sorry this is the msg : ======== ERROR The requested URL could not be retrieved
While trying to retrieve the URL: http://riset.gpi-g.com/ The following error was encountered: * Connection to 202.169.51.119 Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is [EMAIL PROTECTED] ====== On Fri, Sep 26, 2008 at 10:28 AM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ <[EMAIL PROTECTED]> wrote: > from http://amyhost.com/data/1.jpg > and ... > #logformat squid %>a [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh > http_port 2210 transparent > icp_port 3130 > snmp_port 3401 > cache_mgr admin > emulate_httpd_log off > #cache_peer ip.sumber.squid parent 3128 3130 proxy-only > #cache_peer ip.yang.numpang sibling 3128 3130 proxy-only > #cache_peer 192.168.1.253 sibling 2210 3130 proxy-only > #cache_peer it.gpi-g.com parent 2210 0 no-query default > #cache_peer 202.169.51.119 parent 2210 0 no-query no-digest > no-netdb-exchange default > #cache_peer 125.160.0.0/255.255.0.0 sibling 2210 3130 proxy-only > #cache_peer 202.182.0.0/255.255.0.0 sibling 2210 3130 proxy-only > #cache_peer 203.128.72.226/255.255.255.255 sibling 2210 3130 proxy-only > cache_replacement_policy heap LFUDA > maximum_object_size_in_memory 50 KB > maximum_object_size 50 MB > #minimum_object_size 1 KB > > dead_peer_timeout 10 seconds > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > visible_hostname gpi-g.com > cache_mem 5 MB > memory_pools off > log_icp_queries on > buffered_logs on > quick_abort_min 0 KB > quick_abort_max 0 KB > quick_abort_pct 95 > > #never_direct allow all > > cache_swap_low 70% > cache_swap_high 90% > #cache_dir aufs /var/spool/squid 40000 16 256 > cache_dir aufs /var/spool/squid 4000 16 256 > cache_dir aufs /var/spool/squid1 4000 16 256 > cache_dir aufs /var/spool/squid2 4000 16 256 > cache_dir aufs /var/spool/squid3 4000 16 256 > > #cache_dir diskd /var/spool/squid 4800 8 64 max-size=-1 Q1=64 Q2=72 > > cache_access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > cache_store_log /var/log/squid/store.log > pid_filename /var/run/squid.pid > > forwarded_for on > > half_closed_clients off > cache_effective_user proxy > cache_effective_group proxy > cache_mgr [EMAIL PROTECTED] > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > acl website dstdomain "/etc/website" > acl domain dstdomain .gpi-g.com > acl gator dstdomain .gator.com > acl gohip dstdomain .gohip.com > acl kazaa dstdomain .kazaa.com > acl real dstdomain .real.com > acl pornsite url_regex 220.73.222.254 > acl LAN src 192.168.222.0/255.255.255.0 > acl LAN3 src 192.168.0.0/255.255.0.0 > acl LAN2 src 172.16.0.0/255.255.0.0 > acl NOC src 125.160.0.0/255.255.0.0 > #acl GPI src 202.169.51.0/255.255.255.0 > acl snmpcommunity snmp_community nama_snmpcommunity > acl all src 0.0.0.0/0.0.0.0 > #acl IIX dst_as 7597 > #always_direct allow IIX > acl manager proto cache_object > acl localhost src 127.0.0.1 > acl SSL_ports port 443 563 > acl Safe_ports port 21 80 81 53 143 2443 443 563 70 210 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT > > #acl INSIDE dstdomain .it.gpi-g.com > #always_direct allow INSIDE > #never_direct allow all > > #acl INSIDE_IP dst 172.16.0.2 > #always_direct allow INSIDE_IP > #never_direct allow all > > #header_access User-Agent deny all > #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha) > #follow_x_forwarded_for allow localhost > #log_uses_indirect_client on > #acl_uses_indirect_client on > #delay_pool_uses_indirect_client on > acl acceleratedHost dst 202.169.51.0/255.255.255.0 > acl acceleratedPort port 2210 > #httpd_accel_single_host off > > http_access allow manager localhost LAN LAN3 > http_access deny !Safe_ports > http_access deny pornsite > http_access deny CONNECT !SSL_ports > snmp_access allow snmpcommunity > > http_access deny website > http_access deny gator > http_access deny gohip > http_access deny real > http_access deny kazaa > http_access allow domain > > > http_access allow LAN > http_access allow LAN3 > http_access allow LAN2 > http_access allow NOC > #http_access allow GPI > http_access allow localhost > http_access allow acceleratedHost > http_access deny all > snmp_access deny all > > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > cachemgr_passwd nasigoreng manager > negative_ttl 1 minutes > > #### > #acl local-host src 192.168.222.2 > #acl my_other_proxy src 192.168.222.2 > #follow_x_forwarded_for allow local-host > #follow_x_forwarded_for allow my_other_proxy > #acl_uses_indirect_client on > #delay_pool_uses_indirect_client on > #log_uses_indirect_client on > > > === > with rc.local : > echo "1" > /proc/sys/net/ipv4/ip_forward > /etc/init.d/networking restart > #----------------------------------------------------- > # eth0 = WAN1 = 202.169.51.119 > # eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER - > sementara simulai hanya mailserver ) > # eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER - sementara di > simulai PROXY SERVER = CLIENT ) > #------------------------------------------------------ > > # Tukang sapu > /sbin/iptables --flush > /sbin/iptables --table nat --flush > /sbin/iptables --delete-chain > /sbin/iptables --table nat --delete-chain > /sbin/iptables -F -t nat > > # masqurade > /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 > -j MASQUERADE > /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT > > # Jembatan gantung DMZ <=> LAN > iptables -A FORWARD -i eth2 -o eth1 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth1 -o eth2 -m state --state > ESTABLISHED,RELATED -j ACCEPT > > # Jembatan gantung DMZ <=> Mail Server & Webserver > iptables -A FORWARD -i eth1 -o eth0 -m state --state > ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth1 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > # Jembatan gantung WAN1 <=> LAN > iptables -A FORWARD -i eth2 -o eth0 -m state --state > ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o eth2 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > ## Forward port 25 ke mail server > #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d > 202.169.51.119 --dport 25 -j DNAT --to-destination 172.16.0.2 > > ## Forward port 80 ke mail server > #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d > 202.169.51.119 --dport 80 -j DNAT --to-destination 172.16.0.2 > > ## Forward port 80 ke HRD > #iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.120 > --dport 80 -j DNAT --to-destination 172.16.0.4 > > > > #### TEST > iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.119 -j DNAT > --to-destination 172.16.0.2 > #iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.120 -j DNAT > --to-destination 172.16.0.4 > ######## > > > ## Forward port 110 ke mail server > #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d > 202.169.51.119 --dport 110 -j DNAT --to-destination 172.16.0.2 > > ## Forward port 2810 ke mail server > #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d > 202.169.51.119 --dport 2810 -j DNAT --to-destination 172.16.0.2 > #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d > 202.169.51.119 --dport 4810 -j DNAT --to-destination 172.16.0.3 > > > ## REDIRECT > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 8080 > > #transparant proxy - WARNING INI SEMENTARA - LIHAT eth2 > /sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp -s > 192.168.222.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.222.2:2210 > ======================================= > > problem : > i cant browse domain that hosted at webserver ( 172.16.0.3 - at the > picture that is wrong ip - the correct one is 172.16.0.3 ) > > how to solved this > > access denied > > -- > -=-=-=-= > -- -=-=-=-=
