salam kalo chain INPUT OUTPUT FORWARD policy-nya accept, berarti dari mesin squid dah ok bisa nerusin apa aja keluar, yang jadi masalah kenapa rule di nat-nya banyak yang diulang ?
saran saya, bersihin aja dulu semua rule firewallnya iptables -F iptables -X iptables -t nat --flush terus upload lagi firewall-nya. kalo saran saya lagi sih, tes aja koneksinya jangan pake transparent dulu. client bisa pake https ga kalo ga pake transparent? kalo dah ok baru set transparentnya. wassalam ic >> > Dear Pak Imam, Berikut saya kirim hasilnya...thanks > server:~ # iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:https > ACCEPT tcp -- anywhere anywhere tcp dpt:https > ACCEPT tcp -- anywhere anywhere tcp dpt:https > ACCEPT tcp -- anywhere anywhere tcp dpt:https > ACCEPT tcp -- anywhere anywhere tcp dpt:https > server:~ # iptables -t nat -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:hosts2-ns r edir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:beacon-port redir > ports 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:http redir ports > 3128 > REDIRECT tcp -- anywhere anywhere tcp > dpt:https redir ports > 3128 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > SNAT all -- 192.168.1.0/24 anywhere > to:125.163.182.189 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > server:~ # > -- Imam Cartealy Linux registered user #481374 Surat elektronik ini bersifat rahasia dan bisa berisikan informasi yang bersifat pribadi. Anda tidak diperkenankan untuk menggandakan, menggunakan ataupun mengungkapkan surat elektronik ini dalam bentuk apapun kepada siapapun. Penggunaan ataupun penyebaran surat elektronik ini dalam bentuk apapun kepada pihak lain adalah diluar tanggung jawab penulis. Surat elektronik ini termasuk tambahan yang diikutkan dalam surat elektronik ini ditujukan hanya untuk penerima. Jika Anda bukan orang yang dimaksudkan oleh penulis sebagai penerima surat elektronik ini, Anda tidak diperbolehkan untuk mengambil tindakan apapun terhadap surat elektronik ini dan menunjukkannya kepada siapapun. Jika Anda menerima surat elektronik ini karena kesalahan, mohon beritahukan penulis dan segera menghapusnya. -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
