-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================================== kita asumsikan Squid servernya eth0 ==> 192.168.0.2/255.255.255.0 -- > ke Server Internet eth1 ==> 192.168.1.62/255.255.255.192 yg mendistribusikan paket ke client.
IP client 192.168.1.1 - 192.168.1.62 gateway client ke eth1 proxy server 192.168.1.62 =============================================== nampaknya kita harus menggunakan firewall nih utk memaksa client mengakses proxy. edit /etc/sysctl.conf --- > "net.ipv4.ip_forward = 1 " ketik pd terminal dan baru enter setelah "8080" iptables -t nat -I PREROUTING -s 192.168.1.0.0/255.255.255.0 -p tcp--dport 80 - -d ! 192.168.0.0/255.255.255.0 -j REDIRECT --to-port 8080 kemudian /etc/init.d/iptables save, sehingga konfigurasi td tersimpan ke /etc/sysconfig/iptables dan jlnkan service /etc/init.d/iptables start =============================================== /etc/squid/squid.conf #http_port IP_gateway 3128 http_port 192.168.0.1 3128 icp_port 0 cache_mem 15 MB maximum_object_size 256 KB cache_dir ufs /var/spool/squid 400 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log logfile_rotate 10 memory_pools_limit 15 MB redirect_rewrites_host_header on #replacement_policy GDSF half_closed_clients off #-----------transparent proxy ----------- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on #------------------------------------------- acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY client_netmask 255.255.255.192 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.0/255.255.255.0 acl kantor src 192.168.1.0/255.255.255.192 acl images urlpath_regex -i \.gif$ \.png$ \.jpg$ \.jpeg$ acl Safe_ports port 80 443 210 119 563 70 21 1025-65535 6667 acl CONNECT method CONNECT http_access allow localhost CONNECT http_access allow internet CONNECT http_access allow all http_access deny !Safe_ports http_access deny CONNECT http_access deny all #---------------- administration info ------------ cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid log_icp_queries off cachemgr_passwd mypassword all forwarded_for off buffered_logs on visible_hostname domain.com /etc/init.d/squid start =============================================== On Tuesday 28 October 2003 14:30, Prince Kermit wrote: > Di client sudah diset IP proxynya dengan port 3128. > - Gimn caranya untuk memaksa client mengakses proxy > server dengan transparent proxy? > - Kemudian, apa ada pengaruh pada saat instalasi saya > memilih setup firewall dengan "Medium Firewall"? > - Apa Bapak/Mas punya contoh script untuk squid dan > IPtables ( eth0 - Internet dan eth1 -LAN ) > Mohon petunjuknya. Terima kasih. > > salam, > Dody =============================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/n1VUdQGhJcNdYgkRAliWAJ9x0+RDx+W9WbWudm0q7WdwWXgBgQCgqxK4 9/mWvK1DySAw8l9KWCH2aSU= =xdol -----END PGP SIGNATURE----- -- Berhenti langganan: [EMAIL PROTECTED] Arsip dan info: http://linux.or.id/milis.php
