Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 3 of 3
  1. #1
    Status
    Offline
    ninjahattori's Avatar
    Baru Gabung
    Join Date
    Apr 2009
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ASK] Mikrotik + Hotspot + Squid 2.7 Stable 3 = Access Denied

    Permisi gan, mohon pencerahannya.
    Saya lagi belajar ngelab mikrotik. Topologi bisa dilihat disini.




    IP Rules :
    Code:
    ## Mikrotik
    Interface WAN = 172.20.88.2
    Interface WLAN = 172.20.99.254
    Interface PROXY = 172.20.88.6
    
    ## Squidbox
    eth1 = 172.20.88.5 
    
    ##Access Point
    AP WRT54GL-1 = 172.20.99.1
    AP WRT54GL-1 = 172.20.99.2
    ################
    ## MIKROTIK SECTION
    ################

    Code:
    ##Add ip address
    ip address add address=172.20.88.2/30 interface=WAN
    ip address add address=172.20.99.254/23 interface=WLAN
    ip address add address=172.20.88.6/30 interface=SQUID
    
    ##Add default Gateway
    ip route add gateway=172.20.88.1
    
    ##Add DNS Server
    ip dns set primary-dns=202.134.0.155
    ip dns set secondary-dns=203.130.196.155
    
    ##Add NAT
    ip firewall nat add chain=srcnat action=masquerade out-interface=WAN
    
    ## Add Hotspot
    ip hotspot setup
    hotspot interface: WLAN
    local address of network : 172.20.99.254/23
    masqurade network: yes
    address pool of network: 172.20.98.11-172.20.99.253
    select certificate: none
    ip address of SMTP server: 0.0.0.0
    DNS server: 202.134.0.155,203.130.196.155
    DNS name:
    name of local hotspot user: admin	
    password for the user: admin
    sampai sini, client udah bisa dapet ip address otomatis dan sebelum ngenet, user diarahkan ke halaman login mikrotik untuk otentifikasi. (proxy belum dienable-kan)

    karena traffic akan menggunakan proxy, maka saya redirect traffic hotspot ke ip proxy




    ##############
    ## SQUID SECTION
    ##############

    OS : Ubuntu 8.04 Server
    Squid : 2.7 Stable 3 (Versi Intrepid)

    Code:
    ## IP Address
    sudo vim /etc/network/interfaces
    auto eth1
    iface eth1 inet static
    address 172.20.88.5
    netmask 255.255.255.252
    gateway 172.20.88.6
    broadcast 172.20.88.7
    network 172.20.88.4
    
    sebenarnya DNS dan IPv4 Forward ini perlu atau gak sih?
    ## DNS
    sudo vim /etc/resolv.conf 
    nameserver 202.134.0.155
    
    ## IPV4 Forward
    sudo vim /etc/sysctl.conf
    uncomment -> net.ipv4.ip_forward=1
    sudo sysctl -p
    
    
    ## Adduser + Permission untuk user squid (squidproxy)
    sudo useradd squidproxy
    sudo chown -R squidproxy.squidproxy /cachesquid/
    sudo chown -R squidproxy.squidproxy /var/log/squid/
    sudo chown -R squidproxy.squidproxy /etc/squid/
    ## /etc/squid/squid.conf
    Code:
    # WELCOME TO SQUID 2.7 HIGH PERFORMANCES Original By Maulana Akbar
    # Customized ninjahattori
    # Lab Hotspot Networks 02 Februari 2010
    # Modified for Ubuntu 8.10
    
    #==============================================
    # TAG: http_port
    # Daftar port koneksi squid.
    #==============================================
    http_port 3128 transparent
    icp_port 0
    
    # Mengatasi Facebook Blank setelah login
    server_http11 on
    
    #==============================================
    # TAG: hierarchy_stoplist
    # Daftar kata2 yg, jika ditemukan dalam sebuah URL, menyebabkan obyek
    # akan ditangani langsung oleh squid. Opsi dapat ditulis beberapa kali
    #==============================================
    hierarchy_stoplist cgi-bin ? localhost
    acl QUERY urlpath_regex cgi-bin \? localhost
    no_cache deny QUERY
    
    #==============================================
    # OPTIONS WHICH AFFECT THE CACHE SIZE
    #==============================================
    # Ukuran memory (RAM) yang digunakan untuk men-cache obyek. Jangan
    # terlalu besar, Idealnya 60-70% dari total Memory yang terpasang
    #==============================================
    cache_mem 512 MB
    
    # Ukuran maksimum suatu obyek yang di-cache ke hd & Memory. Ukurannya terserah
    # tergantung kebutuhan.
    maximum_object_size 50 MB
    maximum_object_size_in_memory 128 KB
    
    # Ini adalah trik yg menyebabkan squid selalu berusaha menyimpan obyek
    # dalam memory dan baru akan men-swap data ke hd jika cache_mem sudah
    # penuh.
    cache_swap_low 98%
    cache_swap_high 99%
    
    # Bagian ini adalah metode swapping data dari memory ke cache hd. LFUDA
    # brarti menyebabkan squid akan men-cache obyek2 berukuran besar,
    # sebaliknya GDSF men-cache obyek2 kecil secara progresif. Saran saya
    # cache hd menggunakan LFUDA dan cache memory menggunakan GDSF karena
    # pembacaan/penulisan ke memory (RAM) jelas lebih cepat daripada hd.
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    
    # Ini adalah pembatasan maksimum memory yg dipakai oleh squid. Saran saya
    # sekitar 60-70% dari ukuran RAM.
    #high_memory_warning 70 MB
    
    # FIXME!
    ipcache_size 16384
    fqdncache_size 16384
    
    # Sama seperti cache_swap_low/high, hanya saja obyeknya adalah IP.
    ipcache_low 98
    ipcache_high 99
    
    #==============================================
    # LOGFILE PATHNAMES AND CACHE DIRECTORIES
    #==============================================
    # Bagian ini adalah konfigurasi direktori cache (hd). Urutannya adalah:
    # Untuk Cache Size squid idealnya 60% dari Partisi Size squid yang di sediakan.
    cache_dir aufs /cachesquid 48000 57 256
    
    # Ini adalah konfigurasi peletakan log squid. lokasinya terserah.
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    
    # Ini daftar mime squid. Selalu gunakan agar proses filtering obyek
    # lebih cepat.
    mime_table /usr/share/squid/mime.conf
    
    # Lokasi PID squid.
    pid_filename /var/run/squid.pid
    coredump_dir /var/spool/squid/
    
    # Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.
    log_fqdn off
    log_icp_queries off
    buffered_logs off
    emulate_httpd_log off
    
    #==============================================
    # FTP section
    #==============================================
    # Selalu gunakan opsi ini untuk mengurangi beban trafik. FTP mode pasif
    # menyebabkan client tidak berhubungan langsung dengan FTP Server tujuan
    # dan menggunakan squid sebagai relay sehingga bandwidth utk koneksi FTP
    # bisa dikontrol mungkin dengan kombinasi IP filtering (PF (BSD)/ IPTABLES).
    ftp_list_width 32
    ftp_passive on
    ftp_sanitycheck on
    
    #==============================================
    # DNS resolution section
    #==============================================
    # Isikan IP (BUKAN NAMA) untuk mempercepat resolusi query dns dari client.
    # Menggunakan OpenDNS untuk settingan di bawah ini
    dns_nameservers 202.134.0.155 203.130.196.155
    
    #==============================================
    # Filesystem section
    #==============================================
    #diskd_program /usr/bin/diskd
    
    #==============================================
    # Refresh Rate
    #==============================================
    # Ini adalah bagian yg sering diutak-atik karena menyangkut lamanya
    # sebuah obyek dicatat dalam cache (hd). Cari nilainya secara
    # trial n error karena tidak ada angka pasti. Urutannya adalah:
    #
    # refresh_pattern REGEX MIN_MINUTES VALIDITY(%) MAX_MINUTES
    refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 50% 43200
    refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 50% 43200
    refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 50% 43200
    refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 50% 43200
    refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 50% 43200
    refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 50% 43200
    refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 50% 43200
    refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 50% 43200
    
    refresh_pattern ^ftp: 1440 95% 12960 reload-into-ims
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    quick_abort_pct 100%
    
    #==============================================
    # ACL section
    #==============================================
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl WLAN src 172.20.98.0/23
    acl localhost src 127.0.0.1/255.255.255.255
    
    # DEFINISI TIME RANGE UNTUK BLOKIR WEB JAM-JAM TERTENTU #
    acl timeblock1 time MTWHFA 07:30-11:59
    acl timeblock2 time MTWHFA 13:30-14:59
    acl blocking url_regex "/etc/squid/blocking.txt" # Blokir akses situs pertemanan
    acl red_alert url_regex –i "/etc/squid/red_alert.txt" # Blokir Situs Porno
    acl SSL_ports port 443 563 # https, snews
    acl Safe_ports port 80 81 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl purge method PURGE
    acl CONNECT method CONNECT
    always_direct allow WLAN localhost
    always_direct deny all
    http_access deny red_alert
    http_access deny blocking timeblock1
    http_access deny blocking timeblock2
    http_access allow manager all
    http_access deny !Safe_ports
    http_access allow purge localhost
    http_access deny purge
    http_access allow localhost
    http_access allow WLAN
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    miss_access allow WLAN
    miss_access deny all
    visible_hostname proxytest
    cache_mgr proxytest@gmail.com
    header_access Accept-Encoding deny all
    
    #=====================================================
    # SNMP
    #=====================================================
    snmp_port 3401
    acl snmppublic snmp_community public
    snmp_access allow snmppublic localhost
    snmp_access deny all
    
    #==============================================
    # Extra Section
    #==============================================
    negative_ttl 2 minutes
    half_closed_clients off
    read_timeout 15 minutes
    client_lifetime 2 hours
    pconn_timeout 60 seconds
    request_timeout 1 minutes
    shutdown_lifetime 10 seconds
    positive_dns_ttl 60 seconds
    negative_dns_ttl 30 seconds
    client_netmask 255.255.255.255
    client_db on
    store_avg_object_size 13 KB
    store_objects_per_bucket 10
    strip_query_terms off
    forwarded_for on
    icp_hit_stale on
    log_icp_queries off
    query_icmp on
    buffered_logs off
    
    #==============================================
    # MISCELLANEOUS
    #==============================================
    logfile_rotate 7
    negative_ttl 2 minutes
    #digest_rebuild_period 30 minute
    #digest_rewrite_period 30 minute
    #digest_swapout_chunk_size 4096 bytes
    client_persistent_connections on
    server_persistent_connections on
    pipeline_prefetch on
    vary_ignore_expire on
    reload_into_ims on
    store_dir_select_algorithm round-robin
    nonhierarchical_direct off
    prefer_direct off
    memory_pools off
    ie_refresh on
    
    #================================================
    # USER RUNS SQUID
    #================================================
    
    cache_effective_user squidproxy
    cache_effective_group squidproxy
    
    #================================================
    # ZPH SETTINGS (NOT ACTIVATED YET)
    #================================================
    # zph_mode tos
    # zph_local 0x04
    # zph_parent 0
    # zph_option 136
    ## sudo squid -z
    ## sudo /etc/init.d/squid restart


    PERMASALAHAN
    Dengan settingan diatas, (proxy hotspot dicentang), client gak bisa akses via proxy. yang keluar Click here to enlarge



    tapi kalau proxy port di hotspot gak dicentang, lanjar jaya koneksinya.




    mohon pencerahan para guru2 mikrotik + linux, ini salah dimana, di squid kah atau di mikrotiknya Click here to enlarge. bakalan begadang lagi malam ini Click here to enlargeClick here to enlarge

    Terima kasih

  2. #2
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Pertama-tama, mohon untuk tidak membahas mengenai Mikrotik yang tidak legal di forum ini...

    kemudian, itu di access list squidnya, belum ada yang 172.20.88.4/30 yang di allow..., trus kalau mau auto redirect ke proxy, belum ada rule dstnat ke mesin squidnya.

    sementara itu saja clue nya, mohon maaf thread saya close. Kalau masih belum jelas, silahkan ajukan permohonan ke moderator untuk membuka thread ini lagi, dengan mengganti versi Mikrotik (dan mengedit gambar topologi).
    Last edited by yosanpro; 05-02-2010 at 20:20.

  3. #3
    Status
    Offline
    ninjahattori's Avatar
    Baru Gabung
    Join Date
    Apr 2009
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @yosanpro, maunya juga beli gan, Click here to enlarge, cuma masih dalam upaya mengumpulkan pundi2 dan belajar.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Tut]Load Balancing 2 Speedy + Squid (Ubuntu Server 9.10)+ Hotspot
    By dionipe in forum Beginner / Installation
    Replies: 120
    Last Post: 15-02-2013, 09:31
  2. squid terpisah dengan hotspot mikrotik
    By marom_shinichi in forum Wireless Networking
    Replies: 6
    Last Post: 12-07-2012, 22:13
  3. nat g jalan hotspot squid ubuntu
    By marom_shinichi in forum Linux Support
    Replies: 3
    Last Post: 17-03-2010, 14:14
  4. Replies: 40
    Last Post: 23-02-2010, 15:27
  5. <ask> access list di wireless mikrotik
    By all21 in forum Wireless Networking
    Replies: 2
    Last Post: 27-03-2009, 19:40

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •