Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    (ask) cara redirect dstnat dari MT ke squidbox

    dari dulu...dicoba redirect seperti ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=dstnat to-address=ip squidbox to-ports=3128 comment="" disabled=no

    dan webproxy MT dimatikan
    hasilnya error terus ketika browsing

    tapi klo pake ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=redirect to-ports=3128 comment="" disabled=no

    dengan web-proxy aktif dan diset parent proxy dengan ip squidbox baru jalan browsingnya.

    ada saran ????? sekarang pakenya yang kedua...pengennya pake yang pertama.
    topologi jaringan saya :
    INET-----|MT|----Klient
    -----------|
    -----------|
    ---------|squid|

  2. #2
    Status
    Offline
    rickythecrabs's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    228
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    coba bantu ya boss....
    udah cobain pk ip proxy mikrotiknya gak buat redirectnya
    biar webproxynya bisa dimatikan / didisable
    ane pk cara begini boss...kebetulan proxy server ane jg sejajar klien

    moga membantu

  3. #3
    Status
    Offline
    sartugiono's Avatar
    Baru Gabung
    Join Date
    Jan 2008
    Posts
    10
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
    /ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

    /ip pr se en=ye po=80 pa=(ip squid box):8080
    web proxy di MT disable aja

    dengan asumsi port squid adalah 8080
    biasanya kalo aku cukup itu aja
    Click here to enlarge

  4. #4
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    @rickythecrabs
    maksudnya : pake ip proxy MT bukan web-proxynya?
    trus klo gak pake redirect berarti bukan transparant-proxy, betul begitu?
    berarti harus setting atu-atu diclient!Click here to enlarge cape dech......

    @sartugiono
    apa bedanya dengan settingan saya?
    trus yg ini apa maksudnya?

    /ip pr se en=ye po=80 pa=(ip squid box):8080

    sorry balik nanya soalnya....bagi saya masih belum jelas....

  5. #5
    Status
    Offline
    sartugiono's Avatar
    Baru Gabung
    Join Date
    Jan 2008
    Posts
    10
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    beda ndak sih? Click here to enlarge

    di mikrotik itu kan salah satu enaknya, bisa disingkat itu perintah,
    coba ketik di koncol ip pr
    pasti akan masuk kedirektori IP--proxy

    kalo perintah-panjangannya nyang itu cih :
    /ip proxy set enabled=yes port=80 parent-proxy=(IP SQUIDBOX):8080

    Click here to enlarge

  6. #6
    Status
    Offline
    rickythecrabs's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    228
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    sori ya boss klo bantuan nya gak jelas.. Click here to enlarge
    maksud ane begini boss...sama dg yg dikasih boss sartugiono
    kan untuk transparent proxy qta udah set di proxy servernya, jd gak usah set proxy klien atu2
    nah untuk di mikrotiknya rule redirect nya ttp, trus enable ip proxy MT, isi portnya, ip parent proxy+portnya jg diisi sesuai ip proxy server boss...
    >ip proxy set enable=yes
    >ip proxy port=8080
    >ip proxy parent proxy=diisi ip address proxy server
    >ip proxy parent proxy port=diisi port proxy server
    intinya proxy MT diset sesuai isian webproxy MT, stlh ntuh disable / matiin webproxy nya
    ane pk cara begitu jalan sih boss, jd proxy nya MT cmn buat lewat doang

    moga gak semakin bingung Click here to enlarge
    Last edited by rickythecrabs; 12-03-2008 at 16:26. Reason: edit

  7. #7
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    @rickythecrabs dan @sartugiono
    klo cara yang anda-anda sarankan sudah berjalan lancar dari dulu....

    pengennya pake yang pertama dimana tidak menyeting proxy MT sama sekali jadi setiap request keport 80 sama MT langsung diteruskan ke squid-box tanpa diolah oleh proxy maupun web-proxy MT

  8. #8
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    dari dulu...dicoba redirect seperti ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=dstnat to-address=ip squidbox to-ports=3128 comment="" disabled=no

    dan webproxy MT dimatikan
    hasilnya error terus ketika browsing

    tapi klo pake ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=redirect to-ports=3128 comment="" disabled=no

    dengan web-proxy aktif dan diset parent proxy dengan ip squidbox baru jalan browsingnya.

    ada saran ????? sekarang pakenya yang kedua...pengennya pake yang pertama.
    topologi jaringan saya :
    INET-----|MT|----Klient
    -----------|
    -----------|
    ---------|squid|
    coba dirubah dikit buat yg pertama

    chain=dstnat in-interface=Local src-address=!ip-proxy src-address-list=LAN protocol=tcp dst-port=80 action=dst-nat to-addresses=ip-proxy to-ports=3128

  9. #9
    Status
    Offline
    kucingGarong's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    235
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    dari dulu...dicoba redirect seperti ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=dstnat to-address=ip squidbox to-ports=3128 comment="" disabled=no

    dan webproxy MT dimatikan
    hasilnya error terus ketika browsing

    tapi klo pake ini:
    / ip firewall nat
    add chain=dstnat in-interface=LAN protocol=tcp dst-port=80 \
    src-address-list=LAN action=redirect to-ports=3128 comment="" disabled=no

    dengan web-proxy aktif dan diset parent proxy dengan ip squidbox baru jalan browsingnya.

    ada saran ????? sekarang pakenya yang kedua...pengennya pake yang pertama.
    topologi jaringan saya :
    INET-----|MT|----Klient
    -----------|
    -----------|
    ---------|squid|
    coba rule untuk redirectnya di taro paling atas, trus di squid boxnya masukin juga rulenya/ip table untuk redirect.

  10. #10
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo redirect langsung engga bisa.
    yang namanya action: redirect dari dulu sampai besok pun pasti ke local port .

    kalo model yang elo pake di thread pertama itu namanya bukan redirect tapi NAT.

    linux pun begitu yang namanya redirect itu ke local port bukan ke remote port (dalam arti ini ke port diluar mesin linux itu).

    ini ada quote dari dansguardian, coba baca yang gue cetak tebal tentang redirection

    Transparent Proxy configuration

    In my setup, I have a Linux firewall () that only provides firewalling services. Squid and Dansguardian are running on a seperate Linux server on the internal network. The ultimate goal of setting up content filtering is to have everybody use it, without being able to get around it. One way to do this is to block all out going web (port 80) requests, and only allow them from the proxy server. This will force every user to specify a port in their browser configuration if their browser supports it. An easier method is to set up some firewall rules:

    * make sure transparent proxy support is compiled in the Linux kernel on the firewall

    * at the top of the firewall rules/chains, Insert a rule to allow access from your proxy server

    * at the bottom of the firewall rules/chains, add a rule to redirect all outgoing web requests to a local port: ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 8081 -l

    * use 'tproxyd' or 'redir' to do the redirection: redir --lport=8081 --laddr=192.168.20.1 --cport=8080 --caddr=192.168.20.3

    * do not use the --transproxy flag with redir in this scenario. It will slow requests by 3-4 seconds.

    * we need to use redir, because ipchains will only redirect to local ports, not ports on other systems.

    * in the above notes, 192.168.20.1 is the firewall, 192.168.20.3 is the proxy server, port 3128 is squid, port 8080 is Dans Guardian, port 8081 is the local redirection port on the firewall.
    nah disitu ada ketarangan cara memakai proxy kalo squidnya misah dari router linuxnya di set di tproxy (gue cetak miring bukan di ipchains/iptablesnya linux) kalo ipchains tables di linux, berarti di mikrotiknya di /ip fire ....

    semoga engga membuat bingung.

    kalo mo redir ke proxy luar. harus di aplikasinya (di mikrotik berarti di proxy-nya) bukan NAT nya.
    jadi cara setting redir

    1. intercept port dari luar ke internal mesin
    2. redir ke local port lain di mesin itu
    3. aplikasi listen di mesin port lain itu.
    4. aplikasi 'melempar' ke remote comp / memakai internal program tsb (tergantung cara settingnya) dalam hal ini proxy cache
    Last edited by okto_2005; 13-03-2008 at 09:24.

  11. #11
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    jadi intinya: di MT harus diaktifkan proxy/web-proxy dulu baru dialihkan ke proxy luar (melalui mekanisme parent-proxy).....bukan begitu ?
    dan tidak mungkin untuk meredirect langsung.....?

    bener gak kesimpulannya?
    klo bener silahkan om moderator diclosed tread-nya, karena klo kesimpulannya begitu proxy saya sudah jalan (soalnya dari awal begitu setinggannya...)
    klo salah.....Click here to enlarge

  12. #12
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gw jadi rada2 bingung
    Click here to enlarge
    ini mau nya port 80 dilariin ke squid box kan ?
    nah pertanyaannya gimana ?
    mau pake proxy di mikrotik atau ndak ?
    kalau tanpa webproxy nya mikrotik, ya langsung aja pake dstnat
    chain=dstnat in-interface=Local src-address=!ip-proxy protocol=tcp dst-port=80 action=dst-nat to-addresses=ip-proxy to-ports=3128

    tapi kalo pake webproxy nya mikroti, tinggal di parent ke squid box kan.
    atau gw yg lagi pusing ya
    maklum, lgi pusing mikirin create dota di thread sebelah
    Click here to enlarge
    Last edited by c0nf; 14-03-2008 at 15:04.

  13. #13
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by c0nf Click here to enlarge
    gw jadi rada2 bingung
    Click here to enlarge
    ini mau nya port 80 dilariin ke squid box kan ?
    nah pertanyaannya gimana ?
    mau pake proxy di mikrotik atau ndak ?
    kalau tanpa webproxy nya mikrotik, ya langsung aja pake dstnat
    chain=dstnat in-interface=Local src-address=!ip-proxy protocol=tcp dst-port=80 action=dst-nat to-addresses=ip-proxy to-ports=3128
    ----> yang kayak gini gak jalan ditempat ane, mungkin ane yang OOT jadinya pake yang dibawah ini daripada pusing.....Click here to enlarge

    tapi kalo pake webproxy nya mikroti, tinggal di parent ke squid box kan.
    atau gw yg lagi pusing ya
    maklum, lgi pusing mikirin create dota di thread sebelah
    Click here to enlarge
    tapi makasih semuanya........

  14. #14
    Status
    Offline
    paidjo's Avatar
    Baru Gabung
    Join Date
    Aug 2007
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    redirect squidbox linux

    coba baca disini mas
    Last edited by paidjo; 26-08-2008 at 19:50.

  15. The Following User Says Thank You to paidjo For This Useful Post:


  16. #15
    Status
    Offline
    rickythecrabs's Avatar
    Member
    Join Date
    Sep 2007
    Posts
    228
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by paidjo Click here to enlarge
    coba baca disini mas
    untuk lengkapnya rule NAT yg dibikin boss paidjo...
    mgkn bisa dicoba ama boss @sum14ardi
    ane coba jg jalan boss
    Last edited by rickythecrabs; 15-03-2008 at 12:28. Reason: edit

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Mikrotik dengan SquidBox
    By okto_2005 in forum Tutorial
    Replies: 26
    Last Post: 07-05-2013, 18:49
  2. Cara belajar linux dari awal
    By rhon in forum Beginner Basics
    Replies: 18
    Last Post: 22-08-2011, 16:03
  3. download dari mesin mikrotik,client ngambil dari ftp
    By carrud in forum General Networking
    Replies: 7
    Last Post: 11-04-2008, 08:50
  4. <ask> gmn cara redirect url
    By john_0ng80 in forum Beginner Basics
    Replies: 6
    Last Post: 20-10-2007, 18:54
  5. (ask) Cara Batesin download dari extention
    By ace in forum General Networking
    Replies: 19
    Last Post: 23-08-2007, 15:39

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •