadv.exehttp_access deny VIRUShttp_access deny CONFIChttp_access deny BADPORTS
# Allow local network(s) on interface(s)
http_access allow localnet
http_access allow allowed_subnets
# Default block all to be sure
http_access deny all
GAGAL PATCH AYO DANCE
squidclient -p 80 -m PURGE http://122.102.49.132/audition/Update.ini
GAGAL PATCH crossfire
squidclient -p 80 -m PURGE http://patch.crossfire.web.id/download/version.ini
gagal patch sealindo
squidclient -p 80 -m PURGE http://patch.sealindo.com/patch/normal/version.ini
TRAFIK SHAPING
5. Traffic shapper dan Rule firewall : (butuh 3x restore dan reboot), di sini juga sudah termasuk rule untuk memblok port 3128 (utk mencegah captiveportal dan BW management terbypass)
5.1. Rule firewall ---> http://pfsense-zph.googlecode.com/files/filter-config-pfsense.xml
WEBGUI: Diagnostic -- > Backup/Restore
Restore configuration
Restore area --> firewall rule
Reboot
---> Utk rule LAN : sebaiknya utk port 80(http), 53(dns), 21(ftp) dest IP diganti menjadi single host diiisi IP dari servernya (dr sisi LAN).
5.2. Traffic Shapping --> http://pfsense-zph.googlecode.com/files/shaper-config-pfsense.xml
WEBGUI: Diagnostic -- > Backup/Restore
Restore configuration
Restore area --> Traffic shapper
Reboot
5.3. alias utk game online -- > http://pfsense-zph.googlecode.com/files/aliases-config-pfsense-game-online.xml
WEBGUI: Diagnostic -- > Backup/Restore
Restore configuration
Restore area --> alias
Reboot
Dibawah contoh pembagian Bandwith untuk koneksi 256/1024 KBps, untuk koneksi dengan kecepatan yang berbeda bisa langsung dikalikan dengan angka prosentasenya , sebagai berikut :
ICMP Bandwith 5KB
Default Bandwith 79.8% (800Kb)
Other Bandwith 19.8% (200Kb)
Default_upload Bandwith 49.8% (120Kb)
Other_upload Bandwith 49.8% (120Kb)
7. Upload file Aliases-Config Link Downloadnya http://www.freefilehosting.net/configfile
8. Cara pertama sebelum upload file Shaper-Config nya harus dilakukan penyesuaian bandwith yang digunakan, sebab pada file ini bandwith yang digunakan 256Kb/1024Kb. Cara edit file Shaper-Config nya bisa di open dengan program Notepad, Wordpad atau lebih mudah dengan MSWord 2007 karena sudah support XML data View.
Cari Queue pada interface WAN iface (upload), yang mempunyai satuan (Kb) diedit sesuai bandwith upload yang dimiliki, ada 4 value yang diedit, yaitu pada qWAN _If (interface) dan pada qInternet nya saja. Queue lainnya menggunakan (%) tidak perlu di edit.
Untuk Queue pada LAN iface (download) caranya sama dengan diatas hanya yang diisikan bandwith download nya. Sekali lagi ini untuk single WAN dan single LAN. Untuk multi WAN dan multi LAN perlu ditambahkan Queue pada masing-masing interface dengan jalan melakukan Clone Queue dan masih harus dilakukan penyesuaian lagi.
Cara kedua diupload terlebih dahulu dan dilakukan pengeditan pada bagian qWAN,qInternet on WAN,qLAN dan qInternet on LAN. Seperti gambar dibawah
9. Upload File Shaper-Config
10. Kemudian upload file filter-Config nya (rule). Setelah filter-Config diupload yang perlu diperhatikan bahwa Router harus di reboot dahulu. Webconfigurator akan dapat diakses melalui port 81 terjadi karena pada saat backup config menggunakan port 81 pada anti lockout rule nya. Bisa diganti sesuai selera kemudian. Rule akan Nampak pada interface Floating karena diterapkan sekaligus pada iface WAN dan LAN.
11. Menginputkan TS Limiter pada seluruh daftar Firewall Rule satu per satu berdasarkan table di bawah ini. Dilakukan pada menu Firewall->Rules->Floating->Edit(e), dengan mengedit semua daftar filter seperti gambardi bawah. Direction dirubah semua kearah Out, kemudian dibagian bawah dengan scroll mouse dapat ditemukan kolom untuk menginputkan limiter pada bagian In/out->Advanced. Yang diinputkan bisa dilihat di daftar limiter di bawah ini.
Gambar setting Direction dan input Limiter pada saat edit firewall rules
Pada saat daftar rule telah terisi dengan limiter akan ada huruf A pada lingkaran ungu.
Yang terpasamg
game udp default/default upload
game tcp default/default upload
http port 80 otherupload/other
TUNE UP
/etc/sysctl.conf
net.inet.ip.fastforwarding=1
net.inet.ip.portrange.last=65535
net.inet.ip.portrange.first=1024
net.inet.icmp.icmplim=0
net.inet.icmp.icmplim_output=0
net.inet.tcp.msl=3000
net.inet.tcp.hostcache.expire=3900
net.inet.tcp.inflight.enable=0
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536
net.inet.tcp.delayed_ack=0
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=1048576
net.local.stream.sendspace=1048576
net.inet.ip.intr_queue_maxlen=5000
net.inet.tcp.sendbuf_max=65536
net.inet.tcp.recvbuf_max=65536
net.inet.tcp.slowstart_flightsize=54
net.inet.tcp.local_slowstart_flightsize=10
net.inet.tcp.nolocaltimewait=1
kern.ipc.maxsockbuf=16777216
kern.ipc.maxsockets=65536
kern.ipc.somaxconn=32768
kern.ipc.nmbclusters=131072
kern.polling.burst_max=1000
kern.polling.each_burst=50
kern.maxfiles=262144
kern.maxfilesperproc=65536
kern.ipc.shmall=32768
kern.ipc.shmmax=134217728
kern.ipc.semmap=256
kern.dirdelay=6
kern.metadelay=5
kern.filedelay=7
12. Kemudian jangan lupa untuk reboot Pfsense