Saya baru setting iptables+squid=transparent proxy (RH 9) step by step: 1.server box :eth1 ip internal 192.168.74.1 tanpa GW ; eth0 ip external 202.x.x.66 GW 202.x.x.65 2.client box:eth0 ip 192.168.74.2 GW 192.168.74.1 + dns 3.konfigurasi squid sesuai petunjuk di dokumen /usr/share/doc/squid-2.5.STABLE1/QUICKSTART. 4.set browser client ke proxy : 192.168.74.1 port 3128. pastikan bisa mengakses internet. 5.tambahkan konfigurasi squid dengan : http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on httpd_accel_single_host of 6.#echo "1" > /proc/sys/net/ipv4/ip_forward (untuk mengaktifkan forwading) 7.flush semua rule iptables, dengan kata lain set security ke "no firewall" 8.#iptables -t nat -A POSTROUTING -s 192.168.74.0/24 -d 0.0.0.0/0 -j SNAT --to-source 202.x.x.66 setelah langkah 8 cek dengan unset proxy di browser client, harus bisa internet. 9.agar bisa caching lewat squid: #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 10.lakukan browsing di client, cek di /var/log/squid/access.log, pastikan ada hit. 11.save konfigurasi #iptables-save
rgrds --- askari <[EMAIL PROTECTED]> wrote: > Kemudian saya mau nyambung lagi, saya menggunakan > SQUID di MDK dan rencana > saya ingin sharing internet untuk semua client. > apa bisa dengan IPCHAINS atau IPTABLES.? > > -----Original Message----- > From: Suwandy [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2003 10:36 AM > To: [EMAIL PROTECTED]; Hendri Cendra Arcan > Subject: Re: [linux-admin] iptables > > > alo mengenai ini saya ada pertanyaan tambahan. > saya sudah mencoba settingan seperti yg mas hendri > jabarkan. > namun kok di rh9 saya harus ada tambahan line > seperti ini : > > /sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > > kalo nggak ditambah perintah itu nggak mau deh. > padahal policy default utk semua chain adalah accept > dan > selain rules iptables diatas, tidak ada rules lain > yg dipakai. > > ----- Original Message ----- > From: "Hendri Cendra Arcan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, August 19, 2003 4:46 PM > Subject: Re: [linux-admin] iptables > > > > ini ada artikel kecil yg pernah saya dapat > mudah2an bisa membantu anda, > > untuk lengkapnya mungkin anda bisa baca manual > ipchains dan squid versi > > terbaru > > > > salam > > > > .12 How do I build a transparent proxy using squid > and iptables? > > First, of course, you need a suitable DNAT or > REDIRECT rule. Use REDIRECT > > only if squid is running on the NAT box itself. > Example: > > > > iptables -t nat -A PREROUTING -p tcp --dport 80 -j > DNAT --to > > 192.168.22.33:3128 > > After that, you have to configure squid > appropriately. We can only give > > short notes here, please refer to the squid > documentation for further > > details. > > > > The squid.conf for Squid 2.3 needs to be something > like the following: > > > > http_port 3128 > > httpd_accel_host virtual > > httpd_accel_port 80 > > httpd_accel_with_proxy on > > httpd_accel_uses_host_header on > > Squid 2.4 needs an additional line added: > > > > httpd_accel_single_host off > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- Berhenti langganan: [EMAIL PROTECTED] Arsip dan info: http://linux.or.id/milis.php
