NAT MODEM, PFSENSE DAN MIKROTIK

Biar Gx Lupa...!!!!

REMOTE MIKROTIK MELALUI PFSENSE

Kita dapat mengakses semua perangkat komputer (windows rdp, linux diskless) dan server windows maupun server linux melalui mikrotik (ssh, ftp, user manager, winbox) yang diletakkan setelah PFsense Router. langkah-langkah :
1. membuat NAT di Modem





























2. membuat NAT di Pfsense ( Firewall – NAT )



Hasilnya :



3. rubah port mikrotik yg diperlukan ( ip – services )



4. membuat nat di mikrotik (ip – firewall – NAT)
masukkan script dibawah ini melalui terminal dan jgn lupa sesuaikan ip publik (192.168.10.4) dan ip komputer (192.168.11.2) tujuan anda

/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-address=192.168.10.4 \
    dst-port=3389 in-interface=Public protocol=tcp to-addresses=192.168.11.2 \
    to-ports=3389



5. sekarang saatnya mencoba dari internet dengan menggunakan ip publik speedy. untuk mengetahui ip publik speedy



6. buka browser dan ketikkan http://ippublic:port contoh http://36.76.178.238:3389

Semoga bermanfaat

PFSENSE 2.1 REMOTE FROM INTERNET

1. SETTING MODEM AGAR PFSENSE DLL BISA DIREMOTE DARI INTERNET
Merubah setingan modem / membuka port modem untuk bisa konek dari internet
- Login ke modem contoh tplink
- Klik à Advanced Setup – NAT – Virtual Circuit (Pilih yg ada setingan speedy kita)
- Klik -> Virtual Server

- Masukkan port-port yg akan kita butuhkan
- Perlu diingat Local IP Adress diisi dengan IP Server Pfsense

- Masuk ke menu Status
- Ingat IP Publik yang diberikan oleh Provider/Speedy

2. SETTING PFSENSE AGAR BISA DIREMOTE DARI INTERNET
1. SETTING NAT (Contoh)

Contoh Entry NAT nya:

3. Selanjutnya edit System: Advanced: Admin Access


4. Open dibrowser anda

Custom Options Lusca Pfsense 2014

zph_mode tos;
zph_local 0x04;
zph_parent 0;
zph_option 136;

#======= Custom Option 2 ===============;
acl gameport port 18901-18909   # Ayo Dance;
acl gameport port 1818       # SealOnline;
acl gameport port 39190      # tcp PointBlank;
acl gameport port 40000-40010   # udp PointBlank;
acl gameport port 7777          # Lineage2 : tcp;
acl gameport port 19101         # GhostOnline : tcp;
acl gameport port 27780         # RF-Elven : tcp;
acl gameport port 29000         # Perfect world : tcp;
acl gameport port 22100         # Rohan : tcp;
acl gameport port 5121          # Zeus RO : tcp;
acl gameport port 6000-6152     # Dotta : tcp;
acl gameport port 2001          # IdolStreet : tcp;
acl gameport port 9601-9602     # CrazyKart :;
acl gameport port  8085         # WOW AMPM : tcp;
acl gameport port 11011-11041   # DriftCity : tcp;
acl gameport port 13413         # GetAmped : tcp;
acl gameport port 19000         # Yullgang : tcp;
acl gameport port  5105         # RAN Online : tcp;
acl gameport port 10009         # CrossFire : tcp;
acl gameport port 12060-12070   # CrossFire : udp;
acl gameport port 5340-5352     # WarRock : tcp;
acl gameport port  6000-6001    # FastBlack : tcp;
acl gameport port  29200        # Rose Online : tcp;
acl gameport port  10402        # Return Of Warrior : tcp;
acl gameport port  9600         # CrazyKart 2 : tcp;
acl gameport port  15002        # Luna Online : tcp;
acl gameport port  16402-16502  # Runes Of Magic : tcp;
acl gameport port  5126         # FreshRO : tcp;
acl gameport port  3010         # Tantra Online : tcp;
acl gameport port  11031        # Heroes Of Newearth Incatamers : tcp;
acl gameport port  11440-11460  # Heroes Of Newearth Incatamers : udp;
acl gameport port  11100-11125  # Heroes Of Newearth Incatamers : udp;
acl gameport port  4300         # Atlantica : tcp;
acl gameport port  12011        # ECO Online : tcp Port;
acl gameport port  12110        # ECO Online : tcp Port;
acl gameport port  15001        # Cabal Indo : tcp Port;
acl gameport port  15002        # Cabal Indo : tcp Port;
acl gameport port  7341         # X-SHOT : tcp;
acl gameport port  7451         # X-SHOT : tcp;
acl gameport port  7808         # X-SHOT : udp;
acl gameport port  30000        # X-SHOT : udp;
acl gameport port  42051-42052    # 3 Kindom : udp;
acl gameport port  9376-9377    # Avalaon : tcp;
acl gameport port  10001-10011    # Free Style :tcp;
acl gameport port  40000     # Free Style :tcp;
acl gameport port  40040-40500    # Free Style :udp;
acl gameport port  1293        # Free Style :udp;
acl gameport port  1479        # Free Style :udp;
acl gameport port  9300        # Grand Chase :tcp;
acl gameport port  9400        # Grand Chase :tcp;
acl gameport port  9700        # Grand Chase :tcp;
acl gameport port  9401        # Grand Chase :udp;
acl gameport port  9600        # Grand Chase :udp;
acl gameport port  14009-14012    # Lost Saga :tcp:udp;
acl gameport port  8001        # CS Online Indonesia :tcp;
acl gameport port  9015        # CS Online Indonesia :tcp;
acl gameport port  40300-40404    # CS Online Indonesia :tcp;
acl gameport port  36567    # CS Online Indonesia :tcp;
acl gameport port  27017    # CS Online Indonesia :udp;
always_direct allow gameport;
#never_direct allow all;

acl HTML url_regex .png$;
no_cache deny HTML;
acl XYZZY url_regex ^http://www1.dewapoker.com/captcha/captcha-login.php?.png$;
acl XYZZY url_regex ^http://www2.dewapoker.com/captcha/captcha-login.php?.png$;
acl XYZZY url_regex ^http://www3.dewapoker.com/captcha/captcha-login.php?.png$;
acl XYZZY url_regex ^http://www4.dewapoker.com/captcha/captcha-login.php?.png$;
acl XYZZY url_regex ^http://www5.dewapoker.com/captcha/captcha-login.php?.png$;
no_cache deny XYZZY;

acl market url_regex ^http://[^/]*\.android\.clients\.google\.com
cache allow market

acl ini urlpath_regex -i .*\.ini$;
acl ui urlpath_regex -i .*\.ui$;
acl lst urlpath_regex -i .*\.lst$;
acl list urlpath_regex -i .*\.list$;
acl inf urlpath_regex -i .*\.inf$;
acl dll urlpath_regex -i .*\.dll$;
acl AA url_regex ^http://122.102.49.132/audition/Update.ini$;;
acl AB url_regex ^http://patch.crossfire.web.id/download/version.ini$;;
acl AC url_regex ^http://patch.sealindo.com/patch/normal/version.ini$;;
acl AD url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/afs.dat;
acl AE url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/noupdate.ui;
acl AF url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/ahn.ui;
acl AG url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/patch/39/ahn.ui;
acl AH url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/ahni2.dll;
acl AI url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/x86/ahn.ui;
acl AJ url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/x86/patch/39/ahn.ui;
acl AK url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/x86/patch.conf;
acl AL url_regex ^http://file.pb.gemscool.com/hackshield/PatchSet/x86/afs.dat;

always_direct allow ini;
always_direct allow ui;
always_direct allow lst;
always_direct allow list;
always_direct allow inf;
always_direct allow dll;
always_direct allow AA;
always_direct allow AB;
always_direct allow AC;
always_direct allow AD;
always_direct allow AE;
always_direct allow AF;
always_direct allow AG;
always_direct allow AH;
always_direct allow AI;
always_direct allow AJ;
always_direct allow AK;
always_direct allow AL;


no_cache deny ini;
no_cache deny ui;
no_cache deny lst;
no_cache deny list;
no_cache deny inf;
no_cache deny dll;
no_cache deny AA;
no_cache deny AB;
no_cache deny AC;
no_cache deny AD;
no_cache deny AE;
no_cache deny AF;
no_cache deny AG;
no_cache deny AH;
 no_cache deny AI;
no_cache deny AJ;
no_cache deny AK;
no_cache deny AL;

#======== End Custom Option 2 ========;

# Custom Option Header Access #;
request_header_access Allow allow all;
request_header_access Authorization allow all;
request_header_access WWW-Authenticate allow all;
request_header_access Proxy-Authorization allow all;
request_header_access Proxy-Authenticate allow all;
request_header_access Cache-Control allow all;
request_header_access Content-Encoding allow all;
request_header_access Content-Length allow all;
request_header_access Content-Type allow all;
request_header_access Date allow all;
request_header_access Expires allow all;
request_header_access Host allow all;
request_header_access If-Modified-Since allow all;
request_header_access Last-Modified allow all;
request_header_access Location allow all;
request_header_access Pragma allow all;
request_header_access Accept allow all;
request_header_access Accept-Charset allow all;
request_header_access Accept-Encoding allow all;
request_header_access Accept-Language allow all;
request_header_access Content-Language allow all;
request_header_access Mime-Version allow all;
request_header_access Retry-After allow all;
request_header_access Title allow all;
request_header_access Connection allow all;
request_header_access Proxy-Connection allow all;
# End Custom Option Header Access #;

PROXY LUSCA ON PFSENSE 2.1 UPGRADE (CACHE HIT YOUTUBE)

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.

Lusca Patch 2013 ( Youtube Cache)

Terima kasih untuk ucok_karnadi@yahoo.com yang telah menemukan solusi ini

Semoga membantu agar Youtube dapat tercache oleh Pfsense Lusca Cache.


Perhatian !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Lusca sudah terinstall dan berjalan dengan baik cuma youtube tidak tercache.

Install dahulu File::ReadBackwards module

dari konsole putty :

#setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

#pkg_add -r -v -f p5-File-ReadBackwards

atau:

#pkg_add -r  http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/p5-File-ReadBackwards.tbz

atau :

#pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/perl5/p5-File-ReadBackwards-1.05.tbz



Selanjutnya ikuti langkah dibawah ini :

1. Masuk ke Konsole melalui Putty, Lalu buat file cobaReadBack.pl
    isi nya :
   
#-------------------------------

#!/usr/bin/perl
use File::ReadBackwards;
 
$fh = File::ReadBackwards->new('/var/squid/logs/access.log') or
die "can't read file: $!\n";
 
while ( defined($line = $fh->readline) )
{
  print $line ;
}

#-------------------------------

cara tes atau menjalankannya :

# perl cobaReadBack.pl

2.Backup file /user/local/etc/squid/include.conf dan hapus semua isinya dan

  paste kan teks dibawah ini :

#----------------------- 

#thanks to ucok_karnadi@yahoo.com
#debug_options ALL,3
strip_query_terms off
acl yutub url_regex -i .*youtube\.com\/.*$
acl yutub url_regex -i .*youtu\.be\/.*$

#logformat chudy %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %mt http%rv Rq[%>h] Rp[%<h]
#access_log /var/squid/logs/access.log
# logformat squid1 %{Referer}>h %ru
logformat squid1 %{Referer}>h %ru
#logformat squid1 %>h %ru
access_log /var/squid/logs/yt.log squid1 yutub
acl redirec urlpath_regex -i .*&redirect_counter=1&cms_redirect=yes
acl redirec urlpath_regex -i .*&ir=1&rr=12
cache deny redirec 
acl reddeny url_regex -i c\.youtube\.com\/videoplayback.*redirect_counter=1.*$
acl reddeny url_regex -i c\.youtube\.com\/videoplayback.*cms_redirect=yes.*$
#acl range url_regex -i .*youtube\.com\/videoplayback.*range\=.*$
#http_access deny range
#storeurl_access deny reddeny
#


# $Rev$
## LUSCA
acl speedtest url_regex ^http:\/\/.*\/speedtest\/.*
acl store_rewrite_list urlpath_regex .*\.ak\.fbcdn\.net\/
acl store_rewrite_list urlpath_regex http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)
acl store_rewrite_list urlpath_regex s[0-9]*\.filesonic\.com\/download\/.*
acl store_rewrite_list urlpath_regex [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/
acl store_rewrite_list urlpath_regex \/(watch\?|get_video\?|videodownload\?|videoplayback.*id)
#acl store_rewrite_list urlpath_regex \.youtube\.com\/videoplayback \.youtube\.com\/videoplay \.youtube\.com\/get_video\?
#acl store_rewrite_list urlpath_regex \.youtube\.[a-z][a-z]\/videoplayback \.youtube\.[a-z][a-z]\/videoplay \.youtube\.[a-z][a-z]\/get_video\?
acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|rar|cab)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe|cab)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar|swf)\?
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|krf|exe)$
acl store_rewrite_list_domain_CDN url_regex (khm|mt)[0-9]?.google.co(m|\.id)  streamate.doublepimp.com.*\.js\? photos-[a-z].ak.fbcdn.net \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl dontrewrite url_regex redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*begin\=[1-9][0-9]* \.php\?
acl getmethod method GET

storeurl_access allow speedtest
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny reddeny
storeurl_access deny all

storeurl_rewrite_program /usr/local/etc/squid/storeurl.pl
storeurl_rewrite_children 16
storeurl_rewrite_concurrency 99


acl snmppublic snmp_community public
cachemgr_passwd none config reconfigure

#work around for fragment videos of msn
acl msnvideo url_regex QualityLevel.*Fragment
http_access deny msnvideo 

#always_direct allow html
#cache_peer localhost parent 4001 0 carp login=PASS name=backend-1
max_stale 10 years

include /usr/local/etc/squid/refresh.conf

#acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
#upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

#read_ahead_gap 0 KB

#ie_refresh on
reload_into_ims on

strip_query_terms off
deny_info TCP_RESET localnet
negative_dns_ttl 1 second
negative_ttl 1 second
snmp_port 3401
snmp_access allow snmppublic all
maximum_single_addr_tries 2
retry_on_error on
#n_aiops_threads 64
# server_http11 on
#request_header_max_size 128 KB
#reply_header_max_size 128 KB
#range_offset_limit 10 MB
vary_ignore_expire on
#client_db off # this needs to be on for acl maxconn to work
ipcache_size 4096
fqdncache_size 20
#tcp_recv_bufsize 64 KB
pipeline_prefetch on
#half_closed_clients off

# 0x10 no delay, 0x08 throughput, 0x04 reliability
# 0x10       10000    (minimize delay)           Use delay metric
# 0x08       01000    (maximize throughput)      Use default metric
# 0x04       00100    (maximize reliability)     Use reliability metric
# 0x02       00010    (minimize monetary cost)   Use cost metric
# dscp    squidtos+ECN
# 56    0xE0    11100000
# 48    0xc0    11000000
# 08    0x20    00100000
# 32    0x80    10000000
# 16    0x40    01000000
#tcp_outgoing_tos 0x03 video
#tcp_outgoing_tos 0xb8 html
#tcp_outgoing_tos 0x20 images
#tcp_outgoing_tos 0x02 all

#zph_mode tos
#zph_local 0xb8
#zph_parent 0x08

#acl monitor url_regex avira
#logformat chudy %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %mt http%rv Rq[%>h] Rp[%<h]
#access_log /var/squid/logs/access2.log chudy monitor

#buffered_logs on
#download_fastest_client_speed on
#acl text rep_header Content-Type -i text\/
#acl hit rep_header X-Cache -i hit
#acl partial rep_header Content-Range .*
#log_access deny partial
#log_access deny php
#log_access deny text
#log_access deny hit
#log_access deny html
#log_access deny !getmethod
high_page_fault_warning 50
#log_access deny manager

###tunning hanya untuk lusca
n_aiops_threads 16
download_fastest_client_speed on
#tambahan
buffered_logs on
client_db off
memory_pools off
half_closed_clients off

#---------------------------------

3. Backup file /user/local/etc/squid/storeurl.pl dan hapus semua isinya dan

 paste kan teks dibawah ini :

#---------------------------------

#!/usr/bin/perl
# store rewrite originally writen by chudy_fernandez@yahoo.com
# modified by member of comstuff.net to satisfy common and dynamic content.
# 
$|=1;
while (<>) {
    @X = split;
#       $X[1] =~ s/&sig=.*//;
        $x = $X[0] . " ";
        $_ = $X[1];
        $u = $X[1];


                        #speedtest
if (m/^http:\/\/(.*)\/speedtest\/(.*\.(jpg|txt))\?(.*)/) {
        print $x . "http://www.speedtest.net.SQUIDINTERNAL/speedtest/" . $2 . "\n";

                        #mediafire
}elsif (m/^http:\/\/199\.91\.15\d\.\d*\/\w{12}\/(\w*)\/(.*)/) {
        print $x . "http://www.mediafire.com.SQUIDINTERNAL/" . $1 ."/" . $2 . "\n";

                        #fileserve
}elsif (m/^http:\/\/fs\w*\.fileserve\.com\/file\/(\w*)\/[\w-]*\.\/(.*)/) {
        print $x . "http://www.fileserve.com.SQUIDINTERNAL/" . $1 . "./" . $2 . "\n";

                        #filesonic
}elsif (m/^http:\/\/s[0-9]*\.filesonic\.com\/download\/([0-9]*)\/(.*)/) {
        print $x . "http://www.filesonic.com.SQUIDINTERNAL/" . $1 . "\n";

                        #4shared
}elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/download\/(.*)\/(.*\..*)\?.*/) {
        print $x . "http://www.4shared.com.SQUIDINTERNAL/download/$2\/$3\n";
        
                        #4shared preview
}elsif (m/^http:\/\/[a-zA-Z]{2}\d*\.4shared\.com(:8080|)\/img\/(\d*)\/\w*\/dlink__2Fdownload_2F(\w*)_3Ftsid_3D[\w-]*\/preview\.mp3\?sId=\w*/) {
        print $x . "http://www.4shared.com.SQUIDINTERNAL/$2\n";

                        #photos-X.ak.fbcdn.net where X a-z
}elsif (m/^http:\/\/photos-[a-z](\.ak\.fbcdn\.net)(\/.*\/)(.*\.jpg)/) {
        print $x . "http://photos" . $1 . "/" . $2 . $3  . "\n";

                        #YX.sphotos.ak.fbcdn.net where X 1-9, Y a-z
} elsif (m/^http:\/\/[a-z][0-9]\.sphotos\.ak\.fbcdn\.net\/(.*)\/(.*)/) {
    print $x . "http://photos.ak.fbcdn.net/" . $1  ."/". $2 . "\n";

                        #maps.google.com
} elsif (m/^http:\/\/(cbk|mt|khm|mlt|tbn)[0-9]?(.google\.co(m|\.uk|\.id).*)/) {
        print $x . "http://" . $1  . $2 . "\n";
        
                        # compatibility for old cached get_video?video_id
} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com).*?(videoplayback\?id=.*?|video_id=.*?)\&(.*?)/) {
        $z = $2; $z =~ s/video_id=/get_video?video_id=/;
        print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $z . "\n";

        # youtube fix by th30nly @comstuff.net, ucok_karnadi@yahoo.com, extreemblank@yahoo.com
        # for ALL Youtube ( range & non range )
        # first you need do this
        # install package dependencies "apt-get install libfile-readbackwards-perl"
        # add line below to your squid config and remove "#"
       
        # strip_query_terms off
        # acl yutub url_regex -i .*youtube\.com\/.*$
        # acl yutub url_regex -i .*youtu\.be\/.*$
        # logformat squid1 %{Referer}>h %ru
        # access_log /var/log/squid/yt.log squid1 yutub
        # acl redirec urlpath_regex -i .*&redirect_counter=1&cms_redirect=yes
        # acl redirec urlpath_regex -i .*&ir=1&rr=12
        # cache deny redirec
        # acl reddeny url_regex -i c\.youtube\.com\/videoplayback.*redirect_counter=1.*$
        # acl reddeny url_regex -i c\.youtube\.com\/videoplayback.*cms_redirect=yes.*$
        # storeurl_access deny reddeny

} elsif (m/^http:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/videoplayback\?(.*)/) {
        $p_str = $2;
        #$tag = "";
        #$alg = "";
        #$id = "";
        #$range = "";
        #if ($p_str =~ m/(itag=[0-9]*)/){$tag = "&".$1}
        #if ($p_str =~ m/(algorithm=[a-z]*\-[a-z]*)/){$alg = "&".$1}
        #if ($p_str =~ m/(id=[a-zA-Z0-9]*)/){$id = "&".$1}
        #if ($p_str =~ m/(range=[0-9\-]*)/){$range = "&".$1; $range =~ s/-//; $range =~ s/range=//; }
        #print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/" . $tag . "&" . $alg . "&" . $id . "&" . $range . "\n";
                #modif
                @itag = m/[&?](itag=[0-9]*)/;
          @CPN = m/[&?]cpn\=([a-zA-Z0-9\-\_]*)/;
             @IDS = m/[&?]id\=([a-zA-Z0-9\-\_]*)/;
                #@id = m/[&?](id=[^\&]*)/;            
          $id = &GetID($CPN[0], $IDS[0]);
                @range = m/[&?](range=[^\&\s]*)/;
                #print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/@itag&@id&@range\n";
                print $x . "http://video-srv.youtube.com.SQUIDINTERNAL/id=" . $id . "&@itag@range\n";    
  
} elsif (m/^http:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
        print $x . "http://www.google-analytics.com/__utm.gif\n";

                        #Cache High Latency Ads
} elsif (m/^http:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|\.googlesyndication\.com|yieldmanager|cpxinteractive)(.*)/) {
        $y = $3;$z = $2;
        for ($y) {
        s/pixel;.*/pixel/;
        s/activity;.*/activity/;
        s/(imgad[^&]*).*/\1/;
        s/;ord=[?0-9]*//;
        s/;&timestamp=[0-9]*//;
        s/[&?]correlator=[0-9]*//;
        s/&cookie=[^&]*//;
        s/&ga_hid=[^&]*//;
        s/&ga_vid=[^&]*//;
        s/&ga_sid=[^&]*//;
        # s/&prev_slotnames=[^&]*//
        # s/&u_his=[^&]*//;
        s/&dt=[^&]*//;
        s/&dtd=[^&]*//;
        s/&lmt=[^&]*//;
        s/(&alternate_ad_url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
        s/(&url=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
        s/(&ref=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
        s/(&cookie=http%3A%2F%2F[^(%2F)]*)[^&]*/\1/;
        s/[;&?]ord=[?0-9]*//;
        s/[;&]mpvid=[^&;]*//;
        s/&xpc=[^&]*//;
        # yieldmanager
        s/\?clickTag=[^&]*//;
        s/&u=[^&]*//;
        s/&slotname=[^&]*//;
        s/&page_slots=[^&]*//;
        }
        print $x . "http://" . $1 . $2 . $y . "\n";

                        #cache high latency ads
} elsif (m/^http:\/\/(.*?)\/(ads)\?(.*?)/) {
        print $x . "http://" . $1 . "/" . $2  . "\n";

                        # spicific servers starts here....
} elsif (m/^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*?)/) {
        print $x . "http://" . $1 . "\n";

                        #cdn, varialble 1st path
} elsif (($u =~ /filehippo/) && (m/^http:\/\/(.*?)\.(.*?)\/(.*?)\/(.*)\.([a-z0-9]{3,4})(\?.*)?/)) {
        @y = ($1,$2,$4,$5);
        $y[0] =~ s/[a-z0-9]{2,5}/cdn./;
        print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

                        #rapidshare
} elsif (($u =~ /rapidshare/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?)([a-z]*\.[^\/]{3}\/[a-z]*\/[0-9]*)\/(.*?)\/([^\/\?\&]{4,})$/)) {
        print $x . "http://cdn." . $3 . "/SQUIDINTERNAL/" . $5 . "\n";

} elsif (($u =~ /maxporn/) && (m/^http:\/\/([^\/]*?)\/(.*?)\/([^\/]*?)(\?.*)?$/)) {
        print $x . "http://" . $1 . "/SQUIDINTERNAL/" . $3 . "\n";

                        #like porn hub variables url and center part of the path, filename etention 3 or 4 with or without ? at the end
} elsif (($u =~ /tube8|pornhub|xvideos/) && (m/^http:\/\/(([A-Za-z]+[0-9-.]+)*?(\.[a-z]*)?)\.([a-z]*[0-9]?\.[^\/]{3}\/[a-z]*)(.*?)((\/[a-z]*)?(\/[^\/]*){4}\.[^\/\?]{3,4})(\?.*)?$/)) {
        print $x . "http://cdn." . $4 . $6 . "\n";
                        #...spicific servers end here.

                        #photos-X.ak.fbcdn.net where X a-z
} elsif (m/^http:\/\/photos-[a-z].ak.fbcdn.net\/(.*)/) {
        print $x . "http://photos.ak.fbcdn.net/" . $1  . "\n";

                        #for yimg.com video
} elsif (m/^http:\/\/(.*yimg.com)\/\/(.*)\/([^\/\?\&]*\/[^\/\?\&]*\.[^\/\?\&]{3,4})(\?.*)?$/) {
        print $x . "http://cdn.yimg.com//" . $3 . "\n";

                        #for yimg.com doubled
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*?)\.yimg\.com\/(.*?)\?(.*)/) {
        print $x . "http://cdn.yimg.com/"  . $3 . "\n";

                        #for yimg.com with &sig=
} elsif (m/^http:\/\/(.*?)\.yimg\.com\/(.*)/) {
        @y = ($1,$2);
        $y[0] =~ s/[a-z]+[0-9]+/cdn/;
        $y[1] =~ s/&sig=.*//;
        print $x . "http://" . $y[0] . ".yimg.com/"  . $y[1] . "\n";

                        #youjizz. We use only domain and filename
} elsif (($u =~ /media[0-9]{2,5}\.youjizz/) && (m/^http:\/\/(.*)(\.[^\.\-]*?\..*?)\/(.*)\/([^\/\?\&]*)\.([^\/\?\&]{3,4})((\?|\%).*)?$/)) {
        @y = ($1,$2,$4,$5);
        $y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|(.*cdn.*)|(.*cache.*))/cdn/;
        print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

                        #general purpose for cdn servers. add above your specific servers.
} elsif (m/^http:\/\/([0-9.]*?)\/\/(.*?)\.(.*)\?(.*?)/) {
        print $x . "http://squid-cdn-url//" . $2  . "." . $3 . "\n";

                        #generic http://variable.domain.com/path/filename."ex" "ext" or "exte" with or withour "? or %"
} elsif (m/^http:\/\/(.*)(\.[^\.\-]*?\..*?)\/(.*)\.([^\/\?\&]{2,4})((\?|\%).*)?$/) {
        @y = ($1,$2,$3,$4);
        $y[0] =~ s/(([a-zA-A]+[0-9]+(-[a-zA-Z])?$)|(.*cdn.*)|(.*cache.*))/cdn/;
        print $x . "http://" . $y[0] . $y[1] . "/" . $y[2] . "." . $y[3] . "\n";

                        # generic http://variable.domain.com/...
} elsif (m/^http:\/\/(([A-Za-z]+[0-9-]+)*?|.*cdn.*|.*cache.*)\.(.*?)\.(.*?)\/(.*)$/) {
        print $x . "http://cdn." . $3 . "." . $4 . "/" . $5 .  "\n";

                        # spicific extention that ends with ?
} elsif (m/^http:\/\/(.*?)\/(.*?)\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|on2)(.*)/) {
        print $x . "http://" . $1 . "/" . $2  . "." . $3 . "\n";

                        # all that ends with ;
} elsif (m/^http:\/\/(.*?)\/(.*?)\;(.*)/) {
        print $x . "http://" . $1 . "/" . $2  . "\n";

} else {
        print $x . $_ . "sucks\n";
}
}

sub GetID
{
$id = "";
use File::ReadBackwards;
my $lim = 200 ;
my $ref_log = File::ReadBackwards->new('/var/squid/logs/yt.log');
while (defined($line = $ref_log->readline))
{
if ($line =~ m/.*youtube.*\/watch\?.*v=([a-zA-Z0-9\-\_]*).*\s.*id=$IDS[0].*/){
$id = $1;
last;
}
if ($line =~ m/.*youtube.*\/.*cpn=$CPN[0].*[&](video_id|docid|v)=([a-zA-Z0-9\-\_]*).*/){
$id = $2;
last;
}
if ($line =~ m/.*youtube.*\/.*[&?](video_id|docid|v)=([a-zA-Z0-9\-\_]*).*cpn=$CPN[0].*/){
$id = $2;
last;
}
last if --$lim <= 0;
}
if ($id eq ""){
$id = $IDS[0];
}
$ref_log->close();
return $id;
}

#------------------------------

File Pendukung untuk didownload
https://drive.google.com/file/d/0B_V-AjLdBFXQQmp0ZVhidHZ3d1U/edit?usp=sharing
https://drive.google.com/file/d/0B_V-AjLdBFXQQnBGRk03THRldGM/edit?usp=sharing
https://drive.google.com/file/d/0B_V-AjLdBFXQODNySXBJaktoTTA/edit?usp=sharing
https://drive.google.com/file/d/0B_V-AjLdBFXQQmp0ZVhidHZ3d1U/edit?usp=sharing

Pfsense/FreeBSD add a user to group

Task: Add existing user to group

You would like to add existing user tom to secondary group called ftpusers. Type the command as follows:
# pw usermod tom -G ftpusers
You can add tom to secondary group ftpuser and wwwusers:
# pw usermod tom -G ftpusers,wwwusers
-G option Set the default groups in which new users are granted membership. This is a separate set of groups from the primary group, and you should avoid nominating the same group as both primary and extra groups.

Task: Add a new user to group

Add new user jerry to system and to secondary group sales:
# pw useradd jerry -G sales
# passwd jerry
First command adds user jerry to secondary group called sales. Second commands set a password for jerry.
 

Task: Print list of users and groups

awk -F":" '{print $1}' /etc/passwd 
awk -F":" '{print $1}' /etc/group

PFSENSE 2.1 logs berwarna dengan CCZE

Cara Instal dan Console Putty

Untuk i386/x86
pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/ccze-0.2.1_4.tbz

Untuk amd64
pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/ccze-0.2.1_4.tbz


untuk menggunakannnya

#tail -f /var/squid/logs/access.log |ccze

Hasilnya :

Semoga bermanfaat

Traffic management Via GUI Pfsense Proxy Lusca Server

Mengedit Pfsense Proxy Lusca Server : Traffic management Via GUI 



 
\.bin$
\.cab$
\.sea$
\.ar$
\.arj$
\.tar$
\.tgz$
\.gz$
\.tbz$
\.bz2$
\.zip$
\.7z$
\.exe$
\.com$
\.iso$
\.bin$
\.mds$
\.nrg$
\.gho$
\.bwt$
\.b5t$
\.pqi$
\.aiff?$
\.asf$
\.avi$
\.divx$
\.mov$
\.mp3$
\.mp4$
\.wmv$
\.mpe?g$
\.qt$
\.ra?m$
# Multimedia Audio
\.aif$
\.rmi$
\.snd$
\.wav$
\.aifc$
\.aiff$
\.au$
\.mid$
\.midi$
\.mp3$
\.wma$
\.vqf$
\.aaf$
\.ogg$
# Multimedia Video
\.asf$
\.x-flv$
\.mpe$
\.mpeg$
\.mpg$
\.mpv2$
\.avi$
\.m1v$
\.mp2$
\.mp2v$
\.mpa$
\.flv$
\.wmv$
\.dat$
\.mkv$
\.div$
\.divx$
\.ac3$
\.dts$
\.vob$
\.dvr-ms$
\.mp4$
\.m2v$
\.m4v$
\.m2ts$
\.bup$
\.3gpp$
\.3g2$
\.3gp2$
\.vro$
\.rm$
\.3gp$
\.ram$
\.raw$
\.qt$
\.mov$
\.svcd$
\.xdiv$
\.3mm$
\.aep$
\.ajp$
\.amv$
\.avs$
\.d2v$
\.d3v$
\.dmb$
\.dxr$
\.amx$
\.arf$
\.asf$
\.dvx$
\.f4v$
\.dv$
\.bsf$
\.rmvb$
\.rv$
# Gambar
\.srf$
\.hdf$
\.wbmp$
\.wmf$
\.x3f$
\.xbm$
\.xpm$
\.cr2$
\.crw$
\.dcr$
\.tga$
\.djvu$
\.emf$
\.fpx$
\.icl$
\.icn$
\.plp$
\.ppm$
\.raf$
\.ras$
\.raw$
\.mrw$
\.nef$
\.orf$
\.pbm$
\.pcd$
\.pef$
\.pgm$
\.rs$
# Program
\.rpm$
\.bin$
\.dmg$
\.exe$
\.msi$
\.cab$
# Kompresi
\.ace$
\.arj$
\.bzip2$
\.gz$
\.jar$
\.tgz$
\.uue$
\.iso$
\.7-zip$
\.rar$
\.alz$
\.nrg$
\.zip$
\.cab$
\.gzip$
\.lzh$
\.lzw$
\.tar$
\.tbz$