saya menggunakan ym bukan yang web melalui squid / proxy karena saya bikin squidnya nggak transparent, SuSEFirewall aktif. berikut config dari squidnya dan iptablesnya. mohon masukannya kalau ada yang salah, karena sebelumnya saya menggunakan settingan seperti ini tidak ada masalah, masalah timbul baru 2 bulan terakhir ini. Untuk diketahui kalau komputer gateway ini saya pergunakan sebagai proxy server, vpn server dan sebagai routing dari 3 subnetting (LAN, CCTV, Internet) untuk settingannya saya attach. mohon bimbingannya
Thanks, Ardian http://ardian-anr.co.cc ________________________________ From: medwinz <[email protected]> To: Mailing List Komunitas openSUSE Indonesia <[email protected]> Sent: Wednesday, July 22, 2009 4:46:27 PM Subject: Re: [*openSUSE-ID*] Koneksi yahoo dengan squid 2009/7/22 Ardian Adi <[email protected]>: > Ada yang tau nggak kenapa pake squid 2.6 stable 14 dengan distro opensuse > 10.3 membuat koneksi ke web yahoo itu agak susah dan ymnya juga padahal > port2nya sudah saya buka semua. tolong pencerahannya. > Saya nggak ada masalah tuh. emang ym lewat squid? pakai yang web maksudnya? Setting squid.conf gimana? SuSEFirewall aktif atau nggak? salam, -- medwinz ======================= http://medwinz.blogspot.com http://medwinz.blogsome.com openSUSE member openSUSE Weekly News Team ______________________________________________ --- Info Milis : http://opensuse.or.id/milis Keluar dari Milis : Kirim email ke [email protected] Manajemen Keanggotaan : http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
# WELCOME TO SQUID 2.6.STABLE14 # ---------------------------- # # This is the default Squid configuration file. You may wish # to look at the Squid home page (http://www.squid-cache.org/) # for the FAQ and other documentation. # # The default Squid config file shows what the defaults for # various options happen to be. If you don't need to change the # default, you shouldn't uncomment the line. Doing so may cause # run-time problems. In some cases "none" refers to no default # setting at all, while in other cases it refers to a valid # option - the comments for that keyword indicate if this is the # case. # # NETWORK OPTIONS # ----------------------------------------------------------------------------- # Squid normally listens to port 3128 http_port 172.16.0.8:3128 # TAG: hierarchy_stoplist # A list of words which, if found in a URL, cause the object to # be handled directly by this cache. In other words, use this # to not query neighbor caches for certain objects. You may # list this option multiple times. Note: never_direct overrides # this option. #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # TAG: cache # A list of ACL elements which, if matched, cause the request to # not be satisfied from the cache and the reply to not be cached. # In other words, use this to force certain objects to never be cached. # # You must use the word 'DENY' to indicate the ACL names which should # NOT be cached. # # Default is to allow all to be cached #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? cache deny QUERY # TAG: broken_vary_encoding # Many servers have broken support for on-the-fly Content-Encoding, # returning the same ETag on both plain and gzip:ed variants. # Vary replies matching this access list will have the cache split # on the Accept-Encoding header of the request and not trusting the # ETag to be unique. # # Apache mod_gzip and mod_deflate known to be broken so don't trust # Apache to signal ETag correctly on such responses acl apache rep_header Server ^Apache broken_vary_encoding allow apache # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) #Default: # cache_mem 8 MB cache_mem 128 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) #Default: # cache_swap_low 90 # cache_swap_high 95 cache_swap_low 80 cache_swap_high 100 # TAG: maximum_object_size (bytes) #Default: # maximum_object_size 4096 KB maximum_object_size 1024 KB # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- #Default: # cache_dir ufs /var/cache/squid 100 16 256 #cache_dir ufs /var/cache/squid 3000 7 256 cache_dir ufs /var/cache/squid 6000 14 256 # TAG: access_log # To log the request via syslog specify a filepath of "syslog" access_log /var/log/squid/access.log squid # TAG: cache_store_log #Default: # cache_store_log /var/log/squid/store.log cache_store_log none # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- #Recommended minimum configuration per scheme: #auth_param negotiate program <uncomment and complete this line to activate> #auth_param negotiate children 5 #auth_param negotiate keep_alive on #auth_param ntlm program <uncomment and complete this line to activate> #auth_param ntlm children 5 #auth_param ntlm keep_alive on #auth_param digest program <uncomment and complete this line> #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 #auth_param basic program <uncomment and complete this line> #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours #auth_param basic casesensitive off auth_param basic program /usr/sbin/squid_ldap_auth -R -b "dc=example,dc=co,dc=id" -f "(&(sAMAccountName=%s)(objectClass=Person))" -D "cn=lookup,ou=services,dc=example,dc=co,dc=id" -w "lookup" -h 172.16.0.7 auth_param basic children 15 auth_param basic realm Web-Proxy auth_param basic credentialsttl 5 minute auth_param basic casesensitive off # TAG: external_acl_type #Default: # none external_acl_type InetGroup children=3 %LOGIN /usr/sbin/squid_ldap_group -R -b "dc=example,dc=co,dc=id" -D "cn=lookup,ou=services,dc=example,dc=co,dc=id" -w "lookup" -f "(&(sAMAccountName=%v)(objectclass=Person)(memberof=cn=%a,ou=services,dc=example,dc=co,dc=id))" -h 172.16.0.7 # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # TIMEOUTS # ----------------------------------------------------------------------------- # TAG: half_closed_clients #Default: # half_closed_clients on half_closed_clients off # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: acl # Defining an Access List #Examples: #acl macaddress arp 09:00:2b:23:45:67 #acl myexample dst_as 1241 #acl password proxy_auth REQUIRED #acl fileupload req_mime_type -i ^multipart/form-data$ #acl javascript rep_mime_type -i ^application/x-javascript$ # #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl mail dst 172.16.0.1 ## Pidgin Connection Ports acl SSL_ports port 1863 # MSN Messenger (Pidgin) acl SSL_ports port 5050 # Yahoo Messenger (Pidgin) ## Yahoo Messenger Ports acl Safe_ports port 20 23 25 80 119 5050 8001 8002 # yahoo messenger Basic Connection (TCP or HTTP) acl Safe_ports port 80 # yahoo messenger File Transfer Connection (HTTP) acl Safe_ports port 5000-5010 # yahoo messenger Voice Chat Connection (UDP or TCP) ## Gmail SSL Ports acl SSL_ports port 995 # pop acl SSL_ports port 465 # smtp acl Safe_ports port 995 # pop acl Safe_ports port 465 # smtp ## Additional Ports acl Safe_ports port 25 # smtp acl Safe_ports port 110 # pop acl Safe_ports port 143 # imap acl SSL_ports port 7071 # zimbra acl SSL_ports port 446 # openfiler acl Safe_ports port 446 # openfiler acl Safe_ports port 3268 # zimbra GAL ## KlikBCA Business acl Safe_ports port 10000 acl Safe_ports port 4500 acl Safe_ports port 500 acl allowedIPAddr src "/etc/squid/allowedIPAddr" acl internalLAN-SIER dst 172.16.0.0/16 acl inetAccess external InetGroup InternetAccessGroup acl PDC-LAN1 arp 00:0d:60:16:29:c3 acl allowedMACAddr arp "/etc/squid/allowedMACAddr" acl blockedURL dstdomain "/etc/squid/blockedURL" acl blockedFiles urlpath_regex "/etc/squid/blockedFiles" acl allowedURL dstdomain "/etc/squid/allowedURL" acl nonWorkHours time S M T W H F A 16:00-23:55 # TAG: http_access # Allowing or Denying access based on defined access lists #Default: # http_access deny all # #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks http_access allow localhost #http_access deny blockMACAddr http_access allow internalLAN-SIER http_access allow mail http_access allow PDC-LAN1 http_access deny blockedURL http_access deny blockedFiles http_access allow allowedIPAddr allowedMACAddr allowedURL nonWorkHours inetAccess http_access allow allowedIPAddr allowedMACAddr inetAccess # And finally deny all other access to this proxy http_access deny all # TAG: icp_access # Allowing or Denying access to the ICP port based on defined # access lists #Default: # icp_access deny all # #Allow ICP queries from everyone icp_access allow all # MISCELLANEOUS # ----------------------------------------------------------------------------- # TAG: coredump_dir #Default: # coredump_dir none # # Leave coredumps in the first cache dir coredump_dir /var/cache/squid
______________________________________________ --- Info Milis : http://opensuse.or.id/milis Keluar dari Milis : Kirim email ke [email protected] Manajemen Keanggotaan : http://lists.opensuse-id.org/listinfo.cgi/milis-opensuse-id.org
