Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    WahyuW's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Squid dengan multi IP Klien

    Gan ane mo nanya nih
    di jaringan ane ada 2 ip klien dengan ip 192.168.0.0/24 dan 172.1.1.0/24
    IP Proxy nya 192.168.10.2, nah agar ip 172.1.1.0/24 dapat memakai proxy nya gimana caranya yah gan ?

    mohon pencerahan, maklum new bie gan

    Tq

  2. #2
    Status
    Offline
    yogaponsel's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Location
    "BnetAkses"
    Posts
    2,511
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    dua cara :
    1. redirect ip yang hanya di belok kan ke proxy
    2. di PROXY tinggal buat ACL

  3. #3
    Status
    Offline
    teukurizal's Avatar
    Member
    Join Date
    Mar 2010
    Posts
    117
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by WahyuW Click here to enlarge
    Gan ane mo nanya nih
    di jaringan ane ada 2 ip klien dengan ip 192.168.0.0/24 dan 172.1.1.0/24
    IP Proxy nya 192.168.10.2, nah agar ip 172.1.1.0/24 dapat memakai proxy nya gimana caranya yah gan ?

    mohon pencerahan, maklum new bie gan

    Tq
    Code:
    DI SQUID.CONF BUAT SPT NEH
    
    acl localnet src 172.1.1.0/24                      
    acl localnet src 192.168.0.0/24  
    
    
    SISI MIKROTIK masquerade CUKUP SPT DIBAWAH INI SAJA
    
    /ip firewall nat
    
    add action=masquerade chain=srcnat comment=Masquerade disabled=no \
        out-interface=PPPoE-1
    add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
        PPPoE-2
    INTERFACE U SESUAIKAN SAJA

  4. #4
    Status
    Offline
    WahyuW's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    udah dicoba belum bisa nih bro kode nya proxy refuse

  5. #5
    Status
    Offline
    dionipe's Avatar
    Member Senior
    Join Date
    Dec 2009
    Location
    Malang, Indonesia
    Posts
    455
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by WahyuW Click here to enlarge
    udah dicoba belum bisa nih bro kode nya proxy refuse
    seperti yang di atas,
    edit squid.conf
    PHP Code:
    ...
    ...
    ...
    acl router src 192.168.0.0/16
    acl router src 172.1.0.0
    /16
    http_access allow router
    ...
    ... 
    simpen deh. terus jalankan dengan perintah
    PHP Code:
    squid -k reconfigure 
    untuk di mikrotik
    PHP Code:
    /ip fi nat
    add chain
    =dstnat action=dst-nat to-addresses=192.168.10.2 to-ports=3128 src-address=192.168.0.0/24 dst-port=80,3128 protocol=tcp 
    /ip fi nat
    add chain
    =dstnat action=dst-nat to-addresses=192.168.10.2 to-ports=3128 src-address=172.1.1.0/24 dst-port=80,3128 protocol=tcp 
    kalo ini belum berhasil juga.. silahkan edit kembali squid.conf yang dibutuhkan...
    Last edited by dionipe; 21-11-2010 at 14:35.

  6. #6
    Status
    Offline
    WahyuW's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    squid ane bro

    #-----------------------------------------------------#
    ## SQUID - High Performance Configuration
    ## ---------------------------------------------------#

    ## Updated: 17.11.2010
    #-----------------------------------------------------#

    ##start of config
    http_port 3128 transparent
    server_http11 on
    icp_port 0

    # File Squid
    pid_filename /var/run/squid.pid
    coredump_dir /var/spool/squid/
    error_directory /usr/share/squid/errors/English
    icon_directory /usr/share/squid/icons
    mime_table /usr/share/squid/mime.conf
    visible_hostname proxy

    # Log Squid
    access_log /var/log/squid/access.log
    cache_log /dev/null
    cache_store_log /dev/null

    # Beberapa log yg tidak signifikan karena opsi2-nya jarang digunakan.
    log_fqdn off
    log_icp_queries off
    buffered_logs off
    emulate_httpd_log off

    ftp_list_width 32
    ftp_passive on
    ftp_sanitycheck on

    acl localnet src 192.168.0.0/24
    acl game src 172.1.1.0/24 # ----------------> SESUAIKAN DG IP LAN KAMU

    uri_whitespace strip

    #DNS NAMESERVER
    dns_nameservers 192.168.0.1 # ---------------> SESUAIKAN DG GATEWAI PROXY KAMU

    cache_mem 8 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA

    cache_dir aufs /cache-1 32768 64 256
    cache_dir aufs /cache-1 195265 64 256

    minimum_object_size 512 bytes
    maximum_object_size 128000 KB
    offline_mode off
    cache_swap_low 98
    cache_swap_high 99

    # Setup some default acls
    acl all src 0.0.0.0/0
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 10000 1025-65535
    acl sslports port 443 563 81
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin \?
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    http_access allow localhost

    # Allow local network(s) on interface(s)
    http_access allow localnet
    http_access allow game
    #http_access deny all
    #http_gzip on
    #http_gzip_types text/plain,text/html,text/xml,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript

    #TCP GAME
    tcp_outgoing_address 192.168.0.1 localnet
    #tcp_outgoing_address 192.168.0.1
    # TAG: ZPH
    tcp_outgoing_tos 0x30 localnet
    tcp_outgoing_tos 0x30 game

    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136

    # delay polls

    #acl admin src 10.1.1.0/24
    #acl management src 10.1.2.0/24

    acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.flv$ \.3gp$
    acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
    acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$
    acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$
    acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$
    acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.mkv$

    delay_pools 2

    delay_class 1 1
    delay_parameters 1 -1/-1
    delay_access 1 allow admin
    delay_access 1 allow admin management
    delay_access 1 deny all

    delay_class 2 1
    delay_parameters 2 20000/5000000
    delay_access 2 allow download
    delay_access 2 deny all

    #konten dinamik
    acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|m p(4|3)|exe|msi|zip|on2|mar|swf)\?
    acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
    acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
    acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|m p3|3gp|rar|on2|mar|exe)$
    acl store_rewrite_list_domain_CDN url_regex (khm|mt)[0-9]?.google.co(m|\.id) streamate.doublepimp.com.*\.js\? photos-[a-z].ak.fbcdn.net \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com

    acl dontrewrite url_regex yimg.com redbot\.org (get_video|videoplayback\?id|videoplayback.*id).*b egin\=[1-9][0-9]* \.php\?
    acl getmethod method GET

    #snmp
    snmp_port 3401
    acl snmppublic snmp_community public
    snmp_access allow snmppublic all

    storeurl_rewrite_children 1
    storeurl_rewrite_concurrency 99

    storeurl_access deny dontrewrite
    storeurl_access deny !getmethod
    storeurl_access allow store_rewrite_list_domain_CDN
    storeurl_access allow store_rewrite_list
    storeurl_access allow store_rewrite_list_domain store_rewrite_list_path
    storeurl_access deny all

    hierarchy_stoplist (ini|ui|lst|inf||mh-|sc-)$ (afs.dat|update.txt|vdf.info.gz|captcha|reset.css| gamenotice|ickernew.css)
    acl QUERY urlpath_regex -i \.(ini|ui|lst|inf|mh-|sc-)$
    acl QUERY urlpath_regex -i (afs.dat|captcha|reset.css|update.txt|gamenotice|v df.info.gz)
    cache deny QUERY

    # 1 tahun = 525600 mins, 1 bulan = 43800 mins

    refresh_pattern (get_video|videoplayback|videodownload|\.flv).*(be gin|start)\=[1-9][0-9]* 0 0% 0
    refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
    refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims store-stale
    refresh_pattern ^gopher: 1440 0% 1440

    refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\ ?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bst ats\.adbrite\.com|a1\.interclick\.com|ad\.trafficm p\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.goog lesyndication\.com|advertising\.com|yieldmanager|g ame-advertising\.com|pixel\.quantserve\.com|adperium\. com|doubleclick\.net|adserving\.cpxinteractive\.co m|syndication\.com|media.fastclick.net).* 5259487 20% 5259487 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=1440
    refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 5259487 999999% 5259487 ignore-no-cache override-expire ignore-reload store-stale negative-ttl=0
    refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale
    refresh_pattern ^[a-zA-Z0-9]) 129600 100% 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire ignore-must-revalidate store-stale

    #antivirus
    refresh_pattern avast.com.*\.vpx 40320 50% 161280 store-stale reload-into-ims
    refresh_pattern (avgate|avira).*\.(idx|gz)$ 1440 90% 1440 ignore-reload ignore-no-cache ignore-no-store store-stale ignore-must-revalidate
    refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload store-stale
    refresh_pattern kaspersky 1440 50% 161280 ignore-no-cache store-stale
    refresh_pattern mbamupdates.com.*\.ref 1440 50% 161280 reload-into-ims store-stale

    #situs lainnya
    refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale
    refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv ?) 5259487 99999999% 5259487 override-expire ignore-reload store-stale ignore-private negative-ttl=0
    refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
    refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
    refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
    refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
    refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale
    refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
    refresh_pattern ^)[0-9]?)\.google\.co(m|\.id) 5259487 999999% 5259487 override-expire ignore-reload store-stale ignore-private negative-ttl=10080
    refresh_pattern ytimg\.com.*\.(jpg|png) 5259487 999999% 5259487 override-expire ignore-reload store-stale
    refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale
    refresh_pattern garena\.com 5259487 999999% 5259487 override-expire reload-into-ims store-stale
    refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 override-expire ignore-reload store-stale
    refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487 ignore-no-cache override-expire override-lastmod store-stale
    refresh_pattern ^http:\/\/images|openx|pics|thumbs[0-9]\. 5259487 999999% 5259487 ignore-no-cache ignore-no-store ignore-reload override-expire store-stale
    refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487 reload-into-ims override-expire store-stale
    refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 reload-into-ims override-expire ignore-private store-stale
    refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|tx t|js) 0 50% 180 store-stale negative-ttl=0

    refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 ignore-no-cache ignore-no-store reload-into-ims override-expire ignore-must-revalidate store-stale
    refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 5259487 100% 5259487 override-expire reload-into-ims
    refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 100% 5259487 override-expire reload-into-ims ignore-reload
    refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999%% 5259487 override-expire reload-into-ims ignore-no-cache ignore-must-revalidate
    refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|r v|vob|asx|ogm|flv|3gp|on2) 5259487 100% 5259487 override-expire reload-into-ims
    refresh_pattern -i (cgi-bin) 0 0% 0
    refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0
    refresh_pattern . 0 50% 161280 store-stale

    header_access X-Forwarded-For deny all

    storeurl_rewrite_program /etc/squid/storeurl.pl

    #extra tuning configuration
    header_access Accept-Encoding deny all
    client_persistent_connections off
    server_persistent_connections on
    half_closed_clients off
    strip_query_terms off
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    quick_abort_pct 100
    vary_ignore_expire on
    reload_into_ims on
    pipeline_prefetch on
    range_offset_limit 512 KB
    read_timeout 30 minutes
    client_lifetime 6 hours
    negative_ttl 30 seconds
    positive_dns_ttl 6 hours
    negative_dns_ttl 60 seconds
    pconn_timeout 15 seconds
    request_timeout 1 minute
    store_avg_object_size 13 KB
    log_icp_queries off
    ipcache_size 16384
    ipcache_low 98
    ipcache_high 99
    log_fqdn off
    fqdncache_size 16384
    memory_pools off
    forwarded_for on
    logfile_rotate 3
    store_dir_select_algorithm round-robin
    cache_effective_user proxy
    cache_effective_group proxy
    max_filedescriptors 8192

    ##selesai

    apa ada yang salah dalam squid ane bro ?

  7. #7
    Status
    Offline
    maestro_smd's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    234
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    #TCP GAME
    tcp_outgoing_address 192.168.0.1 localnet
    #tcp_outgoing_address 192.168.0.1
    # TAG: ZPH
    tcp_outgoing_tos 0x30 localnet
    tcp_outgoing_tos 0x30 game
    tcp_outgoing_address ---> ini tujuannya apa?

    Kalau brow hanya 1 WAN, apa tidak sebaiknya di buang, toh Proxynya sendiri juga default gateway ke 192.168.0.1 ...

    ke 2 Network gimana perlakuannya di firewall MT..., jangan-2 ke blok... Click here to enlarge
    Last edited by maestro_smd; 22-11-2010 at 17:51.

  8. #8
    Status
    Offline
    WahyuW's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nyoba tutor di google coba bikin seperti itu karena ip nya multi bro .....

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trafik Proxy dengan Multi Router
    By 3dyx in forum General Networking
    Replies: 4
    Last Post: 16-09-2010, 16:48
  2. ping dari server ke klien RTO( radio klien)
    By kokoksnusantara in forum Beginner Basics
    Replies: 1
    Last Post: 08-04-2010, 21:28
  3. Replies: 40
    Last Post: 23-02-2010, 15:27
  4. Mikrotik dengan external squid dan zph...
    By onlyhuman in forum Beginner Basics
    Replies: 16
    Last Post: 01-12-2009, 09:34
  5. [ask] bisa ga klien rt/rw net ga bisa nge browse ke klien lainnya?
    By ponywaterhouse in forum General Networking
    Replies: 4
    Last Post: 03-04-2008, 02:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •