[tanya-jawab] pr0blem ROUting pC-r0Uter ( irc + transparent )

<<--I.R.Harahap-Medan-->> Sun, 01 Aug 2004 11:49:07 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- 
---------------------------------------------------------------------------------------------------------

Assalammualaikum.... & Salam Sejahtera semuanya .....

Saat ini saya baru memigrasikan PC Router dari RH9 yang telah running 
selama hampir setahun, ke Slack10. Agak rumit juga ya menggunakan 
Slack drpd RH9 ...

dan saya mendapat case sbb :

1. LAN Segmen I yang melalui eth1 router I (sbg gateway ) tidak bisa browsing
    dan irc, padahal di segmen lain di bawahnya bisa .......

2. Tranparent proxy tdk jalan sbgmn di inginkan shg client2 di Segmen I tdk
     dpt  browsing bila belum di setting secara manual. 
     (diarahkan ke 192.168.1.62:8080) 

3.  Gimana yah ngakalin agar IRC bisa dijalankan utk LAN di SEGMEN I ini ? 
     Padahal utk segmen-segmen yg berada di bawah ROUTER I yang pembagian
     nya melalui ROUTER II  sudah bisa IRC dan browsing  tanpa ada kendala :-)

Mohon petunjuknya ^_^

- 
---------------------------------------------------------------------------------------------------------
SKEMA  :

 Win2003 internet server- dialup
 eth0 192.168.0.1/30 ke router-I
 |
 Slack10 Router-I (sbg proxy, dhcp server, gateway, dns)
 eth0 192.168.0.2/30 ke win2003
 eth1 192.168.1.62/26 ------ gateway segmen I -- >  ke 30 client --> (PROBLEM)
 eth2 192.168.2.1/30 ke router-II
 |
 Slack10 Router-II (dhcp server+mysql)
 eth0 192.168.2.2/30 ke Router-I
 eth1 192.168.3.62/26 ----- gateway LAN segmen II------->  ke 30 client
 eth2 192.168.4.62/26 ----- gateway LAN segmen III ----- >  ke 30 client


Configurasi yang telah saya buat
===============================================
ROUTER I :
echo "1" >  /proc/sys/net/ipv4/ip_forward
===============================================
ROUTER I :
/etc/rc.d/rc.local  

/sbin/ifconfig eth0 192.168.0.2 netmask 255.255.255.252
/sbin/ifconfig eth1 192.168.1.62 broadcast 192.168.1.63 netmask 
255.255.255.192
/sbin/ifconfig eth2 192.168.2.1 netmask 255.255.255.252
/sbin/route add default gw 192.168.0.1
/sbin/route add -net 192.168.1.0 netmask 255.255.255.192 gw 192.168.0.2
/sbin/route add -net 192.168.3.0 netmask 255.255.255.192 gw 192.168.2.2
/sbin/route add -net 192.168.4.0 netmask 255.255.255.192 gw 192.168.2.2
dhcpd &
squid -a 8080 &

===============================================
ROUTER I :
/etc/rc.d/rc.firewall  :

#!/bin/bash
/usr/sbin/iptables -F
/usr/sbin/iptables -t nat -F PREROUTING

# Memaksa client mengakses  proxy server (conf sekarang)
# Sudah jalan tetapi client2 hrs di set manual proxynya agar bisa browse
/usr/sbin/iptables -t nat -I PREROUTING -s 192.168.1.0/255.255.255.192 -d ! 
192.168.1.0/255.255.255.192 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 
8080

# Memaksa client mengakses tranparent proxy (conf lama - tdk ku pakai )
# /usr/sbin/iptables -t nat -A PREROUTING -s 192.168.1.0/255.255.255.192 -p 
tcp --dport 80 -j REDIRECT --to-port 8080

# Multiport utk chat  ( IRC di segmen LAN I - masih GAK MAU JALAN )
#/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/26 -d 0/0  -m 
multiport -p  tcp --dport 6666 ,6667,6668,6668,7000,8000 -j MASQUERADE

# Multiport utk chat ( IRC di segmen LAN I - masih GAK MAU JALAN )
#/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --destination-port 6660:7000 
- -j SNAT --to 192.168.0.2

# ku coba satu2 port irc ( IRC di segmen LAN I - masih GAK MAU JALAN )
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6661 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6662 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6663 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6664 -j SNAT --to 
192.168.0.1
 /usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6665 -j SNAT --to 
192.168.0.1
 /usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6666 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6667 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6668 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6669 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 7000 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 8000 -j SNAT --to 
192.168.0.1
/usr/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 6666 -j SNAT --to 
192.168.0.1

#routing antar segmen
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d 
192.168.1.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d 
192.168.2.0/255.255.255.252 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d 
192.168.3.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.192 -d 
192.168.4.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d 
192.168.1.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d 
192.168.2.0/255.255.255.252 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d 
192.168.3.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.252 -d 
192.168.4.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d 
192.168.1.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d 
192.168.2.0/255.255.255.252 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d 
192.168.3.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.192 -d 
192.168.4.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d 
192.168.1.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d 
192.168.2.0/255.255.255.252 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d 
192.168.3.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.192 -d 
192.168.4.0/255.255.255.192 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.0.2
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

===============================================
Output dari "route -n"
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0   0.0.0.0            255.255.255.252  U     0      0        0 eth2
192.168.0.0   0.0.0.0            255.255.255.252  U     0      0        0 eth0
192.168.3.0   192.168.2.2   255.255.255.192  UG  0      0        0 eth2
192.168.1.0   192.168.0.2   255.255.255.192  UG  0      0        0 eth0
192.168.1.0   0.0.0.0            255.255.255.192  U     0      0        0 eth1
192.168.4.0   192.168.2.2   255.255.255.192  UG  0      0        0 eth2
127.0.0.0        0.0.0.0            255.0.0.0                U     0  0 0 lo
0.0.0.0            192.168.0.1    0.0.0.0                    UG   0  0 0 eth0  

===============================================
/etc/squid/squid.conf

http_port 192.168.1.62 8080
icp_port 0
cache_mem 50 MB
maximum_object_size 256 KB
cache_dir ufs /cache/spool/squid 200 16 256
 cache_access_log /cache/log/squid/access.log
cache_log /cache/log/squid/cache.log
cache_store_log /cache/log/squid/store.log
Jul 31 15:14:30 <a_ir_hrp>
logfile_rotate 10
memory_pools_limit 15 MB
redirect_rewrites_host_header on
#replacement_policy GDSF
 half_closed_clients off

#-----------transparent proxy -----------
 httpd_accel_host virtual
 httpd_accel_port 80
 httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#-------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

client_netmask 255.255.255.255

acl all         src 0.0.0.0/0.0.0.0
acl localhost   src 127.0.0.0/255.255.255.192
acl private     src 192.168.1.0/255.255.255.192
acl images urlpath_regex -i \.gif$ \.png$ \.jpg$ \.jpeg$
acl Safe_ports port 443 210 119 563 70 21 1025-65535
acl CONNECT    method CONNECT
acl irc_ports  port    6660-7007
acl web_ports  port    80-83
acl pagiI          time    09:00-10:30
acl pagiII         time    11:00-12:30
acl malamI     time    17:00-18:30
acl malamII    time    19:00-20:15
#acl sex        url_regex -i "/etc/squid/sex.txt"
#acl url         url_regex -i "/etc/squid/url.txt"
#acl download   url_regex -i "/etc/squid/download.txt"
http_access allow localhost CONNECT
#http_access deny sex
#http_access deny url
#http_access deny download
http_access allow irc_ports CONNECT
http_access allow private
#http_access allow internet
#http_access allow staff
http_access allow web_ports
http_access allow all
http_access deny !Safe_ports
http_access deny all

+==========================================
 <<-I.R-Harahap-Medan -->>
Aku bukanlah orang yang merasa pandai  :-(
Aku selalu menganggap diriku orang yg bodoh  :-(
Dgn kekurangan itulah aku mau belajar agar bisa pandai :-)
- 
--------------------------------------------------------------------------------------
- - a_ir_hrp 
- - 081-361-305-777 -->
- - #indolinux  @EFnet  @Dalnet
- - Situs Pribadiku http://iman.medanlinux.com
- - Aku Cuman Seorang Mahasiswa Fak Hukum SAJA KOQ
+==========================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBDTfjxGbROmPCAH4RAmoNAKCp6aABxayjEAu137zwKlVYPJ9tYgCeIS+2
5HEgVD7ybxkVlP1JiT+POac=
=qCod
-----END PGP SIGNATURE-----


--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis.php
Tidak bisa posting? Baca:
http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi
http://linux.or.id/wiki/index.php?pagename=TataTertibMilis

[tanya-jawab] pr0blem ROUting pC-r0Uter ( irc + transparent )

Kirim email ke