date:20101125

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik olanuxer bima

On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote:
 Kayak nya udah bener, coba troubleshooting lagi, untuk iptables lihat
 iptables -L (melihat rule yang aktif)


cuma muncul ini :
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


 iptbales-save (save rule tanpa reboot)
 iptables -F (hapus semua rule)
 untuk proxy squid lihat lihat file log nya
 tailf /var/log/squid/cache.log
 tailf /var/log/squid/access.log

semua di denied, meskipun kalau ping tetap reply
1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET
http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html
1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET
http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html
1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET
www.mirageinfraredheaters.com/detroit - NONE/- text/html
1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET
www.mirageinfraredheaters.com/detroit - NONE/- text/html



-- 
Muh. Olan Wardiansyah
http://ilalangmbojo.blogspot.com

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik alfa alfa

On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote:

 On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com
 wrote:
 Mohon Bantuannya
 saya punya settingan squid seperti di bawah ini :

 WELCOME TO SQUID 2.7.STABLE3

 #port
 http_port 3128 transparent
 icp_port 3130
 prefer_direct off

 #
 # Cache  Object
 #
 cache_mem 16 MB
 cache_swap_low 98
 cache_swap_high 99
 max_filedesc 8192
 maximum_object_size 1024 MB
 minimum_object_size 0 KB
 maximum_object_size_in_memory 4 bytes
 ipcache_size 4096
 ipcache_low 98
 ipcache_high 99
 fqdncache_size 4096

 cache_replacement_policy heap LFUDA
 memory_replacement_policy heap GDSF


 ###
 # cache_dir type Directory-Name Space in Mbytes Level1
 Level2 options

 #

 #
 # Cache  Object
 #
 cache_mem 16
 MB
 cache_dir aufs /home/proxy1 3000 32 128
 cache_dir aufs /home/proxy2 3000 32 128
 cache_dir aufs /home/proxy3 3000 32 128
 cache_access_log /var/log/squid/access.log
 cache_log /var/log/squid/cache.log
 cache_store_log none
 pid_filename /var/run/squid.pid
 cache_swap_log /var/log/squid/swap.state
 dns_nameservers /etc/resolv.conf
 emulate_httpd_log off
 hosts_file /etc/hosts
 half_closed_clients off
 negative_ttl 1 minutes

 #
 # Rules: Safe Port
 #

 acl manager proto cache_object
 acl SSL_ports port 443 563 873
 acl Safe_ports port 80 # https snews rsync
 acl Safe_ports port 20 21 # http
 acl Safe_ports port 70 # ftp
 acl Safe_ports port 210 # gopher
 acl Safe_ports port 1025-65535 # wais
 acl Safe_ports port 631 # unregistered ports
 acl Safe_ports port 1 # cups
 acl Safe_ports port 901 # webmin
 acl Safe_ports port 280 # SWAT
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl Safe_ports port 873 # rsync
 acl Safe_ports port 110 # POP3
 acl Safe_ports port 25 # SMTP
 acl Safe_ports port 2095 2096 # webmail from cpanel
 acl Safe_ports port 2082 2083 # cpanel

 acl purge method PURGE
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access allow purge localhost
 http_access deny purge
 http_access deny !Safe_ports !SSL_ports
 http_access deny CONNECT !SSL_ports !Safe_ports

 #
 # Refresh Pattern
 #
 refresh_pattern ^ftp:                   1440    20%     10080
 refresh_pattern ^gopher:                1440    0%      1440

 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$
 43200 90% 432000 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
 refresh_pattern .                       0       20%     4320

 #
 cache_mem 16 MB

 #
 # HAVP + Clamav
 #
 cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange
 default
 cache_peer 192.168.1.1 parent 3128 3130
 #
 # HIERARCHY (BYPASS CGI)
 #
 #hierarchy_stoplist cgi-bin ? .js .jsp
 #acl QUERY urlpath_regex cgi-bin \? .js .jsp
 #no_cache deny QUERY
 #
 # SNMP
 #
 snmp_port 3401
 acl snmpsquid snmp_community public
 snmp_access allow snmpsquid localhost
 snmp_access deny all
 #
 # ALLOWED ACCESS
 #
 acl server src 192.168.1.0/24
 http_access allow server
 http_access allow localhost
 http_access deny all
 http_reply_access allow all
 icp_access allow server
 icp_access allow localhost
 icp_access deny all
 # always_direct deny all

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik alfa alfa

2010/11/25 Rumy Taulu rumy...@gmail.com:
 On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote:

 1. Benarkah settingan squid saya di atas?

 Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi
 secara manual di browser setting?
 Kalau iya, berarti yang tidak beres adalah setting iptables anda.

 2. Settingan iptables saya
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
 iptables -A PREROUTING -t nat -p tcp  --dport 80 -j REDIRECT --to-port
 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua
 komputer tidak bisa mengakses situs, namun ketika melakukan ping ke
 google di reply.
 mohon bantuan tentang rule iptables yang benar.

 Coba jalankan iptables/firewall anda tanpa setting transparent proxy,
 apakah berjalan dengan baik?
 Gabungkan dengan test squid diatas.

 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot komputer?

 Buat bash script dan masukan iptables rule nya disitu, jangan lupa
 chmod +x script tsb

 --
 rumy

 --



terima kasih juga untuk Pak Rumy, saya belum paham dengan petunjuknya tentang
test tanpa iptables, apakah proxy bisa digunakan seandainya diisi
secara manual di browser setting

jika dijalankan tanpa iptables -A PREROUTING -t nat -p tcp  --dport 80
-j REDIRECT --to-port
3128 , tidak masalah untuk mengakses situs

--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik kurniadi


On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com
wrote:
 On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id
wrote:

 On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com
 wrote:
 Mohon Bantuannya
 saya punya settingan squid seperti di bawah ini :

 WELCOME TO SQUID 2.7.STABLE3

 #port
 http_port 3128 transparent
 icp_port 3130
 prefer_direct off

 #
 # Cache  Object
 #
 cache_mem 16 MB
 cache_swap_low 98
 cache_swap_high 99
 max_filedesc 8192
 maximum_object_size 1024 MB
 minimum_object_size 0 KB
 maximum_object_size_in_memory 4 bytes
 ipcache_size 4096
 ipcache_low 98
 ipcache_high 99
 fqdncache_size 4096

 cache_replacement_policy heap LFUDA
 memory_replacement_policy heap GDSF



###
 # cache_dir type Directory-Name Space in Mbytes Level1
 Level2 options


#

 #
 # Cache  Object
 #
 cache_mem 16
 MB
 cache_dir aufs /home/proxy1 3000 32 128
 cache_dir aufs /home/proxy2 3000 32 128
 cache_dir aufs /home/proxy3 3000 32 128
 cache_access_log /var/log/squid/access.log
 cache_log /var/log/squid/cache.log
 cache_store_log none
 pid_filename /var/run/squid.pid
 cache_swap_log /var/log/squid/swap.state
 dns_nameservers /etc/resolv.conf
 emulate_httpd_log off
 hosts_file /etc/hosts
 half_closed_clients off
 negative_ttl 1 minutes

 #
 # Rules: Safe Port
 #

 acl manager proto cache_object
 acl SSL_ports port 443 563 873
 acl Safe_ports port 80 # https snews rsync
 acl Safe_ports port 20 21 # http
 acl Safe_ports port 70 # ftp
 acl Safe_ports port 210 # gopher
 acl Safe_ports port 1025-65535 # wais
 acl Safe_ports port 631 # unregistered ports
 acl Safe_ports port 1 # cups
 acl Safe_ports port 901 # webmin
 acl Safe_ports port 280 # SWAT
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl Safe_ports port 873 # rsync
 acl Safe_ports port 110 # POP3
 acl Safe_ports port 25 # SMTP
 acl Safe_ports port 2095 2096 # webmail from cpanel
 acl Safe_ports port 2082 2083 # cpanel

 acl purge method PURGE
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access allow purge localhost
 http_access deny purge
 http_access deny !Safe_ports !SSL_ports
 http_access deny CONNECT !SSL_ports !Safe_ports

 #
 # Refresh Pattern
 #
 refresh_pattern ^ftp:                   1440    20%     10080
 refresh_pattern ^gopher:                1440    0%      1440

 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$
 43200 90% 432000 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
 refresh_pattern .                       0       20%     4320

 #
 cache_mem 16 MB

 #
 # HAVP + Clamav
 #
 cache_peer 127.0.0.1 parent 8080 0 no-query no-digest
no-netdb-exchange
 default
 cache_peer 192.168.1.1 parent 3128 3130
 #
 # HIERARCHY (BYPASS CGI)
 #
 #hierarchy_stoplist cgi-bin ? .js .jsp
 #acl QUERY urlpath_regex cgi-bin \? .js .jsp
 #no_cache deny QUERY
 #
 # SNMP
 #
 snmp_port 3401
 acl snmpsquid snmp_community public
 snmp_access allow snmpsquid localhost
 snmp_access deny all
 #
 # ALLOWED ACCESS
 #
 acl server src 192.168.1.0/24
 http_access allow server
 http_access allow localhost
 http_access deny all
 http_reply_access allow all
 icp_access allow server

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik alfa alfa

2010/11/25 rahmat fuadi radhy.c...@gmail.com:

 On Nov 25, 2010, at 9:48 AM, Rumy Taulu wrote:

 On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote:

 1. Benarkah settingan squid saya di atas?

 Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi
 secara manual di browser setting?
 Kalau iya, berarti yang tidak beres adalah setting iptables anda.

 2. Settingan iptables saya
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
 iptables -A PREROUTING -t nat -p tcp  --dport 80 -j REDIRECT --to-port
 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua
 komputer tidak bisa mengakses situs, namun ketika melakukan ping ke
 google di reply.
 mohon bantuan tentang rule iptables yang benar.

 Coba jalankan iptables/firewall anda tanpa setting transparent proxy,
 apakah berjalan dengan baik?
 Gabungkan dengan test squid diatas.

 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot komputer?

 Buat bash script dan masukan iptables rule nya disitu, jangan lupa
 chmod +x script tsb

 
 coba pake rule iptables seperti ini
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUEADE
 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 
 3128
 example eth0 = interface ke internet
                eth1 = interface local (client)
 --


sudah saya coba menggunakan rule ini, tetap memblok semua situs,
tetapi ping  ke salah satu situs tetap di replay

--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik Rumy Taulu

2010/11/25 alfa alfa alfa.ping...@gmail.com:
 terima kasih juga untuk Pak Rumy, saya belum paham dengan petunjuknya tentang
 test tanpa iptables, apakah proxy bisa digunakan seandainya diisi
 secara manual di browser setting

Tentu saja bisa, karena basically proxy dipakai dengan memasukkannya
secara manual di browser setting.
Maksud saya di coba demikian supaya kita yakin bahwa proxy berjalan dengan baik,

 jika dijalankan tanpa iptables -A PREROUTING -t nat -p tcp  --dport 80
 -j REDIRECT --to-port
 3128 , tidak masalah untuk mengakses situs

Kalau ini berjalan dengan baik, dan test proxy langsung (tanpa rule
transparent proxy) berhasil, berarti yang salah adalah rule
transparent proxy di iptables anda, coba lihat contoh yang diberikan
rekan-rekan lain.

--
rumy

--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

[tanya-jawab] gagal update SVN

2010-11-25 Terurut Topik mu'ammal hamidy

koman...@aurel:~/HACK/framework-3.2$ sudo svn update
[sudo] password for komandan:
svn: OPTIONS of
'https://metasploit.com/svn/framework3/branches/framework-3.2': SSL
handshake failed: Secure connection truncated (https://metasploit.com)

tolong dong mau update exploit kok gagal malah seperti ini, maksudnya
apa yaa...
-- 
 LIfE gOoD 

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] gagal update SVN

2010-11-25 Terurut Topik Rumy Taulu

On Fri, Nov 26, 2010 at 12:27 AM, mu'ammal hamidy
muammalham...@gmail.com wrote:
 koman...@aurel:~/HACK/framework-3.2$ sudo svn update
 [sudo] password for komandan:
 svn: OPTIONS of
 'https://metasploit.com/svn/framework3/branches/framework-3.2': SSL
 handshake failed: Secure connection truncated (https://metasploit.com)

 tolong dong mau update exploit kok gagal malah seperti ini, maksudnya
 apa yaa...
 --

Duh .. yang hacker :p
(1) Mungkin ada masalah dengan paket SSL yang diinstall, update paket
SSL mungkin bisa jadi solusi
 Di svn forum masalah ini pernah ditanyakan, solusi: update/ganti paket,
 Begitu juga di forum ubuntu: masalah selesai sesudah update/upgrade
(2) Sudah periksa firewall rule anda?

--
rumy

-- 
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik Nyoman [D]

Hello alfa,

Thursday, November 25, 2010, 10:26:41 PM, you wrote:

 2010/11/25 rahmat fuadi radhy.c...@gmail.com:

 On Nov 25, 2010, at 9:48 AM, Rumy Taulu wrote:

 On Wed, Nov 24, 2010 at 8:27 AM, alfa alfa alfa.ping...@gmail.com wrote:

 1. Benarkah settingan squid saya di atas?

 Coba test tanpa iptables, apakah proxy bisa digunakan seandainya diisi
 secara manual di browser setting?
 Kalau iya, berarti yang tidak beres adalah setting iptables anda.

 2. Settingan iptables saya
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
 iptables -A PREROUTING -t nat -p tcp  --dport 80 -j REDIRECT --to-port
 3128 (untuk transparent) == tetapi ketika menggunakan ini, semua
 komputer tidak bisa mengakses situs, namun ketika melakukan ping ke
 google di reply.
 mohon bantuan tentang rule iptables yang benar.

 Coba jalankan iptables/firewall anda tanpa setting transparent proxy,
 apakah berjalan dengan baik?
 Gabungkan dengan test squid diatas.

 3.Bagaimana cara merestart rc.local/iptables tanpa harus me reboot 
 komputer?

 Buat bash script dan masukan iptables rule nya disitu, jangan lupa
 chmod +x script tsb

 
 coba pake rule iptables seperti ini
 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUEADE
 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT 
 --to-port 3128
 example eth0 = interface ke internet
                eth1 = interface local (client)
 --


 sudah saya coba menggunakan rule ini, tetap memblok semua situs,
 tetapi ping  ke salah satu situs tetap di replay


memblock ke semua situs ??
Bisa  diperjelas  lagi  pak?  bila  perlu  paste error yang ada/muncul
dibrowser ke sini


-- 
Best regards,
 Nyomanmailto:nyo...@royalperspective.com


pgpMHhKGb8C1H.pgp
Description: PGP signature

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik Nyoman [D]

Hello alfa,

Thursday, November 25, 2010, 10:11:04 PM, you wrote:

 On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote:

 On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com
 wrote:
 Mohon Bantuannya
 saya punya settingan squid seperti di bawah ini :

 WELCOME TO SQUID 2.7.STABLE3

 #port
 http_port 3128 transparent
 icp_port 3130
 prefer_direct off

 #
 # Cache  Object
 #
 cache_mem 16 MB
 cache_swap_low 98
 cache_swap_high 99
 max_filedesc 8192
 maximum_object_size 1024 MB
 minimum_object_size 0 KB
 maximum_object_size_in_memory 4 bytes
 ipcache_size 4096
 ipcache_low 98
 ipcache_high 99
 fqdncache_size 4096

 cache_replacement_policy heap LFUDA
 memory_replacement_policy heap GDSF


 ###
 # cache_dir type Directory-Name Space in Mbytes Level1
 Level2 options

 #

 #
 # Cache  Object
 #
 cache_mem 16
 MB
 cache_dir aufs /home/proxy1 3000 32 128
 cache_dir aufs /home/proxy2 3000 32 128
 cache_dir aufs /home/proxy3 3000 32 128
 cache_access_log /var/log/squid/access.log
 cache_log /var/log/squid/cache.log
 cache_store_log none
 pid_filename /var/run/squid.pid
 cache_swap_log /var/log/squid/swap.state
 dns_nameservers /etc/resolv.conf
 emulate_httpd_log off
 hosts_file /etc/hosts
 half_closed_clients off
 negative_ttl 1 minutes

 #
 # Rules: Safe Port
 #

 acl manager proto cache_object
 acl SSL_ports port 443 563 873
 acl Safe_ports port 80 # https snews rsync
 acl Safe_ports port 20 21 # http
 acl Safe_ports port 70 # ftp
 acl Safe_ports port 210 # gopher
 acl Safe_ports port 1025-65535 # wais
 acl Safe_ports port 631 # unregistered ports
 acl Safe_ports port 1 # cups
 acl Safe_ports port 901 # webmin
 acl Safe_ports port 280 # SWAT
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl Safe_ports port 873 # rsync
 acl Safe_ports port 110 # POP3
 acl Safe_ports port 25 # SMTP
 acl Safe_ports port 2095 2096 # webmail from cpanel
 acl Safe_ports port 2082 2083 # cpanel

 acl purge method PURGE
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access allow purge localhost
 http_access deny purge
 http_access deny !Safe_ports !SSL_ports
 http_access deny CONNECT !SSL_ports !Safe_ports

 #
 # Refresh Pattern
 #
 refresh_pattern ^ftp:                   1440    20%     10080
 refresh_pattern ^gopher:                1440    0%      1440

 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$
 43200 90% 432000 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
 refresh_pattern .                       0       20%     4320

 #
 cache_mem 16 MB

 #
 # HAVP + Clamav
 #
 cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange
 default
 cache_peer 192.168.1.1 parent 3128 3130
 #
 # HIERARCHY (BYPASS CGI)
 #
 #hierarchy_stoplist cgi-bin ? .js .jsp
 #acl QUERY urlpath_regex cgi-bin \? .js .jsp
 #no_cache deny QUERY
 #
 # SNMP
 #
 snmp_port 3401
 acl snmpsquid snmp_community public
 snmp_access allow snmpsquid localhost
 snmp_access deny all
 #
 # ALLOWED ACCESS
 #
 acl server src 192.168.1.0/24
 http_access allow server
 http_access allow localhost
 http_access deny all
 http_reply_access allow all
 icp_access allow server
 icp_access

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik Nyoman [D]

Hello olanuxer,

Thursday, November 25, 2010, 10:00:35 PM, you wrote:

 On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id wrote:
 Kayak nya udah bener, coba troubleshooting lagi, untuk iptables lihat
 iptables -L (melihat rule yang aktif)


 cuma muncul ini :
 Chain INPUT (policy ACCEPT)
 target prot opt source   destination

 Chain FORWARD (policy ACCEPT)
 target prot opt source   destination

 Chain OUTPUT (policy ACCEPT)
 target prot opt source   destination


 iptbales-save (save rule tanpa reboot)
 iptables -F (hapus semua rule)
 untuk proxy squid lihat lihat file log nya
 tailf /var/log/squid/cache.log
 tailf /var/log/squid/access.log

 semua di denied, meskipun kalau ping tetap reply
 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET
 http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html
 1290693104.936388 89.212.180.105 TCP_DENIED/403 1522 GET
 http://www.najsplet.com/proxy1A/1/engine.php - NONE/- text/html
 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET
 www.mirageinfraredheaters.com/detroit - NONE/- text/html
 1290693109.416238 24.177.120.142 TCP_DENIED/400 1631 GET
 www.mirageinfraredheaters.com/detroit - NONE/- text/html



 -- 
 Muh. Olan Wardiansyah
 http://ilalangmbojo.blogspot.com


Kalau dari log itu tampak IP yang access squid bapak dari IP internet,
bukan  ip  lokal...  jadi wajar saja kalau seperti itu.. artinya proxy
bapak tidak open proxy...

Tetapi  kalau memang tujuannya mau bikin open proxy silahkan dicomment
bagian http_access deny all

-- 
Best regards,
Nyoman [D]
e: nyo...@royalperspective.com
y: nyoman76
m: +628124681797
p: +62361764082#506


pgp3lyga1EOKc.pgp
Description: PGP signature

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik dodi.andika

maaf...
kok saya liat di konfigurasi squid-nya enggak ada acl aloow ke local
network yah???
apa saya salah??

On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com
wrote:
 On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id
wrote:

 On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com
 wrote:
 Mohon Bantuannya
 saya punya settingan squid seperti di bawah ini :

 WELCOME TO SQUID 2.7.STABLE3

 #port
 http_port 3128 transparent
 icp_port 3130
 prefer_direct off

 #
 # Cache  Object
 #
 cache_mem 16 MB
 cache_swap_low 98
 cache_swap_high 99
 max_filedesc 8192
 maximum_object_size 1024 MB
 minimum_object_size 0 KB
 maximum_object_size_in_memory 4 bytes
 ipcache_size 4096
 ipcache_low 98
 ipcache_high 99
 fqdncache_size 4096

 cache_replacement_policy heap LFUDA
 memory_replacement_policy heap GDSF



###
 # cache_dir type Directory-Name Space in Mbytes Level1
 Level2 options


#

 #
 # Cache  Object
 #
 cache_mem 16
 MB
 cache_dir aufs /home/proxy1 3000 32 128
 cache_dir aufs /home/proxy2 3000 32 128
 cache_dir aufs /home/proxy3 3000 32 128
 cache_access_log /var/log/squid/access.log
 cache_log /var/log/squid/cache.log
 cache_store_log none
 pid_filename /var/run/squid.pid
 cache_swap_log /var/log/squid/swap.state
 dns_nameservers /etc/resolv.conf
 emulate_httpd_log off
 hosts_file /etc/hosts
 half_closed_clients off
 negative_ttl 1 minutes

 #
 # Rules: Safe Port
 #

 acl manager proto cache_object
 acl SSL_ports port 443 563 873
 acl Safe_ports port 80 # https snews rsync
 acl Safe_ports port 20 21 # http
 acl Safe_ports port 70 # ftp
 acl Safe_ports port 210 # gopher
 acl Safe_ports port 1025-65535 # wais
 acl Safe_ports port 631 # unregistered ports
 acl Safe_ports port 1 # cups
 acl Safe_ports port 901 # webmin
 acl Safe_ports port 280 # SWAT
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl Safe_ports port 873 # rsync
 acl Safe_ports port 110 # POP3
 acl Safe_ports port 25 # SMTP
 acl Safe_ports port 2095 2096 # webmail from cpanel
 acl Safe_ports port 2082 2083 # cpanel

 acl purge method PURGE
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access allow purge localhost
 http_access deny purge
 http_access deny !Safe_ports !SSL_ports
 http_access deny CONNECT !SSL_ports !Safe_ports

 #
 # Refresh Pattern
 #
 refresh_pattern ^ftp:                   1440    20%     10080
 refresh_pattern ^gopher:                1440    0%      1440

 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$
 43200 90% 432000 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95%
 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
 refresh_pattern .                       0       20%     4320

 #
 cache_mem 16 MB

 #
 # HAVP + Clamav
 #
 cache_peer 127.0.0.1 parent 8080 0 no-query no-digest
no-netdb-exchange
 default
 cache_peer 192.168.1.1 parent 3128 3130
 #
 # HIERARCHY (BYPASS CGI)
 #
 #hierarchy_stoplist cgi-bin ? .js .jsp
 #acl QUERY urlpath_regex cgi-bin \? .js .jsp
 #no_cache deny QUERY
 #
 # SNMP
 #
 snmp_port 3401
 acl snmpsquid snmp_community public
 snmp_access allow snmpsquid localhost
 snmp_access deny all
 #
 # ALLOWED ACCESS
 #
 acl server src 192.168.1.0/24
 http_access allow

Re: [tanya-jawab] bingung gak bisa transparent proxy

2010-11-25 Terurut Topik Joko Prasetya



- Original Message - 
From: dodi.and...@mactest.co.cc

To: tanya-jawab@linux.or.id
Sent: Friday, November 26, 2010 11:09 AM
Subject: Re: [tanya-jawab] bingung gak bisa transparent proxy



maaf...
kok saya liat di konfigurasi squid-nya enggak ada acl aloow ke local
network yah???
apa saya salah??

On Thu, 25 Nov 2010 22:11:04 +0800, alfa alfa alfa.ping...@gmail.com
wrote:

On Thu, Nov 25, 2010 at 9:34 AM, kurniadi kurni...@patrakom.co.id

wrote:


On Wed, 24 Nov 2010 08:27:10 +0800, alfa alfa alfa.ping...@gmail.com
wrote:

Mohon Bantuannya
saya punya settingan squid seperti di bawah ini :

WELCOME TO SQUID 2.7.STABLE3

#port
http_port 3128 transparent
icp_port 3130
prefer_direct off

#
# Cache  Object
#
cache_mem 16 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF





###

# cache_dir type Directory-Name Space in Mbytes Level1
Level2 options




#


#
# Cache  Object
#
cache_mem 16
MB
cache_dir aufs /home/proxy1 3000 32 128
cache_dir aufs /home/proxy2 3000 32 128
cache_dir aufs /home/proxy3 3000 32 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes

#
# Rules: Safe Port
#

acl manager proto cache_object
acl SSL_ports port 443 563 873
acl Safe_ports port 80 # https snews rsync
acl Safe_ports port 20 21 # http
acl Safe_ports port 70 # ftp
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 631 # unregistered ports
acl Safe_ports port 1 # cups
acl Safe_ports port 901 # webmin
acl Safe_ports port 280 # SWAT
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel

acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

#
# Refresh Pattern
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$
43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90%
43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95%
43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320

#
cache_mem 16 MB

#
# HAVP + Clamav
#
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest

no-netdb-exchange

default
cache_peer 192.168.1.1 parent 3128 3130
#
# HIERARCHY (BYPASS CGI)
#
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
#
# SNMP
#
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
#
# ALLOWED ACCESS
#
acl server src 192.168.1.0/24

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

[tanya-jawab] gagal update SVN

Re: [tanya-jawab] gagal update SVN

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

Re: [tanya-jawab] bingung gak bisa transparent proxy

13 matches

Site Navigation

Mail list logo

Footer information