Lagi nyoba cacheboy tapi belum berhasil yang Tproxy karena mesinku amd. Googling nemu artikel berikut. Semoga bermanfaat
Diambil dari : http://hikmah-teknologi.blogspot.com/

LUSCA TPROXY on FREEBSD-7-STABLE
patch kernel:
cd /usr/src
fetch http://squid-proxy-pkg.googlecode.com/files/freebsd-tproxy-sys.patch
path -p0 < freebsd-tproxy-sys.patch

di kernel : /sys/i386/conf/PROXY
options IP_NONLOCALBIND
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_NAT
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IP_NONLOCALBIND
options LIBALIAS

#option tunning for squid
options VFS_AIO
options MAXFILES=262144
options MSGMNB=32768
options MSGMNI=82
options MSGSEG=4096
options MSGSSZ=128
options MSGTQL=2048
options SHMSEG=32
options SHMMNI=256
options SHMMAX=4194304
options SHMALL=16384
makeoptions COPTFLAGS="-O2 -pipe -funroll-loops -ffast-math"
makeoptions NO_MODULES=yes

build kernel
cd /usr/src
make buildkernel KERNCONF=PROXY && make installkernel KERNCONF=PROXY

di /etc/sysctl.conf
net.inet.ip.nonlocalok=1

cp /usr/src/sys/netinet/in.h /usr/include/netinet


install squid
pkg_add -v http://squid-proxy-pkg.googlecode.com/files/lusca-with-tproxy-r14371_3.tbz

di /usr/local/etc/squid/squid.conf

http_port XXX.INTERNAL.IP.XXX:3128 transparent tproxy


# em0 -> External interface (to mikrotik)
# em1 -> Internal interface (to client)

di /etc/ipfw.tproxy
ipfw add fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 in via em1 # default rule to transparent proxy
ipfw add fwd 192.168.1.1 tcp from any 80 to 192.168.1.0/24 in via em0 # catch the packets that come back using the clients IPs

di rc.conf
gateway_enable="YES"
ifconfig_em0="192.168.0.1 255.255.255.252"
ifconfig_em1="192.168.1.1 255.255.255.0"
firewall_enable="YES"
firewall_script="/etc/ipfw.tproxy"
firewall_type="open"
firewall_logging="YES"

fsck_y_enable="YES"
background_fsck="NO"

squid_enable="YES"
#disini tidak menggunakan bind taoi dnsmasq

dnsmasq_enable="YES"
dnsmasq_flags="--conf-file=/usr/local/etc/dnsmasq.conf"

dan jangan lupa di router paling atas untuk membuat NAT dan static routes utk ip di bawah proxy

Back to proxy, especially squid. Eh ada lagi yang namanya cacheboy.
Cacheboy adalah optimasi dari squid stable 2. Menurut pemahaman saya sih cacheboy itu versi moddingnya squid 2 begitulah gampangnya. Nah waktu mencoba instalasi via port ada banyak option yang bisa di enable/disable. Nah berhubung sudah lama gak ngutik squid jadi perlu cari2 lagi fungsi2 option tsb. Antara lain :

1. Delay pool : Fitur ini digunakan untuk limitasi bandwidth
2. AUFS dan COSS : Ini adalah tipe file penyimpanan cache dari squid
3. PF dan IPF transparent : Ini untuk mengaktifkan support PF firewall atau IPF firewall untuk transparent proxy
4. Enable Tproxy : untuk mengaktifkan Tproxy.

Penjelasan Tproxy dari internet sbb :

Transparent Proxy (TProxy)

Tproxy is truly transparent proxy. A transparent proxy or more precisely an interception proxy is the one that becomes transparent to the clients by transparently intercepting the http requests and serving the response, which means the client need not be explicitly configured to use the proxy but they are transparently sent to the proxy without the client's knowledge. Since the interception proxy forwards the request on behalf of the client, the web server see's the source of the request come from the proxy and hence it is not transparent to the web server.

The tproxy feature comes into solving this issue and makes itself transparent to both for the client and the web server. However, the interception and/or tproxy feature requires kernel support and packet redirection feature of the operating system.


Note: To make still more truly transparent, the proxy should be configured not to add any extra headers while forwarding the request and serving the response.

Nha kira2 terjemahannya spt ini.

Tproxy adalah transparent proxy yg sebenar2nya. Transparent proxy atau proxy penangkap adalah proxy yang bekerja dengan menangkap paket http/browsing dari client secara transparan. Dengan kata lain, di sisi client tidak memerlukan adanya konfigurasi pengaktifkan proxy karena secara otomatis dan mau tidak mau akan lewat proxy.

Karena proxy tsb menangkap paket dan melakukan koneksi ke webserver tujuan maka yg dikenali oleh webserver tujuan adalah IP dari proxy bukan dari client.

Fitur dari Tproxy inilah kuncinya, sehingga webserver tujuan mengenali langsung ip client (tentu saja ip public). Fitur ini memerlukan pengaktifan pada kernel dari OS yang dipakai.

Install BerkeleyDB

cd /downloads
fetch http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz
tar xzvf db-4.3.28.NC.tar.gz
cd db-4.3.28.NC
cd build_unix
../dist/configure --prefix=/usr/local/BerkeleyDB
make
make install
cd ..
cd ..
cd /usr/local/BerkeleyDB/lib
cp * /usr/local/lib
cd /usr/local/BerkeleyDB/include
cp * /usr/local/include

fetch http://www.squidguard.org/squidGuard-1.2.0.tar.gz
tar -xzvf squidGuard-1.2.0.tar.gz
cd squidGuard-1.2.0
./configure
make
make test
make install

buat directory
/usr/local/squidGuard/log
cd /usr/local/squidGuar/
fetch http://squidguard.mesd.k12.or.us/blacklists.tgz
tar -xzvf blacklist.tgz
mv blacklist db
chown -R squid:squid db

buat file
ee /usr/local/squidGuard/squidguard.conf

dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
dest ads {
domainlist ads/domains
urllist ads/urls
}

dest drugs {
domainlist drugs/domains
urllist drugs/urls
}

dest gambling {
domainlist gambling/domains
urllist gambling/urls
}

dest hacking {
domainlist hacking/domains
urllist hacking/urls
}

dest porn {
domainlist porn/domains
urllist porn/urls
}

dest redirector {
domainlist redirector/domains
urllist redirector/urls
}

dest spyware {
domainlist spyware/domains
urllist spyware/urls
}

dest violence {
domainlist violance/domains
urllist violance/urls
}

dest white {
domainlist white/domains
urllist white/urls
}

acl {
default {
pass white !ads !drugs !gambling !hacking !porn !redirector !spyware !violence all
redirect http://localhost/block.html
}
}

Tambahkan baris berikut pada squid.conf
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidguard.conf

Jalankan squidguard
/usr/local/bin/squidGuard -c /usr/local/squidGuard/squidguard.conf
dan restart squid
/squid/sbin/squid -k reconfigure