Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 35
  1. #1
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [tanya] DNAT dan Proxy

    hmm topologynya gini :

    Click here to enlarge

    jadi antara pc workstation, dengan proxy dan juga salah satu interface router board berada didalam satu segment. Mereka bisa saling ping. Click here to enlarge

    test pertama :
    apabila dari workstion, browsing langsung... bisa
    karena emang di masquerade di router board
    jadi gatewaynya (dalam hal ini RB) berjalan dengan baik2 aja Click here to enlarge

    test kedua :
    apabila browser di workstation di arahkan secara manual ke proxy .. bisa
    jadi proxynya berjalan dengan baik2 aja Click here to enlarge

    nah yang di inginkan adalah kalo workstation mau ke internet, bisa langsung, gak usah pake setting proxy di browser... tapi mau internet, lewat ke proxy dulu.

    jadi kaya transparant proxy gituh... gimana bisa gak yah ?

    kemaren aye coba :

    dnat, semua ip, kecuali proxy, dengan protocol tcp, ke port 80 di dnat ke ip proxy dengan portnya proxy.

    tapi waktu di coba....gak bisa.... Click here to enlarge


    ada yg bisa tolong bantu ??

  2. #2
    Status
    Offline
    cooling's Avatar
    Member
    Join Date
    Dec 2007
    Posts
    209
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    contoh yang sudah ada kayak apa nih ? jadi bias dikaji bareng - bareng yah ......

  3. #3
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kan ada ini redirect port
    dstnat port 80,8080,3128,433 dsb port yg di inginkan
    selain browser port bisa juga mirc, ym , msn dll

  4. #4
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Mustinya sih memang di Squidnya dibikin transparan baru bisa di redirect ke squid. Sudah di bikin transparan belum squidnya

    Click here to enlarge Originally Posted by princenux Click here to enlarge
    hmm topologynya gini :

    Click here to enlarge

    test kedua :
    apabila browser di workstation di arahkan secara manual ke proxy .. bisa
    jadi proxynya berjalan dengan baik2 aja Click here to enlarge

    nah yang di inginkan adalah kalo workstation mau ke internet, bisa langsung, gak usah pake setting proxy di browser... tapi mau internet, lewat ke proxy dulu.

    jadi kaya transparant proxy gituh... gimana bisa gak yah ?

    kemaren aye coba :

    dnat, semua ip, kecuali proxy, dengan protocol tcp, ke port 80 di dnat ke ip proxy dengan portnya proxy.

    tapi waktu di coba....gak bisa.... Click here to enlarge


    ada yg bisa tolong bantu ??

  5. #5
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hmmm sebenernya di linuxnya juga udah di coba bongkar...
    di squidnya...
    udah di tambahin :

    http_port 3128 transparent
    always_direct allow all

    itu menurut research gua yg terakhir.. dan juga berdasarkan percobaan...

    dokumentasi :


    nah kalo di topic sebelumnya... IPnya itu beda, antara IP Client dan juga IP Gatewaynya.. yg satu 10.xxx yg satu lagi 192.xxx

    nah yg di problem sekarang.. ipnya satu segment...

    ====================

    tampak mudah.. tapi waktu di coba gak bisa...
    mungkin ada yg bisa bantu2... Click here to enlarge

  6. #6
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    iptables squidnya gmn? pake squid versi brp kk?

    karena port 80 yg di redirect queue di client nanti gak jalan dunk??
    kalo squidnya yg di queue nanti perebutan dunk.. Click here to enlarge

  7. #7
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Kalau sekarang IP-nya dan bentuk konfigurasi IP-nya gimana dan berapa dan konfigurasi firewallnya kayak apa?

    Click here to enlarge Originally Posted by princenux Click here to enlarge
    di squidnya...
    udah di tambahin :

    http_port 3128 transparent
    always_direct allow all

    dokumentasi :


    nah kalo di topic sebelumnya... IPnya itu beda, antara IP Client dan juga IP Gatewaynya.. yg satu 10.xxx yg satu lagi 192.xxx

    nah yg di problem sekarang.. ipnya satu segment...

  8. #8
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    squidnya pake versi 2.7
    kemudian gak ada firewall apa2...

    udah di coba juga sih.. yg di redirect ke 3128, tapi gak ada efek juga. sebenernya sih.. si iptables itu gak akan efek juga, karena kan secara mikrotik udah di lempar ke squid, dan spesifik ke port 3128nya.

    ip nya ? semua satu segment...
    yah anggaplah..

    mikrotik 192.168.10.1
    squid 192.168.10.2 dengan port 3128
    workstation 192.168.10.100 - 200

    harusnyga gak ada masalah dengan per-ip-an...
    karena kalo di set manual ke proxy berjalan dengan baik dan benar... kalo gak pake proxy juga benar...

    *karena statusnya temporer dulu, sebelum bisa di redirect

  9. #9
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    sorry malah jadi introgasi nih....

    sorry boss.....bukan maksud mau nambah bingung si boss...
    soalnya saya mau komentar jadi bingung, takut gak nyambung, makanya saya perlu introgasi dulu nih.....sorry ya boss Click here to enlarge

    1. Klo bisa....gambar topologi yg diinginkan gimana sih ???
    2. Script atau config yg pernah boss pake dimikrotik yg menyebabkan transparent proxy-nya gatot, seperti apa? bisa dicopy disini ?

    klo ditempat saya masih memanfaatkan fungsi parent dari web-proxy mikrotik, dikarenakan jika memakai fungsi dst-nat (berhubung topologinya, squid-proxy sejajar client) maka pemakaian bandwidth kurang maksimal.

    saya pernah pake script dst-nat untuk dst-nat langsung ke squid-proxy, ini print scriptnya (MT saya versi 3.XX) :

    Code:
    [admin@MikroTik] /ip firewall nat> pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0  chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=318 
         protocol=tcp src-address-list=LAN 1 in-interface=LAN dst-port=80 
    
     1  chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=318 
         protocol=tcp src-address-list=LAN 1 in-interface=LAN dst-port=8080 
    
     2  chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=318 
         protocol=tcp src-address-list=LAN 1 in-interface=LAN dst-port=3128 
    
     3  chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=318 
         protocol=tcp src-address-list=LAN 1 in-interface=LAN dst-port=808 
    
     4  chain=srcnat action=src-nat to-addresses=192.168.6.1 to-ports=0-65535 
         protocol=tcp src-address-list=LAN 1 
    saya pake address-list, gak pake juga gpp, bisa pake src-address="range ip client"
    dan yg di bold jangan sampai terlupakan, jika ini tidak dipake biasanya error sewaktu browsing
    untuk src-nat to address="" (pada bagian yg di bold) diisikan ip mikrotik yg mengarah ke squid-proxy

    semoga membantu
    Last edited by sum14rdi; 03-12-2008 at 12:37.

  10. #10
    Status
    Offline
    clovanzo's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    408
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge

    klo ditempat saya masih memanfaatkan fungsi parent dari web-proxy mikrotik, dikarenakan jika memakai fungsi dst-nat (berhubung topologinya, squid-proxy sejajar client) maka pemakaian bandwidth kurang maksimal.
    Squid yg sejajar sama client sebagai sibling atau parent nya si web-proxy mas? boleh dong liat liat config web-proxy dan iptables di mesin squidnya Click here to enlarge

  11. #11
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    untuk config web-proxy dimikrotik saya, sama aja dengan yg lainnya ngikutin tuts2 yg ada, tinggal nambahin parent-proxy = "Ip squid" dan parent-proxy-port="port squid proxy".
    sedangkan di /ip fire nat pake fungsi redirect Click here to enlarge
    untuk squid.conf di squid box saya gak hapal tapi klo contoh silahkan mampir di forum tetangga, banyak kog contoh squid.conf

    maaf bukannya pelit...tapi memang config saya standar aja sama dengan tuts2 yg ada, yg beda paling IP-IP nya aja karena disesuaikan dengan network saya

    Click here to enlarge

  12. #12
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hmm itu kenapa ada src nat yah ???

  13. #13
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    klo tanya kenapa ada src-nat...saya jawabnya karena ditempat saya klo gak pake itu dst-nat yg atasnya jadi mubajir alias gak jalan proses pembelokan ke squid-proxynya...

    klo alasan tepatnya saya juga gak tahu...wong cuma comot dari beberapa tuts kog Click here to enlarge

    kali aja ditempat boss bisa jalan pembelokan datanya ke squid-proxy tanpa src-nat, jadi dicoba-coba aja boss

    Click here to enlarge

  14. #14
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo dari konfigurasi yg pake src nat..
    itu antara mikrotik, squid dan workstation, berada di satu segment apa gak ? maksudnya berada di network id yg sama apa gak ?

    sebenernya kalo gak berada di network id atau di segment yg sama, yah kudu ada di src nat.. tapi kalo gak, kayanya gak butuh... dan concern lainnya, di squidnya ada log analyzer.. jadi dari log-nya mau di generate report. Kalo kita pake src nat, nanti sourcenya jadi si mikrotik.

  15. #15
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    saya udah coba pake 2 topologi...klo gak ada src-nat itu maka koneksi akan "bengong" gak nyambung2, setelah dipake src-nat jadi nyambung.
    hari ini saya modif src-nat nya, menjadi :

    Code:
    [admin@MikroTik] > /ip fire nat pr
    Flags: X - disabled, I - invalid, D - dynamic 
     0   chain=srcnat action=masquerade src-address-list=LAN 1 out-interface=pppoe-out1 
    
     1   chain=srcnat action=masquerade src-address=192.168.6.0/24 out-interface=pppoe-out1 
    
     2 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address-list=LAN 1 
         in-interface=LAN dst-port=80 
    
     3 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address-list=LAN 1 
         in-interface=LAN dst-port=8080 
    
     4 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address-list=LAN 1 
         in-interface=LAN dst-port=3128 
    
     5 X chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address-list=LAN 1 
         in-interface=LAN dst-port=808 
    
     6   chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=8080 protocol=tcp 
         src-address-list=LAN 1 in-interface=LAN dst-port=80 
    
     7   chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=8080 protocol=tcp 
         src-address-list=LAN 1 in-interface=LAN dst-port=8080 
    
     8   chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=8080 protocol=tcp 
         src-address-list=LAN 1 in-interface=LAN dst-port=3128 
    
     9   chain=dstnat action=dst-nat to-addresses=192.168.6.2 to-ports=8080 protocol=tcp 
         src-address-list=LAN 1 in-interface=LAN dst-port=808 
    
    10   chain=srcnat action=src-nat to-addresses=192.168.1.118 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.118 out-interface=PROXY 
    
    11   chain=srcnat action=src-nat to-addresses=192.168.1.16 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.16 out-interface=PROXY 
    
    12   chain=srcnat action=src-nat to-addresses=192.168.1.78 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.78 out-interface=PROXY 
    
    13   chain=srcnat action=src-nat to-addresses=192.168.1.88 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.88 out-interface=PROXY 
    
    14   chain=srcnat action=src-nat to-addresses=192.168.1.13 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.13 out-interface=PROXY 
    
    15   chain=srcnat action=src-nat to-addresses=192.168.1.14 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.14 out-interface=PROXY 
    
    16   chain=srcnat action=src-nat to-addresses=192.168.1.17 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.17 out-interface=PROXY 
    
    17   chain=srcnat action=src-nat to-addresses=192.168.1.21 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.21 out-interface=PROXY 
    
    18   chain=srcnat action=src-nat to-addresses=192.168.1.25 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.25 out-interface=PROXY 
    
    19   chain=srcnat action=src-nat to-addresses=192.168.1.33 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.33 out-interface=PROXY 
    
    20   chain=srcnat action=src-nat to-addresses=192.168.1.34 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.34 out-interface=PROXY 
    
    21   chain=srcnat action=src-nat to-addresses=192.168.1.35 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.35 out-interface=PROXY 
    
    22   chain=srcnat action=src-nat to-addresses=192.168.1.36 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.36 out-interface=PROXY 
    
    23   chain=srcnat action=src-nat to-addresses=192.168.1.38 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.38 out-interface=PROXY 
    
    24   chain=srcnat action=src-nat to-addresses=192.168.1.43 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.43 out-interface=PROXY 
    
    25   chain=srcnat action=src-nat to-addresses=192.168.1.52 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.52 out-interface=PROXY 
    
    26   chain=srcnat action=src-nat to-addresses=192.168.1.82 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.82 out-interface=PROXY 
    
    27   chain=srcnat action=src-nat to-addresses=192.168.1.112 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.112 out-interface=PROXY 
    
    28   chain=srcnat action=src-nat to-addresses=192.168.1.125 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.125 out-interface=PROXY 
    
    29   chain=srcnat action=src-nat to-addresses=192.168.1.126 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.126 out-interface=PROXY 
    
    30   chain=srcnat action=src-nat to-addresses=192.168.1.170 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.170 out-interface=PROXY 
    
    31   chain=srcnat action=src-nat to-addresses=192.168.1.201 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.201 out-interface=PROXY 
    
    32   chain=srcnat action=src-nat to-addresses=192.168.1.212 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.212 out-interface=PROXY 
    
    33   chain=srcnat action=src-nat to-addresses=192.168.1.55 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.55 out-interface=PROXY 
    
    34   chain=srcnat action=src-nat to-addresses=192.168.1.15 to-ports=0-65535 protocol=tcp 
         src-address=192.168.1.15 out-interface=PROXY
    jadi ditulis per ip client, klo mau di ipcop-nya yg muncul bukan ip mikrotik...

    mungkin rekan lain punya "jamu" yg mengatasi hal ini...Click here to enlarge

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. tanya,gmn ngamanin web-proxy di MT
    By prv in forum General Networking
    Replies: 6
    Last Post: 11-08-2008, 00:54
  2. Tanya aktivitas web proxy
    By erhanet in forum General Networking
    Replies: 3
    Last Post: 05-05-2008, 16:06
  3. Tanya Web Proxy
    By adiel.nopria in forum General Networking
    Replies: 1
    Last Post: 30-11-2007, 23:31
  4. mau tanya Tentang Proxy nih
    By silvermild in forum Beginner Basics
    Replies: 2
    Last Post: 02-10-2007, 17:36
  5. DNAT mail,dns server
    By chmodzs in forum General Networking
    Replies: 3
    Last Post: 03-08-2007, 14:02

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •