Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    964
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question Bisakah Squid membaca IP Client di bawah NAT??

    Mudah²an pertanyaan yg kyk gini belum prnah ada di FMI (takut di-omelin Click here to enlarge ) .... kalo emang udah ada sy mohon maaf krn mau search tapi gak tau kata kuncinya.. Click here to enlarge


    Topologi:

    (Inet)
    |
    |
    | eth1 MT
    |
    |. . . .eth2 MT
    (MT) ----------- (Client)
    |
    |
    | eth3 MT
    |
    |
    Proxy (Squid)

    mohon maaf kalo skema-nya ambur adul..

    Gini...
    di MT port 80 dari Client (eth2) sy redirect ke port 3128 ke IP proxy...
    Saat menjalankan perintah 'tail' di Proxy yang kebaca IP_addr dari eth3 MT...

    Pertanyaan:
    Gmna konfigurasi-nya agar akses di Squid yang terbaca adalah IP address dari Client yg melakukan request??? Click here to enlarge
    Last edited by Spring; 31-03-2010 at 10:57.

  2. The Following User Says Thank You to Spring For This Useful Post:


  3. #2
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Bisa, coba dulu search dengan Nat buat external proxy, salah satunya
    , dan ada lagi yang lainya selain yang tadi. sekedar nambahin dari compas settingan gw

    1. bikin address list dulu ip berapa yang mau terkoneksi dengan proxy externalnya
    ;;; Transparent proxy users
    transp-proxy X.X.X.X/24
    ;;; speedtest.net always direct!
    squid-always-direct 118.96.229.225

    2. Bikin Manglenya

    ;;; mark port 80 for transparent proxy
    chain=prerouting action=mark-routing new-routing-mark=transparent-proxy passthrough=yes protocol=tcp
    src-address-list=transp-proxy dst-address-list=!squid-always-direct dst-port=80,81,3128,8080

    3 bikin routenya mengarah ke external proxy
    0 A S ;;; Route for redirecting to transparent proxy
    0.0.0.0/0 reachable X.X.X.X 1 Proxy

    Semoga membantu
    Last edited by panji; 31-03-2010 at 11:24.

  4. The Following User Says Thank You to panji For This Useful Post:


  5. #3
    Status
    Offline
    si_faisal's Avatar
    Contributor
    Join Date
    Jul 2008
    Location
    Jakarta & Sukabumi
    Posts
    485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hanya lakukan src-nat ke out interface eth1

    boleh liat setup
    /ip firewall nat nya?

  6. The Following 2 Users Say Thank You to si_faisal For This Useful Post:


  7. #4
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by si_faisal Click here to enlarge
    hanya lakukan src-nat ke out interface eth1

    boleh liat setup
    /ip firewall nat nya?
    yup jangan lupa natnya,

  8. The Following 2 Users Say Thank You to panji For This Useful Post:


  9. #5
    Status
    Offline
    syukri's Avatar
    Newbie
    Join Date
    Dec 2009
    Posts
    28
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Maksud ip client kek gini yang terbaca?( yang di blod )
    1270009387.368 43 192.168.1.29 TCP_REFRESH_HIT/304 395 GET - DIRECT/202.146.4.2 -
    1270009387.519 47 192.168.1.29 TCP_REFRESH_HIT/304 395 GET - DIRECT/202.146.4.2 -
    1270009387.524 52 192.168.1.29 TCP_REFRESH_HIT/304 395 GET - DIRECT/202.146.4.2 -
    1270009387.549 42 192.168.1.29 TCP_REFRESH_HIT/304 395 GET - DIRECT/202.146.4.2 -

  10. The Following User Says Thank You to syukri For This Useful Post:


  11. #6
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    964
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by panji Click here to enlarge
    Bisa, coba dulu search dengan Nat buat external proxy, salah satunya
    , dan ada lagi yang lainya selain yang tadi. sekedar nambahin dari compas settingan gw

    1. bikin address list dulu ip berapa yang mau terkoneksi dengan proxy externalnya
    ;;; Transparent proxy users
    transp-proxy X.X.X.X/24
    ;;; speedtest.net always direct!
    squid-always-direct 118.96.229.225

    2. Bikin Manglenya

    ;;; mark port 80 for transparent proxy
    chain=prerouting action=mark-routing new-routing-mark=transparent-proxy passthrough=yes protocol=tcp
    src-address-list=transp-proxy dst-address-list=!squid-always-direct dst-port=80,81,3128,8080

    3 bikin routenya mengarah ke external proxy
    0 A S ;;; Route for redirecting to transparent proxy
    0.0.0.0/0 reachable X.X.X.X 1 Proxy

    Semoga membantu
    konsepnya msh cukup membingungkan buat sy (newbie)... Click here to enlarge
    thx, nanti sy coba dulu.. kalo dah buntu baru balik...


    Click here to enlarge Originally Posted by si_faisal Click here to enlarge
    hanya lakukan src-nat ke out interface eth1

    boleh liat setup
    /ip firewall nat nya?
    sy lagi jauh dari TKP nich... tapi sy coba tulis manual dech... Click here to enlarge

    ================================================== ========
    /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

    /ip firewall nat add chain=dstnat src-address=10.0.0.0/27 proto
    col=tcp dst-port=80 action=dst-nat to-addresses=192.168.2.1 to-ports=3128
    ================================================== ========

    Click here to enlarge Originally Posted by syukri Click here to enlarge
    Maksud ip client kek gini yang terbaca?( yang di blod )
    sy maunya squid membaca IP address dari network 10.x.x.x/x bukan yg 192.x.x.x/x... Click here to enlarge
    Last edited by Spring; 31-03-2010 at 13:50.

  12. The Following User Says Thank You to Spring For This Useful Post:


  13. #7
    Status
    Offline
    chika's Avatar
    Member
    Join Date
    Oct 2009
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ga bisa mas. karena
    NAT (network address tranisolation), jadi yang kebaca hanya 1 alamat saja (alamat sumber). alamat dibawah NAT sudah di isolasi.

  14. The Following User Says Thank You to chika For This Useful Post:


  15. #8
    Status
    Offline
    ahmad210993's Avatar
    Member Senior
    Join Date
    Jun 2009
    Location
    Semarang - www.dyasrtrw.net
    Posts
    440
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mainin natnya boss, dengan menambahkan in interface, contoh:
    ip fir nat pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 chain=srcnat action=masquerade out-interface=speedy

    2 X ;;; masquerade hotspot network
    chain=srcnat action=masquerade src-address=10.10.10.0/24


    3 ;;; proxy
    chain=dstnat action=dst-nat to-addresses=192.168.67.2 to-ports=3128
    protocol=tcp in-interface=ether5-client dst-port=80,8080,3128


    di tempat saya dengan cara itu berhasil, tapi ingat, jikalau menggunakan hotspot juga, matikan nat masquerade hotspot network

    Click here to enlargeClick here to enlarge

  16. The Following 2 Users Say Thank You to ahmad210993 For This Useful Post:


  17. #9
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    964
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ahmad210993 Click here to enlarge
    mainin natnya boss, dengan menambahkan in interface, contoh:
    ip fir nat pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 chain=srcnat action=masquerade out-interface=speedy

    2 X ;;; masquerade hotspot network
    chain=srcnat action=masquerade src-address=10.10.10.0/24


    3 ;;; proxy
    chain=dstnat action=dst-nat to-addresses=192.168.67.2 to-ports=3128
    protocol=tcp in-interface=ether5-client dst-port=80,8080,3128


    di tempat saya dengan cara itu berhasil, tapi ingat, jikalau menggunakan hotspot juga, matikan nat masquerade hotspot network

    Click here to enlargeClick here to enlarge
    yg warna merah mas, ether5 nya mengarah ke network mana (client, proxy ato WAN)??

    trus, andaikan kalau di topologi sy IP address yg merah itu di ether brpa??

  18. #10
    Status
    Offline
    zainalk29's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Location
    Banjarmasin, Yogyakarta, Indonesia
    Posts
    676
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by spring Click here to enlarge
    Mudah²an pertanyaan yg kyk gini belum prnah ada di FMI (takut di-omelin Click here to enlarge ) .... kalo emang udah ada sy mohon maaf krn mau search tapi gak tau kata kuncinya.. Click here to enlarge


    Topologi:

    (Inet)
    |
    |
    | eth1 MT
    |
    |. . . .eth2 MT
    (MT) ----------- (Client)
    |
    |
    | eth3 MT
    |
    |
    Proxy (Squid)

    mohon maaf kalo skema-nya ambur adul..

    Gini...
    di MT port 80 dari Client (eth2) sy redirect ke port 3128 ke IP proxy...
    Saat menjalankan perintah 'tail' di Proxy yang kebaca IP_addr dari eth3 MT...

    Pertanyaan:
    Gmna konfigurasi-nya agar akses di Squid yang terbaca adalah IP address dari Client yg melakukan request??? Click here to enlarge
    selama ini saya menggunakan proxy sejajar dengan mikrotik untuk redirect port 80 keproxy saya selalu menggunakan rule ini dan selalu berhasil

    Code:
    /ip firewall nat add action=dst-nat chain=dstnat comment="REDIRECT TO PROXY SQUID" disabled=no dst-port=80 protocol=tcp src-address=!192.168.2.2 to-addresses=192.168.2.2 to-ports=1022
    ip 192.168.2.2 adalah ip proxy ubuntu

    di proxy nya tidak perlu menggunakan iptables.

  19. #11
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    964
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by zainalk29 Click here to enlarge
    selama ini saya menggunakan proxy sejajar dengan mikrotik untuk redirect port 80 keproxy saya selalu menggunakan rule ini dan selalu berhasil

    Code:
    /ip firewall nat add action=dst-nat chain=dstnat comment="REDIRECT TO PROXY SQUID" disabled=no dst-port=80 protocol=tcp src-address=!192.168.2.2 to-addresses=192.168.2.2 to-ports=1022
    ip 192.168.2.2 adalah ip proxy ubuntu

    di proxy nya tidak perlu menggunakan iptables.
    Proxy sy emang gak ada masalah jalan atau gak jalannya... Click here to enlargeClick here to enlarge
    rule untuk Redirect port-nya kita sama kok...
    tolong dibaca lagi pertanyaan saya, siapa tau anda emang punya solusi paling mudah dan bagus... Click here to enlarge

  20. #12
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    This is working good for me:

    Mikrotik config (Sample)
    / ip firewall address-list
    add list=transp-proxy address=10.0.0.0/27 comment="Transparent proxy users" \
    disabled=no
    add list=squid-always-direct address= 69.17.117.207/32 comment="speedtest.net \
    always direct!" disabled=no
    / ip firewall mangle
    add chain=prerouting protocol=tcp dst-port=80 src-address-list=transp-proxy \
    dst-address-list=!squid-always-direct action=mark-routing \
    new-routing-mark=transparent-proxy passthrough=yes comment="mark \
    port 80 for transparent proxy" disabled=no
    / ip route
    add dst-address=0.0.0.0/0 gateway=10.100.100.2 check-gateway=ping distance=1 \
    scope=255 target-scope=10 routing-mark=transparent-proxy comment="Route \
    for redirecting to transparent proxy" disabled=no

    Squid box (Don't forget)
    `which iptables` -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

    tuh itu berjalan di mikrotik dan squid punya gw, ini saran dari suhu siber
    nih linknya coba perhatikan baik2

  21. The Following User Says Thank You to panji For This Useful Post:


  22. #13
    Status
    Offline
    xopal's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    245
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ahmad210993 Click here to enlarge
    mainin natnya boss, dengan menambahkan in interface, contoh:
    ip fir nat pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough

    1 chain=srcnat action=masquerade out-interface=speedy

    2 X ;;; masquerade hotspot network
    chain=srcnat action=masquerade src-address=10.10.10.0/24


    3 ;;; proxy
    chain=dstnat action=dst-nat to-addresses=192.168.67.2 to-ports=3128
    protocol=tcp in-interface=ether5-client dst-port=80,8080,3128


    di tempat saya dengan cara itu berhasil, tapi ingat, jikalau menggunakan hotspot juga, matikan nat masquerade hotspot network

    Click here to enlargeClick here to enlarge
    Trik anda berhasil ditempat saya ho ho ho Click here to enlarge ,rasanya koq lebih enak bang, login to network ,acquaring network address, page loading jadi lebih cepat.
    Last edited by xopal; 01-04-2010 at 01:37.

  23. The Following User Says Thank You to xopal For This Useful Post:


  24. #14
    Status
    Offline
    Shima's Avatar
    Newbie
    Join Date
    May 2008
    Posts
    68
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @spring : setau saya bisa tp proxy bridging

    CMIIW ya Click here to enlarge

  25. #15
    Status
    Offline
    sukhoi37's Avatar
    Member
    Join Date
    Sep 2007
    Location
    Masih 1 Kabupaten dgn Grojogan Sewu
    Posts
    180
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba baca2 tentang tproxy...
    mungkin itu jawaban untuk kasus anda...

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Setting Mikrotik untuk Squid sejajar dengan client
    By genresesif13 in forum General Networking
    Replies: 8
    Last Post: 24-11-2009, 23:48
  2. [ASK] Squid dan Client dalam lvl yang sama...Natnya gimana ya?
    By onlyhuman in forum General Networking
    Replies: 5
    Last Post: 19-11-2009, 17:48
  3. Replies: 16
    Last Post: 01-09-2009, 20:31
  4. Ask : IP client tidak bisa tercatat pada log squid
    By w1z4rd in forum General Networking
    Replies: 16
    Last Post: 31-05-2009, 01:22
  5. Squid sejajar Client, bisa gak di set transparent??
    By Xerophie in forum General Networking
    Replies: 12
    Last Post: 02-08-2008, 13:07

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •