Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    andy's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Beeze Shehu Makom Baolam
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question [help] SQUID tidak bisa di Transparent

    Buat para master Mikrotik, tolong bantuin saya setting-up SQUID dong...

    Berikut adalah topologinya:

    Client 192.168.1.0/24 --- SQUID 192.168.1.9:3128 --- Mikrotik 192.168.1.1 --- Gateway 192.168.1.254

    Berikut adalah squid.conf:
    Code:
    acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl localnet src 192.168.1.0/24
    
    acl SSL_ports port 443
    acl SSL_ports port 2083		# cPanel
    acl SSL_ports port 2087		# WHM
    acl SSL_ports port 2096		# WebMail
    acl Safe_ports port 80		# http
    acl Safe_ports port 21		# ftp
    acl Safe_ports port 443		# https
    acl Safe_ports port 70		# gopher
    acl Safe_ports port 210		# wais
    acl Safe_ports port 1025-65535	# unregistered ports
    acl Safe_ports port 280		# http-mgmt
    acl Safe_ports port 488		# gss-http
    acl Safe_ports port 591		# filemaker
    acl Safe_ports port 777		# multiling http
    acl CONNECT method CONNECT
    
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    
    http_access allow localnet
    
    # And finally deny all other access to this proxy
    http_access deny all
    
    #Allow ICP queries from local networks only
    icp_access allow localnet
    icp_access deny all
    
    # Squid normally listens to port 3128
    http_port 3128 transparent
    
    hierarchy_stoplist cgi-bin ?
    
    cache_mem 4096 MB
    
    memory_replacement_policy heap GDSF
    
    cache_replacement_policy heap LFUDA
    
    cache_dir ufs f:/squid-cache 6000 14 256
    
    access_log e:/squid-logs/access.log squid
    
    cache_log e:/squid-logs/cache.log
    
    cache_store_log e:/squid-logs/store.log
    
    # logfile_rotate 10
    
    # mime_table c:/squid/etc/mime.conf
    
    # client_netmask 255.255.255.255
    
    # ftp_user squid@localhost.localdomain
    
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    refresh_pattern .		0	20%	4320
    
    acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
    upgrade_http0.9 deny shoutcast
    
    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache
    
    # server_http11 off
    
    half_closed_clients off
    
    visible_hostname localhost.localdomain
    
    # client_persistent_connections on
    # server_persistent_connections on
    # persistent_connection_after_error off
    
    # pipeline_prefetch off
    
    # windows_ipaddrchangemonitor on
    Saya sudah set IP -> Firewall -> NAT: {dstnat tcp port 80} -> {dst-nat to address 192.168.1.9 port 3128}

    Berikut adalah error yang saya dapat jika 192.168.1.9:3128 di mode transparent:
    Code:
    ERROR
    The requested URL could not be retrieved
    
    While trying to retrieve the URL: http://www.securitytoolsonline.com/request.php?
    
    The following error was encountered:
    
        * Unable to forward this request at this time. 
    
    This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:
    
        * The cache administrator does not allow this cache to make direct connections to origin servers, and
        * All configured parent caches are currently unreachable. 
    
    Your cache administrator is root@localhost.localdomain.
    Generated Wed, 04 Aug 2010 10:51:03 GMT by localhost.localdomain (squid/2.7.STABLE5)
    Dan berikut adalah error yang saya dapat jika 192.168.1.9:3128 tidak di mode transparant:
    Code:
    ERROR
    The requested URL could not be retrieved
    
    While trying to process the request:
    
    GET /request.php?op=proxy HTTP/1.0
    Host: www.securitytoolsonline.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Referer: http://www.google.com/search?hl=en&&sa=X&ei=LzRZTMbWK4WxrAfN_sWxDg&ved=0CBIQvwUoAQ&q=how+to+check+proxy+transparent&spell=1
    Cookie: PHPSESSID=b31268fba45c03c780a6c6b0cdb48a72; __gads=ID=00ae4271bc4ae67e:T=1280914494:S=ALNI_MZEk1X5cZiYBbRdFMLqOWTC2fmSoQ; __utma=55010601.80587643.1280914484.1280914484.1280914484.1; __utmb=55010601.17.10.1280914484; __utmc=55010601; __utmz=55010601.1280914486.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=how%20to%20check%20proxy%20transparent
    Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE5)
    X-Forwarded-For: 192.168.1.2
    Cache-Control: max-age=0
    Connection: keep-alive
    
    
    
    The following error was encountered:
    
        * Invalid Request 
    
    Some aspect of the HTTP Request is invalid. Possible problems:
    
        * Missing or unknown request method
        * Missing URL
        * Missing HTTP Identifier (HTTP/1.0)
        * Request is too large
        * Content-Length missing for POST or PUT requests
        * Illegal character in hostname; underscores are not allowed 
    
    Your cache administrator is root@localhost.localdomain.
    Generated Wed, 04 Aug 2010 10:44:09 GMT by localhost.localdomain (squid/2.7.STABLE5)
    Mohon bantuan dan pencerahannya... Kalo ada saran/masukan/optimisasi lainnya buat squid.conf saya menerimanya dengan senang hati Click here to enlarge

    Catatan: config diatas yg ada '#' saya bingung mau dinyalain ato nggak, sekalian mohon petunjuknya...

    Atas perhatian dan bantuan yang diberikan saya ucapkan terima kasih Click here to enlarge

  2. #2
    Status
    Offline
    karaeng's Avatar
    VIP Member
    Join Date
    Jun 2010
    Posts
    958
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by andy Click here to enlarge
    Buat para master Mikrotik, tolong bantuin saya setting-up SQUID dong...

    Berikut adalah topologinya:

    Client 192.168.1.0/24 --- SQUID 192.168.1.9:3128 --- Mikrotik 192.168.1.1 --- Gateway 192.168.1.254

    Berikut adalah squid.conf:
    Code:
    acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl localnet src 192.168.1.0/24
    
    acl SSL_ports port 443
    acl SSL_ports port 2083		# cPanel
    acl SSL_ports port 2087		# WHM
    acl SSL_ports port 2096		# WebMail
    acl Safe_ports port 80		# http
    acl Safe_ports port 21		# ftp
    acl Safe_ports port 443		# https
    acl Safe_ports port 70		# gopher
    acl Safe_ports port 210		# wais
    acl Safe_ports port 1025-65535	# unregistered ports
    acl Safe_ports port 280		# http-mgmt
    acl Safe_ports port 488		# gss-http
    acl Safe_ports port 591		# filemaker
    acl Safe_ports port 777		# multiling http
    acl CONNECT method CONNECT
    
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    
    http_access allow localnet
    
    # And finally deny all other access to this proxy
    http_access deny all
    
    #Allow ICP queries from local networks only
    icp_access allow localnet
    icp_access deny all
    
    # Squid normally listens to port 3128
    http_port 3128 transparent
    
    hierarchy_stoplist cgi-bin ?
    
    cache_mem 4096 MB
    
    memory_replacement_policy heap GDSF
    
    cache_replacement_policy heap LFUDA
    
    cache_dir ufs f:/squid-cache 6000 14 256
    
    access_log e:/squid-logs/access.log squid
    
    cache_log e:/squid-logs/cache.log
    
    cache_store_log e:/squid-logs/store.log
    
    # logfile_rotate 10
    
    # mime_table c:/squid/etc/mime.conf
    
    # client_netmask 255.255.255.255
    
    # ftp_user squid@localhost.localdomain
    
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    refresh_pattern .		0	20%	4320
    
    acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
    upgrade_http0.9 deny shoutcast
    
    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache
    
    # server_http11 off
    
    half_closed_clients off
    
    visible_hostname localhost.localdomain
    
    # client_persistent_connections on
    # server_persistent_connections on
    # persistent_connection_after_error off
    
    # pipeline_prefetch off
    
    # windows_ipaddrchangemonitor on
    Saya sudah set IP -> Firewall -> NAT: {dstnat tcp port 80} -> {dst-nat to address 192.168.1.9 port 3128}

    Berikut adalah error yang saya dapat jika 192.168.1.9:3128 di mode transparent:
    Code:
    ERROR
    The requested URL could not be retrieved
    
    While trying to retrieve the URL: http://www.securitytoolsonline.com/request.php?
    
    The following error was encountered:
    
        * Unable to forward this request at this time. 
    
    This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:
    
        * The cache administrator does not allow this cache to make direct connections to origin servers, and
        * All configured parent caches are currently unreachable. 
    
    Your cache administrator is root@localhost.localdomain.
    Generated Wed, 04 Aug 2010 10:51:03 GMT by localhost.localdomain (squid/2.7.STABLE5)
    Dan berikut adalah error yang saya dapat jika 192.168.1.9:3128 tidak di mode transparant:
    Code:
    ERROR
    The requested URL could not be retrieved
    
    While trying to process the request:
    
    GET /request.php?op=proxy HTTP/1.0
    Host: www.securitytoolsonline.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Referer: http://www.google.com/search?hl=en&&sa=X&ei=LzRZTMbWK4WxrAfN_sWxDg&ved=0CBIQvwUoAQ&q=how+to+check+proxy+transparent&spell=1
    Cookie: PHPSESSID=b31268fba45c03c780a6c6b0cdb48a72; __gads=ID=00ae4271bc4ae67e:T=1280914494:S=ALNI_MZEk1X5cZiYBbRdFMLqOWTC2fmSoQ; __utma=55010601.80587643.1280914484.1280914484.1280914484.1; __utmb=55010601.17.10.1280914484; __utmc=55010601; __utmz=55010601.1280914486.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=how%20to%20check%20proxy%20transparent
    Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE5)
    X-Forwarded-For: 192.168.1.2
    Cache-Control: max-age=0
    Connection: keep-alive
    
    
    
    The following error was encountered:
    
        * Invalid Request 
    
    Some aspect of the HTTP Request is invalid. Possible problems:
    
        * Missing or unknown request method
        * Missing URL
        * Missing HTTP Identifier (HTTP/1.0)
        * Request is too large
        * Content-Length missing for POST or PUT requests
        * Illegal character in hostname; underscores are not allowed 
    
    Your cache administrator is root@localhost.localdomain.
    Generated Wed, 04 Aug 2010 10:44:09 GMT by localhost.localdomain (squid/2.7.STABLE5)
    Mohon bantuan dan pencerahannya... Kalo ada saran/masukan/optimisasi lainnya buat squid.conf saya menerimanya dengan senang hati Click here to enlarge

    Catatan: config diatas yg ada '#' saya bingung mau dinyalain ato nggak, sekalian mohon petunjuknya...

    Atas perhatian dan bantuan yang diberikan saya ucapkan terima kasih Click here to enlarge
    klo lihat topologinya, tuh squid posisi di antara mikrotik dan klien...
    jadi di brigde aja Squidna, gunain 2 bh Ethernet....

  3. #3
    Status
    Offline
    andy's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Beeze Shehu Makom Baolam
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Klo 'maksain' 1 ethernet aja gimana bro?
    Soalnya SQUID itu sebagai NAS Server juga...
    Kan RAID 5 NAS nya, jadi sekalian di-fungsiin sebagai SQUID.
    Jadi mau nggak mau SQUID tetap satu network sama client lainnya...

  4. #4
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by andy Click here to enlarge
    Klo 'maksain' 1 ethernet aja gimana bro?
    Soalnya SQUID itu sebagai NAS Server juga...
    Kan RAID 5 NAS nya, jadi sekalian di-fungsiin sebagai SQUID.
    Jadi mau nggak mau SQUID tetap satu network sama client lainnya...
    kalau mau maksain juga di dalam cuminya di mainkan IPTABLES Click here to enlarge kalau nggak dibalik aja .. mikrotik di depan dan cuminya sebagai gateway ke internet. jadi MKT berfungsi sebagai Router Click here to enlarge semua fungsi router di mikrotik fungsi dan, kalau nggak salah topo anda seperti ini :

    CL ===== SWITCH ======= INET (GATEWAY) gitu bukan yach kalau topologi seperti ini mana bisa di alihkan ke cumi.
    SQUID =====
    MKT =====
    Last edited by kambeeng; 06-08-2010 at 16:35.

  5. #5
    Status
    Offline
    andy's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Beeze Shehu Makom Baolam
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    minta jamunya iptables deh...

    topologi saya seperti ini:

    GATEWAY (192.168.1.254) --- MKTIK (192.168.1.1) --- SQUID (192.168.1.9:3128) --- CLIENT (192.168.1.0/24)

    semuanya dalam satu network.

  6. #6
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by andy Click here to enlarge
    minta jamunya iptables deh...

    topologi saya seperti ini:

    GATEWAY (192.168.1.254) --- MKTIK (192.168.1.1) --- SQUID (192.168.1.9:3128) --- CLIENT (192.168.1.0/24)

    semuanya dalam satu network.
    topo yang aneh kenapa nggak beda IP apa masalahnya Click here to enlarge

    mengenai NAS (Network Access Storage) emang harus satu IP saya rasa nggak kok Click here to enlarge

    harusnya boleh topo seperti itu tetapi seperti ini Click here to enlarge maaf bukan mengurui Click here to enlarge

    Contoh Gateway 192.168.3.254 --- interface eth1 MKT -- 192.168.3.1 --- eth0 int mkt -- 192.168.2.1 -- Eth 1 Cumi Eth1 192.168.2.2 CUMI eth0 --- 192.168.1.1 --- CLIENT .. saya rasa coba gunakan topo ini pasti jalan semunya termasuk (NAS) juga gimana

  7. #7
    Status
    Offline
    andy's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Beeze Shehu Makom Baolam
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Talking

    Click here to enlarge Originally Posted by kambeeng Click here to enlarge
    topo yang aneh kenapa nggak beda IP apa masalahnya Click here to enlarge

    mengenai NAS (Network Access Storage) emang harus satu IP saya rasa nggak kok Click here to enlarge

    harusnya boleh topo seperti itu tetapi seperti ini Click here to enlarge maaf bukan mengurui Click here to enlarge

    Contoh Gateway 192.168.3.254 --- interface eth1 MKT -- 192.168.3.1 --- eth0 int mkt -- 192.168.2.1 -- Eth 1 Cumi Eth1 192.168.2.2 CUMI eth0 --- 192.168.1.1 --- CLIENT .. saya rasa coba gunakan topo ini pasti jalan semunya termasuk (NAS) juga gimana
    pernah cobain beda gitu walau udah di bridge NAS nya nggak tembus gan, lagipula capek klo musti modifikasi jaringan, soalnya udah di bagi pengaturan & assignment IP address nya dari management di perusahaan kita.

  8. #8
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    sekarang kalau dengan topo yang agan punya .. fungsi MKT sebagai apa ... Click here to enlarge kalau semuanya sejajar

  9. #9
    Status
    Offline
    andy's Avatar
    Newbie
    Join Date
    May 2009
    Location
    Beeze Shehu Makom Baolam
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mikrotik sebagai gateway utama, dan modem sebagai router aja.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problem squid transparent
    By brain_lord2000 in forum Wireless Networking
    Replies: 0
    Last Post: 23-07-2010, 13:47
  2. Mikrotik + Transparent Squid + Dansguardian
    By Ekoy77 in forum Tutorial
    Replies: 2
    Last Post: 01-01-2010, 14:37
  3. [how to] Mikrotik + Transparent Squid + Dansguardian
    By Ekoy77 in forum General Networking
    Replies: 0
    Last Post: 17-12-2009, 16:15
  4. Ask : IP client tidak bisa tercatat pada log squid
    By w1z4rd in forum General Networking
    Replies: 16
    Last Post: 31-05-2009, 01:22
  5. Squid sejajar Client, bisa gak di set transparent??
    By Xerophie in forum General Networking
    Replies: 12
    Last Post: 02-08-2008, 13:07

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •