Re: [tanya-jawab] bingung gak bisa transparent proxy
On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: Kayak nya udah bener, coba troubleshooting lagi, untuk iptables lihat iptables -L (melihat rule yang aktif) cuma muncul ini : Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptbales-save (save rule tanpa reboot) iptables -F (hapus semua rule) untuk proxy squid lihat lihat file log nya tailf /var/log/squid/cache.log tailf /var/log/squid/access.log semua di denied, meskipun kalau ping tetap reply 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET www.mirageinfraredheaters.com/detroit - NONE/- text/html 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET www.mirageinfraredheaters.com/detroit - NONE/- text/html -- Muh. Olan Wardiansyah http://ilalangmbojo.blogspot.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] bingung gak bisa transparent proxy
On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com wrote: Mohon Bantuannya saya punya settingan squid seperti di bawah ini : WELCOME TO SQUID 2.7.STABLE3 #port http_port 3128 transparent icp_port 3130 prefer_direct off # # Cache Object # cache_mem 16 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ### # cache_dir type Directory-Name Space in Mbytes Level1 Level2 options # # # Cache Object # cache_mem 16 MB cache_dir aufs /home/proxy1 3000 32 128 cache_dir aufs /home/proxy2 3000 32 128 cache_dir aufs /home/proxy3 3000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes # # Rules: Safe Port # acl manager proto cache_object acl SSL_ports port 443 563 873 acl Safe_ports port 80 # https snews rsync acl Safe_ports port 20 21 # http acl Safe_ports port 70 # ftp acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 631 # unregistered ports acl Safe_ports port 1 # cups acl Safe_ports port 901 # webmin acl Safe_ports port 280 # SWAT acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports # # Refresh Pattern # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 # cache_mem 16 MB # # HAVP + Clamav # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer 192.168.1.1 parent 3128 3130 # # HIERARCHY (BYPASS CGI) # #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY # # SNMP # snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all # # ALLOWED ACCESS # acl server src 192.168.1.0/24 http_access allow server http_access allow localhost http_access deny all http_reply_access allow all icp_access allow server icp_access allow localhost icp_access deny all # always_direct deny all
Re: [tanya-jawab] bingung gak bisa transparent proxy
2010/11/25 Rumy Taulu rumy...@gmail.com: On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote: 1. Benarkah settingan squid saya di atas? Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi secara manual di browser setting? Kalau iya, berarti yang tidak beres adalah setting iptables anda. 2. Settingan iptables saya iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua komputer tidak bisa mengakses situs, namun ketika melakukan ping ke google di reply. mohon bantuan tentang rule iptables yang benar. Coba jalankan iptables/firewall anda tanpa setting transparent proxy, apakah berjalan dengan baik? Gabungkan dengan test squid diatas. 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot komputer? Buat bash script dan masukan iptables rule nya disitu, jangan lupa chmod +x script tsb -- rumy -- terima kasih juga untuk Pak Rumy, saya belum paham dengan petunjuknya tentang test tanpa iptables, apakah proxy bisa digunakan seandainya diisi secara manual di browser setting jika dijalankan tanpa iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 , tidak masalah untuk mengakses situs -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] bingung gak bisa transparent proxy
On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com wrote: On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com wrote: Mohon Bantuannya saya punya settingan squid seperti di bawah ini : WELCOME TO SQUID 2.7.STABLE3 #port http_port 3128 transparent icp_port 3130 prefer_direct off # # Cache Object # cache_mem 16 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ### # cache_dir type Directory-Name Space in Mbytes Level1 Level2 options # # # Cache Object # cache_mem 16 MB cache_dir aufs /home/proxy1 3000 32 128 cache_dir aufs /home/proxy2 3000 32 128 cache_dir aufs /home/proxy3 3000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes # # Rules: Safe Port # acl manager proto cache_object acl SSL_ports port 443 563 873 acl Safe_ports port 80 # https snews rsync acl Safe_ports port 20 21 # http acl Safe_ports port 70 # ftp acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 631 # unregistered ports acl Safe_ports port 1 # cups acl Safe_ports port 901 # webmin acl Safe_ports port 280 # SWAT acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports # # Refresh Pattern # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 # cache_mem 16 MB # # HAVP + Clamav # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer 192.168.1.1 parent 3128 3130 # # HIERARCHY (BYPASS CGI) # #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY # # SNMP # snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all # # ALLOWED ACCESS # acl server src 192.168.1.0/24 http_access allow server http_access allow localhost http_access deny all http_reply_access allow all icp_access allow server
Re: [tanya-jawab] bingung gak bisa transparent proxy
2010/11/25 rahmat fuadi radhy.c...@gmail.com: On Nov 25, 2010, at 9:48 AM, Rumy Taulu wrote: On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote: 1. Benarkah settingan squid saya di atas? Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi secara manual di browser setting? Kalau iya, berarti yang tidak beres adalah setting iptables anda. 2. Settingan iptables saya iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua komputer tidak bisa mengakses situs, namun ketika melakukan ping ke google di reply. mohon bantuan tentang rule iptables yang benar. Coba jalankan iptables/firewall anda tanpa setting transparent proxy, apakah berjalan dengan baik? Gabungkan dengan test squid diatas. 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot komputer? Buat bash script dan masukan iptables rule nya disitu, jangan lupa chmod +x script tsb coba pake rule iptables seperti ini iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUEADE iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 example eth0 = interface ke internet eth1 = interface local (client) -- sudah saya coba menggunakan rule ini, tetap memblok semua situs, tetapi ping ke salah satu situs tetap di replay -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] bingung gak bisa transparent proxy
2010/11/25 alfa alfa alfa.ping...@gmail.com: terima kasih juga untuk Pak Rumy, saya belum paham dengan petunjuknya tentang test tanpa iptables, apakah proxy bisa digunakan seandainya diisi secara manual di browser setting Tentu saja bisa, karena basically proxy dipakai dengan memasukkannya secara manual di browser setting. Maksud saya di coba demikian supaya kita yakin bahwa proxy berjalan dengan baik, jika dijalankan tanpa iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 , tidak masalah untuk mengakses situs Kalau ini berjalan dengan baik, dan test proxy langsung (tanpa rule transparent proxy) berhasil, berarti yang salah adalah rule transparent proxy di iptables anda, coba lihat contoh yang diberikan rekan-rekan lain. -- rumy -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
[tanya-jawab] gagal update SVN
koman...@aurel:~/HACK/framework-3.2$ sudo svn update [sudo] password for komandan: svn: OPTIONS of 'https://metasploit.com/svn/framework3/branches/framework-3.2': SSL handshake failed: Secure connection truncated (https://metasploit.com) tolong dong mau update exploit kok gagal malah seperti ini, maksudnya apa yaa... -- LIfE gOoD -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] gagal update SVN
On Fri, Nov 26, 2010 at 12:27 AM, mu'ammal hamidy muammalham...@gmail.com wrote: koman...@aurel:~/HACK/framework-3.2$ sudo svn update [sudo] password for komandan: svn: OPTIONS of 'https://metasploit.com/svn/framework3/branches/framework-3.2': SSL handshake failed: Secure connection truncated (https://metasploit.com) tolong dong mau update exploit kok gagal malah seperti ini, maksudnya apa yaa... -- Duh .. yang hacker :p (1) Mungkin ada masalah dengan paket SSL yang diinstall, update paket SSL mungkin bisa jadi solusi Di svn forum masalah ini pernah ditanyakan, solusi: update/ganti paket, Begitu juga di forum ubuntu: masalah selesai sesudah update/upgrade (2) Sudah periksa firewall rule anda? -- rumy -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] bingung gak bisa transparent proxy
Hello alfa, Thursday, November 25, 2010, 10:26:41 PM, you wrote: 2010/11/25 rahmat fuadi radhy.c...@gmail.com: On Nov 25, 2010, at 9:48 AM, Rumy Taulu wrote: On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote: 1. Benarkah settingan squid saya di atas? Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi secara manual di browser setting? Kalau iya, berarti yang tidak beres adalah setting iptables anda. 2. Settingan iptables saya iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua komputer tidak bisa mengakses situs, namun ketika melakukan ping ke google di reply. mohon bantuan tentang rule iptables yang benar. Coba jalankan iptables/firewall anda tanpa setting transparent proxy, apakah berjalan dengan baik? Gabungkan dengan test squid diatas. 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot komputer? Buat bash script dan masukan iptables rule nya disitu, jangan lupa chmod +x script tsb coba pake rule iptables seperti ini iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUEADE iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 example eth0 = interface ke internet eth1 = interface local (client) -- sudah saya coba menggunakan rule ini, tetap memblok semua situs, tetapi ping ke salah satu situs tetap di replay memblock ke semua situs ?? Bisa diperjelas lagi pak? bila perlu paste error yang ada/muncul dibrowser ke sini -- Best regards, Nyomanmailto:nyo...@royalperspective.com pgpMHhKGb8C1H.pgp Description: PGP signature
Re: [tanya-jawab] bingung gak bisa transparent proxy
Hello alfa, Thursday, November 25, 2010, 10:11:04 PM, you wrote: On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com wrote: Mohon Bantuannya saya punya settingan squid seperti di bawah ini : WELCOME TO SQUID 2.7.STABLE3 #port http_port 3128 transparent icp_port 3130 prefer_direct off # # Cache Object # cache_mem 16 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ### # cache_dir type Directory-Name Space in Mbytes Level1 Level2 options # # # Cache Object # cache_mem 16 MB cache_dir aufs /home/proxy1 3000 32 128 cache_dir aufs /home/proxy2 3000 32 128 cache_dir aufs /home/proxy3 3000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes # # Rules: Safe Port # acl manager proto cache_object acl SSL_ports port 443 563 873 acl Safe_ports port 80 # https snews rsync acl Safe_ports port 20 21 # http acl Safe_ports port 70 # ftp acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 631 # unregistered ports acl Safe_ports port 1 # cups acl Safe_ports port 901 # webmin acl Safe_ports port 280 # SWAT acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports # # Refresh Pattern # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 # cache_mem 16 MB # # HAVP + Clamav # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer 192.168.1.1 parent 3128 3130 # # HIERARCHY (BYPASS CGI) # #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY # # SNMP # snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all # # ALLOWED ACCESS # acl server src 192.168.1.0/24 http_access allow server http_access allow localhost http_access deny all http_reply_access allow all icp_access allow server icp_access
Re: [tanya-jawab] bingung gak bisa transparent proxy
Hello olanuxer, Thursday, November 25, 2010, 10:00:35 PM, you wrote: On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: Kayak nya udah bener, coba troubleshooting lagi, untuk iptables lihat iptables -L (melihat rule yang aktif) cuma muncul ini : Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptbales-save (save rule tanpa reboot) iptables -F (hapus semua rule) untuk proxy squid lihat lihat file log nya tailf /var/log/squid/cache.log tailf /var/log/squid/access.log semua di denied, meskipun kalau ping tetap reply 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET www.mirageinfraredheaters.com/detroit - NONE/- text/html 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET www.mirageinfraredheaters.com/detroit - NONE/- text/html -- Muh. Olan Wardiansyah http://ilalangmbojo.blogspot.com Kalau dari log itu tampak IP yang access squid bapak dari IP internet, bukan ip lokal... jadi wajar saja kalau seperti itu.. artinya proxy bapak tidak open proxy... Tetapi kalau memang tujuannya mau bikin open proxy silahkan dicomment bagian http_access deny all -- Best regards, Nyoman [D] e: nyo...@royalperspective.com y: nyoman76 m: +628124681797 p: +62361764082#506 pgp3lyga1EOKc.pgp Description: PGP signature
Re: [tanya-jawab] bingung gak bisa transparent proxy
maaf... kok saya liat di konfigurasi squid-nya enggak ada acl aloow ke local network yah??? apa saya salah?? On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com wrote: On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com wrote: Mohon Bantuannya saya punya settingan squid seperti di bawah ini : WELCOME TO SQUID 2.7.STABLE3 #port http_port 3128 transparent icp_port 3130 prefer_direct off # # Cache Object # cache_mem 16 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ### # cache_dir type Directory-Name Space in Mbytes Level1 Level2 options # # # Cache Object # cache_mem 16 MB cache_dir aufs /home/proxy1 3000 32 128 cache_dir aufs /home/proxy2 3000 32 128 cache_dir aufs /home/proxy3 3000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes # # Rules: Safe Port # acl manager proto cache_object acl SSL_ports port 443 563 873 acl Safe_ports port 80 # https snews rsync acl Safe_ports port 20 21 # http acl Safe_ports port 70 # ftp acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 631 # unregistered ports acl Safe_ports port 1 # cups acl Safe_ports port 901 # webmin acl Safe_ports port 280 # SWAT acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports # # Refresh Pattern # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 # cache_mem 16 MB # # HAVP + Clamav # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer 192.168.1.1 parent 3128 3130 # # HIERARCHY (BYPASS CGI) # #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY # # SNMP # snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all # # ALLOWED ACCESS # acl server src 192.168.1.0/24 http_access allow
Re: [tanya-jawab] bingung gak bisa transparent proxy
- Original Message - From: dodi.and...@mactest.co.cc To: tanya-jawab@linux.or.id Sent: Friday, November 26, 2010 11:09 AM Subject: Re: [tanya-jawab] bingung gak bisa transparent proxy maaf... kok saya liat di konfigurasi squid-nya enggak ada acl aloow ke local network yah??? apa saya salah?? On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com wrote: On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote: On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com wrote: Mohon Bantuannya saya punya settingan squid seperti di bawah ini : WELCOME TO SQUID 2.7.STABLE3 #port http_port 3128 transparent icp_port 3130 prefer_direct off # # Cache Object # cache_mem 16 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ### # cache_dir type Directory-Name Space in Mbytes Level1 Level2 options # # # Cache Object # cache_mem 16 MB cache_dir aufs /home/proxy1 3000 32 128 cache_dir aufs /home/proxy2 3000 32 128 cache_dir aufs /home/proxy3 3000 32 128 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers /etc/resolv.conf emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes # # Rules: Safe Port # acl manager proto cache_object acl SSL_ports port 443 563 873 acl Safe_ports port 80 # https snews rsync acl Safe_ports port 20 21 # http acl Safe_ports port 70 # ftp acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 631 # unregistered ports acl Safe_ports port 1 # cups acl Safe_ports port 901 # webmin acl Safe_ports port 280 # SWAT acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 110 # POP3 acl Safe_ports port 25 # SMTP acl Safe_ports port 2095 2096 # webmail from cpanel acl Safe_ports port 2082 2083 # cpanel acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports !SSL_ports http_access deny CONNECT !SSL_ports !Safe_ports # # Refresh Pattern # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320 # cache_mem 16 MB # # HAVP + Clamav # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer 192.168.1.1 parent 3128 3130 # # HIERARCHY (BYPASS CGI) # #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY # # SNMP # snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all # # ALLOWED ACCESS # acl server src 192.168.1.0/24