Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    There is a loop in network for HTTP traffic.

    Bro sis..
    saya coba pakai proxy ubuntu squid dengan mikrotik ..

    topologi e :

    Internet
    |
    Mikrotik
    |
    Switch -------- Squid Proxy
    |
    VLAN / LAN


    Konfigurasi NAT :

    ;;; masquerade network
    chain=srcnat action=masquerade src-address=192.168.9.0/24

    chain=dstnat action=redirect to-ports=8080 protocol=tcp
    src-address=192.168.9.0/24 dst-port=80
    Konfigurasi Firewall :

    chain=forward action=accept protocol=tcp src-address=192.168.9.0/24
    dst-address=!192.168.9.100 src-port=80 dst-port=3128
    Konfigurasi Web proxy :

    enabled: no
    src-address: 0.0.0.0
    port: 8080
    parent-proxy: 192.168.9.100
    parent-proxy-port: 3128
    cache-administrator: "Administrator"
    max-cache-size: 10240KiB
    cache-on-disk: yes
    max-client-connections: 1000
    max-server-connections: 1000
    max-fresh-time: 3d
    serialize-connections: no
    always-from-cache: no
    cache-hit-dscp: 4
    cache-drive: secondary-master

    Knapa yah koq yg keluar di web browser :

    There is a loop in network for HTTP traffic. Check your network topology and proxy & firewall configuration

    ........
    Mohon pencerahan.. makasih..

  2. #2
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    Mendingan di Mikrotik dikasih ethernet tambahan yang mengarah ke proxy, biar tidak terjadi looping...

    Kalau dengan topologi itu sangat memungkinkan terjadi looping sih...

  3. #3
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ehm.. ada yg kurang..
    setting iptables e kira" gini :

    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -p tcp -m tcp -m state -m limit -i eth0 --tcp-flags FIN,SYN,RST,ACK SYN --limit 2/sec --state NEW -j ACCEPT
    -A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
    -A INPUT -p icmp -j DROP
    -A FORWARD -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.2.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.3.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.4.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.5.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.6.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.7.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.8.0/255.255.255.0 -i eth1 -j ACCEPT
    -A FORWARD -s 192.168.9.0/255.255.255.0 -i eth1 -j ACCEPT
    COMMIT
    # Completed

    *nat
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 8080
    -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.8.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.2.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.3.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.4.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.5.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.6.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.7.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.8.0/255.255.255.0 -o eth0 -j MASQUERADE
    -A POSTROUTING -s 192.168.9.0/255.255.255.0 -o eth0 -j MASQUERADE
    COMMIT
    # Completed

  4. #4
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by yosanpro Click here to enlarge
    Mendingan di Mikrotik dikasih ethernet tambahan yang mengarah ke proxy, biar tidak terjadi looping...

    Kalau dengan topologi itu sangat memungkinkan terjadi looping sih...
    wahduh.. aku pakai DOM e pak..
    PCI slot e udah habis..

  5. #5
    Status
    Offline
    akbar_lana's Avatar
    VIP Member
    Join Date
    Aug 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    735
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    di ubah bro konfigurasi NAT yang ini:

    chain=dstnat action=redirect to-ports=8080 protocol=tcp
    src-address=192.168.9.0/24 dst-address=!dst-port=80
    jadi seperti ini (ada dua pilihan):
    1. Tanpa Parent Proxy di Mikrotik (Settingan Web-Proxy di Mikrotik di hilangkan)
    chain=dstnat action=dst-nat to-address=192.168.9.100 to-ports=3128 protocol=tcp
    src-address=!192.168.9.100 dst-address=!192.168.9.100 dst-port=80
    2. Dengan Parent Proxy di Mikrotik
    chain=dstnat action=redirect to-ports=8080 protocol=tcp
    src-address=!192.168.9.100 dst-address=!192.168.9.100 dst-port=80
    Mungkin bisa memecahkan masalah loop traffic..Click here to enlarge

  6. The Following 2 Users Say Thank You to akbar_lana For This Useful Post:


  7. #6
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Makasih bro...

    kayak nya berhasil deh.. ehmm... cuman koq di squid e TCP MISS semua yah..

    btw.. sementara berhasil.. besok di ubek-ubek lagi..

    thanks....

  8. #7
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ehmm apakah ini pengaruh karena squid e baru saya restart yah ?

    statistik e begini :

    TCP_HIT 9 1%
    TCP_MISS 600 70%
    TCP_REFRESH_HIT 79 9%
    TCP_REFRESH_MISS 31 4%
    TCP_IMS_HIT 136 16%
    TCP_NEGATIVE_HIT 1 0%
    TCP_MEM_HIT 1 0%
    TCP_DENIED 1 0%
    Ehm.. ada yg tahu artinya ??

    makasih

  9. #8
    Status
    Offline
    vgate's Avatar
    Forum Guru
    Join Date
    Apr 2008
    Posts
    2,624
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    11 (100%)
    tambahin ini nih di .confnya:
    http_port 3128 transparent

  10. #9
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by vgate Click here to enlarge
    tambahin ini nih di .confnya:
    http_port 3128 transparent
    udah bro.. tetep aja banyak yg TCP_MISS ... apa karena habis aku restart yah squid e ?

  11. #10
    Status
    Offline
    vgate's Avatar
    Forum Guru
    Join Date
    Apr 2008
    Posts
    2,624
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    11 (100%)
    Click here to enlarge Originally Posted by seafer Click here to enlarge
    udah bro.. tetep aja banyak yg TCP_MISS ... apa karena habis aku restart yah squid e ?
    ntu untuk masalah loopnya broe, untuk TCP Miss coba di cek squid.confnya lagi mungkin masi blom pas

  12. #11
    Status
    Offline
    akbar_lana's Avatar
    VIP Member
    Join Date
    Aug 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    735
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    squid nya dah aktif berapa lama bro?

    coba post konfigurasi squid.conf nya bro & post jg performance squidnya "squidclient mgr:info"

    Click here to enlarge

  13. #12
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by akbar_lana Click here to enlarge
    squid nya dah aktif berapa lama bro?

    coba post konfigurasi squid.conf nya bro & post jg performance squidnya "squidclient mgr:info"

    Click here to enlarge
    ehm... "squidclient mgr:info" dapet e dari mana bro ? Click here to enlarge


    Gileeee... ini semalem bro.. udah penuh gini yak Click here to enlarge
    Store Directory Statistics:
    Store Entries : 89033
    Maximum Swap Size : 5120000 KB
    Current Store Swap Size: 5017624 KB
    Current Capacity : 98% used, 2% free

    Store Directory #0 (aufs): /cache
    FS Block Size 4096 Bytes
    First level subdirectories: 10
    Second level subdirectories: 256
    Maximum Size: 5120000 KB
    Current Size: 5017624 KB
    Percent Used: 98.00%
    Current load metric: 100 / 1000
    Filemap bits in use: 88668 of 262144 (34%)
    Filesystem Space in use: 6419772/9522988 KB (67%)
    Filesystem Inodes in use: 177989/601472 (30%)
    Flags: SELECTED
    Accepted object sizes: 0 - (unlimited) bytes
    Removal policy: heap

    Gini nih squid conf e....
    mohon di kasih petunyuk supaya lebih oke yah.. Click here to enlarge
    cl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 # https
    acl SSL_ports port 563 # snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT


    http_access allow manager localhost
    http_access deny manager

    http_access allow purge localhost
    http_access deny purge

    http_access deny !Safe_ports

    http_access deny CONNECT !SSL_ports

    # edited by akoe

    acl pusat src xxx.xxx.xxx.xxx
    acl localnet src 192.168.0.0/20

    # http_access allow our_networks

    http_access allow pusat
    http_access allow localhost
    http_access allow localnet

    # And finally deny all other access to this proxy
    http_access deny all

    #Allow ICP queries from everyone
    icp_access allow all

    # Squid normally listens to port 3128
    http_port 3128 transparent

    #We recommend you to use at least the following line.
    hierarchy_stoplist cgi-bin ?


    maximum_object_size_in_memory 32 KB

    memory_replacement_policy heap GDSF

    cache_replacement_policy heap LFUDA

    cache_dir aufs /cache 5000 10 256

    minimum_object_size 0 KB

    maximum_object_size 131072 KB

    cache_swap_low 98
    cache_swap_high 99

    access_log /var/log/squid/access.log squid

    cache_log /dev/null

    #Default:
    # cache_store_log /var/log/squid/store.log
    cache_store_log /dev/null

    #Default:
    log_fqdn off

    #We recommend you to use the following two lines.
    acl QUERY urlpath_regex cgi-bin \?

    #Suggested default:
    refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
    refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

    #Default:
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    quick_abort_pct 98

    # Apache to signal ETag correctly on such responses
    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache

    #Default:
    vary_ignore_expire on

    extension_methods REPORT MERGE MKACTIVITY CHECKOUT

    shutdown_lifetime 10 second


    log_icp_queries off

    icp_hit_stale on

    query_icmp on

    hosts_file /etc/hosts

    ipcache_size 1024
    ipcache_low 98
    ipcache_high 99

    memory_pools off

    reload_into_ims on

    coredump_dir /var/spool/squid

    pipeline_prefetch on

    # tambahan akoe

    follow_x_forwarded_for allow localhost
    follow_x_forwarded_for allow localnet
    acl diblok arp "/home/linux/blokku.acl"
    always_direct allow all
    cache deny localhost to_localhost pusat localnet QUERY
    http_access deny diblok

    Mohon saran supaya optimal..
    makasih...

  14. #13
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ehm.. ini kah yang dimaksud performance information ??

    Code:
    Squid Object Cache: Version 2.6.STABLE18
    Start Time:	Thu, 28 Jan 2010 07:57:53 GMT
    Current Time:	Fri, 29 Jan 2010 04:19:48 GMT
    Connection information for squid:
    	Number of clients accessing cache:	2
    	Number of HTTP requests received:	100247
    	Number of ICP messages received:	0
    	Number of ICP messages sent:	0
    	Number of queued ICP replies:	0
    	Number of HTCP messages received:	0
    	Number of HTCP messages sent:	0
    	Request failure ratio:	 0.00
    	Average HTTP requests per minute since start:	82.0
    	Average ICP messages per minute since start:	0.0
    	Select loop called: 9866648 times, 7.431 ms avg
    Cache information for squid:
    	Request Hit Ratios:	5min: 32.6%, 60min: 23.3%
    	Byte Hit Ratios:	5min: 27.5%, 60min: 21.8%
    	Request Memory Hit Ratios:	5min: 2.2%, 60min: 5.4%
    	Request Disk Hit Ratios:	5min: 25.8%, 60min: 27.2%
    	Storage Swap size:	5008836 KB
    	Storage Mem size:	8224 KB
    	Mean Object Size:	58.43 KB
    	Requests given to unlinkd:	0
    Median Service Times (seconds)  5 min    60 min:
    	HTTP Requests (All):   0.04776  0.06286
    	Cache Misses:          0.12783  0.16775
    	Cache Hits:            0.01745  0.00919
    	Near Hits:             0.27332  0.27332
    	Not-Modified Replies:  0.00463  0.00379
    	DNS Lookups:           0.00573  0.00372
    	ICP Queries:           0.00000  0.00000
    Resource usage for squid:
    	UP Time:	73314.619 seconds
    	CPU Time:	393.940 seconds
    	CPU Usage:	0.54%
    	CPU Usage, 5 minute avg:	1.46%
    	CPU Usage, 60 minute avg:	1.10%
    	Process Data Segment Size via sbrk(): 22892 KB
    	Maximum Resident Size: 0 KB
    	Page faults with physical i/o: 7
    Memory usage for squid via mallinfo():
    	Total space in arena:   22892 KB
    	Ordinary blocks:        21697 KB   7668 blks
    	Small blocks:               0 KB      0 blks
    	Holding blocks:           960 KB      3 blks
    	Free Small blocks:          0 KB
    	Free Ordinary blocks:    1194 KB
    	Total in use:           22657 KB 95%
    	Total free:              1194 KB 5%
    	Total size:             23852 KB
    Memory accounted for:
    	Total accounted:        15336 KB
    	memPoolAlloc calls: 18325253
    	memPoolFree calls: 18114779
    File descriptor usage for squid:
    	Maximum number of file descriptors:   1024
    	Largest file desc currently in use:     84
    	Number of file desc currently in use:   55
    	Files queued for open:                   0
    	Available number of file descriptors:  969
    	Reserved number of file descriptors:   100
    	Store Disk files open:                   1
    	IO loop method:                     epoll
    Internal Data Structures:
    	 86120 StoreEntries
    	  1872 StoreEntries with MemObjects
    	  1859 Hot Object Cache Items
    	 85719 on-disk objects

  15. #14
    Status
    Offline
    akbar_lana's Avatar
    VIP Member
    Join Date
    Aug 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    735
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by seafer Click here to enlarge
    Ehm.. ini kah yang dimaksud performance information ??

    Code:
    Squid Object Cache: Version 2.6.STABLE18
    Start Time:	Thu, 28 Jan 2010 07:57:53 GMT
    Current Time:	Fri, 29 Jan 2010 04:19:48 GMT
    Connection information for squid:
    	Number of clients accessing cache:	2
    	Number of HTTP requests received:	100247
    	Number of ICP messages received:	0
    	Number of ICP messages sent:	0
    	Number of queued ICP replies:	0
    	Number of HTCP messages received:	0
    	Number of HTCP messages sent:	0
    	Request failure ratio:	 0.00
    	Average HTTP requests per minute since start:	82.0
    	Average ICP messages per minute since start:	0.0
    	Select loop called: 9866648 times, 7.431 ms avg
    Cache information for squid:
    	Request Hit Ratios:	5min: 32.6%, 60min: 23.3%
    	Byte Hit Ratios:	5min: 27.5%, 60min: 21.8%
    	Request Memory Hit Ratios:	5min: 2.2%, 60min: 5.4%
    	Request Disk Hit Ratios:	5min: 25.8%, 60min: 27.2%
    	Storage Swap size:	5008836 KB
    	Storage Mem size:	8224 KB
    	Mean Object Size:	58.43 KB
    	Requests given to unlinkd:	0
    Median Service Times (seconds)  5 min    60 min:
    	HTTP Requests (All):   0.04776  0.06286
    	Cache Misses:          0.12783  0.16775
    	Cache Hits:            0.01745  0.00919
    	Near Hits:             0.27332  0.27332
    	Not-Modified Replies:  0.00463  0.00379
    	DNS Lookups:           0.00573  0.00372
    	ICP Queries:           0.00000  0.00000
    Resource usage for squid:
    	UP Time:	73314.619 seconds
    	CPU Time:	393.940 seconds
    	CPU Usage:	0.54%
    	CPU Usage, 5 minute avg:	1.46%
    	CPU Usage, 60 minute avg:	1.10%
    	Process Data Segment Size via sbrk(): 22892 KB
    	Maximum Resident Size: 0 KB
    	Page faults with physical i/o: 7
    Memory usage for squid via mallinfo():
    	Total space in arena:   22892 KB
    	Ordinary blocks:        21697 KB   7668 blks
    	Small blocks:               0 KB      0 blks
    	Holding blocks:           960 KB      3 blks
    	Free Small blocks:          0 KB
    	Free Ordinary blocks:    1194 KB
    	Total in use:           22657 KB 95%
    	Total free:              1194 KB 5%
    	Total size:             23852 KB
    Memory accounted for:
    	Total accounted:        15336 KB
    	memPoolAlloc calls: 18325253
    	memPoolFree calls: 18114779
    File descriptor usage for squid:
    	Maximum number of file descriptors:   1024
    	Largest file desc currently in use:     84
    	Number of file desc currently in use:   55
    	Files queued for open:                   0
    	Available number of file descriptors:  969
    	Reserved number of file descriptors:   100
    	Store Disk files open:                   1
    	IO loop method:                     epoll
    Internal Data Structures:
    	 86120 StoreEntries
    	  1872 StoreEntries with MemObjects
    	  1859 Hot Object Cache Items
    	 85719 on-disk objects
    klo saya liat dari performance harus settingannya dah cukup bagus, dimana nilai yang saya liat pada performance yg di bold...untuk 2 client yang access mendapat HIT dah mencapai +/- 25% dalam waktu squid hidup +/- 20 Jam...Click here to enlarge

  16. #15
    Status
    Offline
    seafer's Avatar
    Newbie
    Join Date
    Jul 2009
    Posts
    38
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tapi koq hidup jangka waktu segitu udah penuh yah chache nya ?


    Current Capacity : 98% used, 2% free
    Dan object e koq jadi kayak gini ?

    Accepted object sizes: 0 - (unlimited) bytes
    padahal khan udah saya coba set kayak gini ?

    minimum_object_size 0 KB

    maximum_object_size 131072 KB
    kenapakah gerangan ?? apakah karena di mikrotik e saya set unlimited yah ?

    max-cache-size: unlimited
    cache-on-disk: no
    Mohon petunjuk.. makasih...

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Local Loop Banjarmasin - JKT
    By superchannel in forum ISP / Network Link
    Replies: 56
    Last Post: 25-12-2009, 22:31
  2. local loop jarak 17 km
    By kakank in forum Wireless Networking
    Replies: 16
    Last Post: 15-12-2009, 23:00
  3. koneksi lokal loop
    By ottoped in forum ISP / Network Link
    Replies: 5
    Last Post: 25-05-2009, 12:28
  4. Network Equipment [http://www.nale.biz]
    By naledotbiz in forum Others Hardware
    Replies: 0
    Last Post: 12-08-2008, 20:41

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •