Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 12 of 12
  1. #1
    Status
    Offline
    leois's Avatar
    Newbie
    Join Date
    Oct 2009
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    (Solved)Mikrotik + Squid IPCOP (acces denied)

    para suhu numpang tanya, 2 hari belum tidur gara2 ini... Click here to enlarge
    saia baru pake IPCOP 2.0 sebagai external proxy RB750

    modem ----- RB750-----------client
    .....................|
    .....................|
    .................. IPCOP

    IP RB :
    eth1 : 192.168.1.2 (menuju modem)
    eth2 : 192.168.20.1 (menuju lan)
    eth3 : 192.168.40.1 (menuju IPCOP)
    eth4 : 192.168.30.1 (menuju AP Hotspot)

    IP IPCOP
    green: 192.168.40.2 (menuju RB)
    red : 192.168.40.3 (kosong)
    PORT : 3128


    ping dari IPCOP ke client(lan), RB, internet = bisa. ...ping dari Client(lan) ke internet, IPCOP juga bisa.


    NAT :
    ;;; redirect proxy
    chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=3128
    protocol=tcp src-address-list=klien dst-port=80,81,8080,3128

    Address-list
    ;;; IP LAN+Hotspot
    klien 192.168.20.0/24
    klien 192.168.30.0/24

    IPCOP : webproxy enable on green
    transparent on green

    masalahnya kenapa ya dari klien(lan) saia tidak bisa browsing, selalu muincul Acces Denied Click here to enlarge
    mohon pertolongan gan... Click here to enlarge
    Last edited by leois; 09-08-2012 at 13:20.

  2. #2
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by bnet Click here to enlarge
    ...
    masalahnya kenapa ya dari klien(lan) saia tidak bisa browsing, selalu muincul Acces Denied ...
    blm pernah pake ipcop sih tapi biasanya kalau error seperti itu(access denied) biasanya berhubungan dengan acl di squid.conf,
    CMIIW lho Click here to enlarge

  3. The Following User Says Thank You to dhopack For This Useful Post:


  4. #3
    Status
    Offline
    leois's Avatar
    Newbie
    Join Date
    Oct 2009
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    saia cek dulu gan. nanti laporan lagi..
    tapi td saia coba pake Parent proxy mikrotik kok bisa ya gan.

    NAT ane rubah
    ;;; redirect proxy
    chain=dstnat action=redirect to-ports=3128 protocol=tcp
    src-address=!192.168.40.0 src-address-list=proxy allowed
    dst-port=80,8080,878

    apakah harus lewat parent proxy?

  5. #4
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dengan menggunakan Parent Proxy, maka semua request http akan terwakili oleh satu IP saja, yakni yang menuju ke IPCop (dalam hal ini sekelas dengan IP IPCopnya - 192.168.40.1 )

    sudah coba mengedit squid.conf nya?
    atau di bagian web management, ada tuh kayaknya ACL yang tinggal ditambahin aja.

    dulu pernah pake IPCop juga, dan sama, saya cuma pake Parent Proxy aja, belum pernah coba edit squid.conf/via web management nya

    dan tak lupa CMIIW

  6. #5
    Status
    Offline
    cellax's Avatar
    Baru Gabung
    Join Date
    May 2012
    Posts
    11
    Reviews
    Read 0 Reviews
    Downloads
    16
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by bnet Click here to enlarge
    para suhu numpang tanya, 2 hari belum tidur gara2 ini... Click here to enlarge
    saia baru pake IPCOP 2.0 sebagai external proxy RB750

    modem ----- RB750-----------client
    .....................|
    .....................|
    .................. IPCOP

    IP RB :
    eth1 : 192.168.1.2 (menuju modem)
    eth2 : 192.168.20.1 (menuju lan)
    eth3 : 192.168.40.1 (menuju IPCOP)
    eth4 : 192.168.30.1 (menuju AP Hotspot)

    IP IPCOP
    green: 192.168.40.2 (menuju RB)
    red : 192.168.40.3 (kosong)
    PORT : 3128


    ping dari IPCOP ke client(lan), RB, internet = bisa. ...ping dari Client(lan) ke internet, IPCOP juga bisa.


    NAT :
    ;;; redirect proxy
    chain=dstnat action=dst-nat to-addresses=192.168.40.2 to-ports=3128
    protocol=tcp src-address-list=klien dst-port=80,81,8080,3128

    Address-list
    ;;; IP LAN+Hotspot
    klien 192.168.20.0/24
    klien 192.168.30.0/24

    IPCOP : webproxy enable on green
    transparent on green

    masalahnya kenapa ya dari klien(lan) saia tidak bisa browsing, selalu muincul Acces Denied Click here to enlarge
    mohon pertolongan gan... Click here to enlarge
    Network based acl nya di tambahin ip network client agan
    Last edited by cellax; 09-08-2012 at 00:30.

  7. The Following User Says Thank You to cellax For This Useful Post:


  8. #6
    Status
    Offline
    leois's Avatar
    Newbie
    Join Date
    Oct 2009
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini gan saia gelar mohon dikoreksi /var/ipcop/proxy/squid.conf Click here to enlarge

    # Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
    # you make will be overwritten whenever you resave proxy settings using the
    # web interface!
    #
    # Instead, modify the file '/var/ipcop/proxy/acls/include.acl' and
    # then restart the proxy service using the web interface. Changes made to the
    # 'include.acl' file will propagate to the 'squid.conf' file at that time.

    shutdown_lifetime 5 seconds
    icp_port 0

    http_port 192.168.40.2:3128 transparent


    cache_effective_user squid
    cache_effective_group squid
    umask 022

    pid_filename /var/run/squid.pid

    cache_mem 64 MB
    cache_dir aufs /var/log/cache 2500 16 256

    error_directory /usr/lib/squid/errors.ipcop/en

    memory_replacement_policy heap GDSF
    cache_replacement_policy heap GDSF

    access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none

    log_mime_hdrs off
    logfile_rotate 0
    forwarded_for off
    via off

    acl within_timeframe time MTWHFAS 00:00-24:00

    acl localhost src 127.0.0.1/32
    acl SSL_ports port 443 # https
    acl SSL_ports port 8443 # alternative https
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 1025-65535 # unprivileged ports
    acl Safe_ports port 3128 # Squids port (for icons)

    acl IPCop_http port 81
    acl IPCop_https port 8443
    acl IPCop_ips dst 192.168.40.2
    acl IPCop_networks src "/var/ipcop/proxy/acls/src_networks.acl"
    acl IPCop_servers dst "/var/ipcop/proxy/acls/src_subnets.acl"
    acl IPCop_green_network src 192.168.40.0/24
    acl IPCop_green_servers dst 192.168.40.0/24
    acl CONNECT method CONNECT

    #Access to squid:
    #local machine, no restriction
    http_access allow localhost

    #GUI admin if local machine connects
    http_access allow IPCop_ips IPCop_networks IPCop_http
    http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https

    #Deny not web services
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports

    #Set custom configured ACLs
    http_access allow IPCop_networks within_timeframe
    http_access deny all

    #Strip HTTP Header
    request_header_access X-Forwarded-For deny all
    request_header_access Via deny all

    maximum_object_size 1096 KB
    minimum_object_size 0 KB

    request_body_max_size 0 KB
    reply_body_max_size none all

    visible_hostname ipcop.localdomain

  9. #7
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0


    Coba tambahkan IP nya di sini

    Click here to enlarge

  10. The Following User Says Thank You to zdienos For This Useful Post:


  11. #8
    Status
    Offline
    leois's Avatar
    Newbie
    Join Date
    Oct 2009
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zdienos Click here to enlarge


    Coba tambahkan IP nya di sini

    Click here to enlarge

    Click here to enlarge thank berat gan Click here to enlargeClick here to enlarge

  12. #9
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    sori OOT dikit

    udah solved tapi gak ngasih thanks sm yang bantuin(zdienos),

  13. The Following User Says Thank You to dhopack For This Useful Post:


  14. #10
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @dhopack: itulah Indonesia

    beda sama forum2 luar negeri, jangankan "jempol", donasi aja diberikan...
    dan antara yang ngasih donasi dan yang nggak, sama2 "nikmati" tutorial/materi yang dishare

    Click here to enlarge

    OOT lagi

  15. #11
    Status
    Offline
    leois's Avatar
    Newbie
    Join Date
    Oct 2009
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    jadi malu... Click here to enlarge

    untuk optimasi cachenya setingan apa lagi yang perlu dirubah gan?Click here to enlarge
    apakah perlu update ke lusca? saia pake ipcop 2.0
    Last edited by leois; 09-08-2012 at 18:03.

  16. #12
    Status
    Offline
    zdienos's Avatar
    Forum Guru
    Join Date
    Feb 2010
    Location
    ~/makasar
    Posts
    1,252
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    selanjutnya silahkan pelajari






 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Bisakah Mengganti Pesan Error (Access Denied) pada mikrotik
    By suprie_200284 in forum Beginner Basics
    Replies: 1
    Last Post: 22-12-2010, 14:37
  2. IPCOP vs SQUID NT vs FROX
    By IrfanGio in forum General Networking
    Replies: 23
    Last Post: 02-06-2010, 00:57
  3. [ASK] Mikrotik + Hotspot + Squid 2.7 Stable 3 = Access Denied
    By ninjahattori in forum Beginner Basics
    Replies: 2
    Last Post: 05-02-2010, 20:18

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •