Thread: [help] SQUID tidak bisa di Transparent

Buat para master Mikrotik, tolong bantuin saya setting-up SQUID dong...

Berikut adalah topologinya:

Client 192.168.1.0/24 --- SQUID 192.168.1.9:3128 --- Mikrotik 192.168.1.1 --- Gateway 192.168.1.254

Berikut adalah squid.conf:

Code:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.1.0/24

acl SSL_ports port 443
acl SSL_ports port 2083		# cPanel
acl SSL_ports port 2087		# WHM
acl SSL_ports port 2096		# WebMail
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all

# Squid normally listens to port 3128
http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

cache_mem 4096 MB

memory_replacement_policy heap GDSF

cache_replacement_policy heap LFUDA

cache_dir ufs f:/squid-cache 6000 14 256

access_log e:/squid-logs/access.log squid

cache_log e:/squid-logs/cache.log

cache_store_log e:/squid-logs/store.log

# logfile_rotate 10

# mime_table c:/squid/etc/mime.conf

# client_netmask 255.255.255.255

# ftp_user squid@localhost.localdomain

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# server_http11 off

half_closed_clients off

visible_hostname localhost.localdomain

# client_persistent_connections on
# server_persistent_connections on
# persistent_connection_after_error off

# pipeline_prefetch off

# windows_ipaddrchangemonitor on

Saya sudah set IP -> Firewall -> NAT: {dstnat tcp port 80} -> {dst-nat to address 192.168.1.9 port 3128}

Berikut adalah error yang saya dapat jika 192.168.1.9:3128 di mode transparent:

Code:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.securitytoolsonline.com/request.php?

The following error was encountered:

    * Unable to forward this request at this time. 

This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:

    * The cache administrator does not allow this cache to make direct connections to origin servers, and
    * All configured parent caches are currently unreachable. 

Your cache administrator is root@localhost.localdomain.
Generated Wed, 04 Aug 2010 10:51:03 GMT by localhost.localdomain (squid/2.7.STABLE5)

Dan berikut adalah error yang saya dapat jika 192.168.1.9:3128 tidak di mode transparant:

Code:

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET /request.php?op=proxy HTTP/1.0
Host: www.securitytoolsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://www.google.com/search?hl=en&&sa=X&ei=LzRZTMbWK4WxrAfN_sWxDg&ved=0CBIQvwUoAQ&q=how+to+check+proxy+transparent&spell=1
Cookie: PHPSESSID=b31268fba45c03c780a6c6b0cdb48a72; __gads=ID=00ae4271bc4ae67e:T=1280914494:S=ALNI_MZEk1X5cZiYBbRdFMLqOWTC2fmSoQ; __utma=55010601.80587643.1280914484.1280914484.1280914484.1; __utmb=55010601.17.10.1280914484; __utmc=55010601; __utmz=55010601.1280914486.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=how%20to%20check%20proxy%20transparent
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE5)
X-Forwarded-For: 192.168.1.2
Cache-Control: max-age=0
Connection: keep-alive



The following error was encountered:

    * Invalid Request 

Some aspect of the HTTP Request is invalid. Possible problems:

    * Missing or unknown request method
    * Missing URL
    * Missing HTTP Identifier (HTTP/1.0)
    * Request is too large
    * Content-Length missing for POST or PUT requests
    * Illegal character in hostname; underscores are not allowed 

Your cache administrator is root@localhost.localdomain.
Generated Wed, 04 Aug 2010 10:44:09 GMT by localhost.localdomain (squid/2.7.STABLE5)

Mohon bantuan dan pencerahannya... Kalo ada saran/masukan/optimisasi lainnya buat squid.conf saya menerimanya dengan senang hati

Catatan: config diatas yg ada '#' saya bingung mau dinyalain ato nggak, sekalian mohon petunjuknya...

Atas perhatian dan bantuan yang diberikan saya ucapkan terima kasih

Originally Posted by andy

Buat para master Mikrotik, tolong bantuin saya setting-up SQUID dong...

Berikut adalah topologinya:

Client 192.168.1.0/24 --- SQUID 192.168.1.9:3128 --- Mikrotik 192.168.1.1 --- Gateway 192.168.1.254

Berikut adalah squid.conf:

Code:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.1.0/24

acl SSL_ports port 443
acl SSL_ports port 2083		# cPanel
acl SSL_ports port 2087		# WHM
acl SSL_ports port 2096		# WebMail
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all

# Squid normally listens to port 3128
http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

cache_mem 4096 MB

memory_replacement_policy heap GDSF

cache_replacement_policy heap LFUDA

cache_dir ufs f:/squid-cache 6000 14 256

access_log e:/squid-logs/access.log squid

cache_log e:/squid-logs/cache.log

cache_store_log e:/squid-logs/store.log

# logfile_rotate 10

# mime_table c:/squid/etc/mime.conf

# client_netmask 255.255.255.255

# ftp_user squid@localhost.localdomain

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# server_http11 off

half_closed_clients off

visible_hostname localhost.localdomain

# client_persistent_connections on
# server_persistent_connections on
# persistent_connection_after_error off

# pipeline_prefetch off

# windows_ipaddrchangemonitor on

Saya sudah set IP -> Firewall -> NAT: {dstnat tcp port 80} -> {dst-nat to address 192.168.1.9 port 3128}

Berikut adalah error yang saya dapat jika 192.168.1.9:3128 di mode transparent:

Code:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.securitytoolsonline.com/request.php?

The following error was encountered:

    * Unable to forward this request at this time. 

This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:

    * The cache administrator does not allow this cache to make direct connections to origin servers, and
    * All configured parent caches are currently unreachable. 

Your cache administrator is root@localhost.localdomain.
Generated Wed, 04 Aug 2010 10:51:03 GMT by localhost.localdomain (squid/2.7.STABLE5)

Dan berikut adalah error yang saya dapat jika 192.168.1.9:3128 tidak di mode transparant:

Code:

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET /request.php?op=proxy HTTP/1.0
Host: www.securitytoolsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://www.google.com/search?hl=en&&sa=X&ei=LzRZTMbWK4WxrAfN_sWxDg&ved=0CBIQvwUoAQ&q=how+to+check+proxy+transparent&spell=1
Cookie: PHPSESSID=b31268fba45c03c780a6c6b0cdb48a72; __gads=ID=00ae4271bc4ae67e:T=1280914494:S=ALNI_MZEk1X5cZiYBbRdFMLqOWTC2fmSoQ; __utma=55010601.80587643.1280914484.1280914484.1280914484.1; __utmb=55010601.17.10.1280914484; __utmc=55010601; __utmz=55010601.1280914486.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=how%20to%20check%20proxy%20transparent
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE5)
X-Forwarded-For: 192.168.1.2
Cache-Control: max-age=0
Connection: keep-alive



The following error was encountered:

    * Invalid Request 

Some aspect of the HTTP Request is invalid. Possible problems:

    * Missing or unknown request method
    * Missing URL
    * Missing HTTP Identifier (HTTP/1.0)
    * Request is too large
    * Content-Length missing for POST or PUT requests
    * Illegal character in hostname; underscores are not allowed 

Your cache administrator is root@localhost.localdomain.
Generated Wed, 04 Aug 2010 10:44:09 GMT by localhost.localdomain (squid/2.7.STABLE5)

Mohon bantuan dan pencerahannya... Kalo ada saran/masukan/optimisasi lainnya buat squid.conf saya menerimanya dengan senang hati

Catatan: config diatas yg ada '#' saya bingung mau dinyalain ato nggak, sekalian mohon petunjuknya...

Atas perhatian dan bantuan yang diberikan saya ucapkan terima kasih

klo lihat topologinya, tuh squid posisi di antara mikrotik dan klien...
jadi di brigde aja Squidna, gunain 2 bh Ethernet....

Klo 'maksain' 1 ethernet aja gimana bro?
Soalnya SQUID itu sebagai NAS Server juga...
Kan RAID 5 NAS nya, jadi sekalian di-fungsiin sebagai SQUID.
Jadi mau nggak mau SQUID tetap satu network sama client lainnya...

minta jamunya iptables deh...

topologi saya seperti ini:

GATEWAY (192.168.1.254) --- MKTIK (192.168.1.1) --- SQUID (192.168.1.9:3128) --- CLIENT (192.168.1.0/24)

semuanya dalam satu network.

Originally Posted by andy

minta jamunya iptables deh...

topologi saya seperti ini:

GATEWAY (192.168.1.254) --- MKTIK (192.168.1.1) --- SQUID (192.168.1.9:3128) --- CLIENT (192.168.1.0/24)

semuanya dalam satu network.

topo yang aneh kenapa nggak beda IP apa masalahnya

mengenai NAS (Network Access Storage) emang harus satu IP saya rasa nggak kok

harusnya boleh topo seperti itu tetapi seperti ini maaf bukan mengurui

Contoh Gateway 192.168.3.254 --- interface eth1 MKT -- 192.168.3.1 --- eth0 int mkt -- 192.168.2.1 -- Eth 1 Cumi Eth1 192.168.2.2 CUMI eth0 --- 192.168.1.1 --- CLIENT .. saya rasa coba gunakan topo ini pasti jalan semunya termasuk (NAS) juga gimana

Originally Posted by kambeeng

topo yang aneh kenapa nggak beda IP apa masalahnya

mengenai NAS (Network Access Storage) emang harus satu IP saya rasa nggak kok

harusnya boleh topo seperti itu tetapi seperti ini maaf bukan mengurui

Contoh Gateway 192.168.3.254 --- interface eth1 MKT -- 192.168.3.1 --- eth0 int mkt -- 192.168.2.1 -- Eth 1 Cumi Eth1 192.168.2.2 CUMI eth0 --- 192.168.1.1 --- CLIENT .. saya rasa coba gunakan topo ini pasti jalan semunya termasuk (NAS) juga gimana

pernah cobain beda gitu walau udah di bridge NAS nya nggak tembus gan, lagipula capek klo musti modifikasi jaringan, soalnya udah di bagi pengaturan & assignment IP address nya dari management di perusahaan kita.

sekarang kalau dengan topo yang agan punya .. fungsi MKT sebagai apa ... kalau semuanya sejajar

mikrotik sebagai gateway utama, dan modem sebagai router aja.