Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    bagaimana cara agar server lokal tidak tercache oleh proxy squid

    Saya baru saja membuat proxy menggunakan squid.
    saya test squid nya, ada aktivitas.

    yang jadi masalah, ternyata squid tersebut juga ikut mencache file2 yang ada di server lokal. Bagaimana caranya agar file - file ada yang di server lokal tidak tercache ? karna server lokal, jadi hanya berada di jaringan intranet, jadi tidak usah dicache.

  2. #2
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kidx13 Click here to enlarge
    Saya baru saja membuat proxy menggunakan squid.
    saya test squid nya, ada aktivitas.

    yang jadi masalah, ternyata squid tersebut juga ikut mencache file2 yang ada di server lokal. Bagaimana caranya agar file - file ada yang di server lokal tidak tercache ? karna server lokal, jadi hanya berada di jaringan intranet, jadi tidak usah dicache.
    topologi.. sama setingannya digelar disini gan...
    biar kita garap.. Click here to enlarge

  3. #3
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kidx13 Click here to enlarge
    Saya baru saja membuat proxy menggunakan squid.
    saya test squid nya, ada aktivitas.

    yang jadi masalah, ternyata squid tersebut juga ikut mencache file2 yang ada di server lokal. Bagaimana caranya agar file - file ada yang di server lokal tidak tercache ? karna server lokal, jadi hanya berada di jaringan intranet, jadi tidak usah dicache.
    gampang buat dulu address-list lokal-network
    buat dst-nat dengan in-interface=LAN dst-address-list=!lokal-network
    agar mikrotik hanya membelokkan traffic HTTP ke squid dengan tujuan any / 0.0.0.0

    dan jangan lupa jika membuat mangle HTTP dengan tujuan any, sebaiknya juga gunakan dst-address-list=!lokal-network agar mikrotik hanya me-marking traffic HTTP QOS / yang hanya menggunakan BW internet

  4. The Following 2 Users Say Thank You to adiputrolds For This Useful Post:


  5. #4
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    965
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    atau bisa juga bypass dari squid nya sendiri...

    squid.conf >>

    acl bypass dst [IP-SERVER-LOKAL]
    cache deny bypass
    always_direct allow bypass

  6. #5
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by spring Click here to enlarge
    atau bisa juga bypass dari squid nya sendiri...

    squid.conf >>

    acl bypass dst [IP-SERVER-LOKAL]
    cache deny bypass
    always_direct allow bypass

    Internet ---- Mikrotik ----> Akses Point -----> user hotspot
    ......................|
    ..................swith -----> Proxy


    ether1 = internet
    ether2 = LOKAL 192.168.1.0/24
    ether3 = Hotspot 192.168.99.0/24
    ether4 = Bridge dgn ether3
    ether5 = server lokal 192.168.0.0/24

    ip server lokal : 192.168.0.2 ----> ether5
    ip server proxy : 192.168.1.20 ----> ether2


    diletakkan baris ke berapa ?
    ini konfigurasi squidnya :


    ###==================================$
    ### Proxy Server Versi 2.7. Stable6
    ### Muhandis
    ###==================================$

    ### Konfigurasi Port
    http_port 3128 transparent
    prefer_direct off

    ### Tuning Cache & Objek
    cache_mem 64 MB
    cache_swap_low 91
    cache_swap_high 97
    max_filedesc 8192
    maximum_object_size 128 MB
    minimum_object_size 0 bytes
    maximum_object_size_in_memory 256 KB

    ipcache_size 4096
    ipcache_low 97
    ipcache_high 99
    fqdncache_size 4096
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF

    ### Lokasi Cache
    cache_dir aufs /cache 50000 117 256

    ###LOG
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    cache_swap_log /var/log/squid/swap.state

    ### DNS Server & Cache Queries
    dns_nameservers 203.130.193.74 202.134.1.10 192.168.1.100 192.168.99.1

    ### Cache Options
    emulate_httpd_log off
    hosts_file /etc/hosts

    ### Objek-objek statis waktu peyimpanannya diperlama
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
    refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
    refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|pdf|ppt|doc |tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
    refresh_pattern -i \.index.(html|htm|php|asp|aspx)$ 0 40% 10080
    refresh_pattern -i \.(html|htm|css|js) 1440 40% 40320
    refresh_pattern . 0 40% 40320
    #half_closed_clients off

    ### Access Control
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563 # https, snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT

    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    #http_access deny inputIP
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports

    acl mynet src 192.168.1.0/255.255.255.0
    acl mynet src 192.168.99.0/255.255.255.0
    http_access allow mynet
    http_access deny all
    http_reply_access allow all
    icp_access deny all
    always_direct deny all

    cache_mgr kidx13@gmail.com
    cache_effective_user proxy
    cache_effective_group proxy
    coredump_dir /var/spool/squid
    shutdown_lifetime 10 seconds
    logfile_rotate 14

    #pid_filename /var/run/squid.pid

    ### Monitoring SNMP
    snmp_port 3401
    acl snmpsquid snmp_community public
    snmp_access allow snmpsquid localhost
    snmp_access deny all

  7. #6
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    cara 1
    Code:
    chain=dstnat action=dst-nat to-addresses=192.168.1.20 to-ports=3128 protocol=tcp src-address=!192.168.0.2 dst-port=80,8080
    perhatikan tanda centang (!) itu maksudnya selain ip tersebut


    cara 2
    hapus ini!!
    Code:
    acl all src 0.0.0.0/0.0.0.0
    atau tambahkan # ------> #0.0.0.0/0.0.0.0

    sudo squid -k reconfigure

    itu saja..

  8. #7
    Status
    Offline
    R4v37's Avatar
    Baru Gabung
    Join Date
    Jun 2011
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ahhhh
    ane puny cache ny berjalan mulus
    tp stlh reset counter, jd aneh
    jd kyk om kid ==a

  9. #8
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by spring Click here to enlarge
    atau bisa juga bypass dari squid nya sendiri...

    squid.conf >>

    acl bypass dst [IP-SERVER-LOKAL]
    cache deny bypass
    always_direct allow bypass
    server lomasih tercache oleh squid Click here to enlarge
    ip server local 192.168.1.11



    acl mynet src 192.168.0.0/24
    acl mynet src 192.168.1.0/24
    acl mynet src 192.168.10.0/24
    acl mynet src 192.168.99.0/24
    acl bypass dst 192.168.1.11
    cache deny bypass
    http_access allow mynet
    http_access deny all
    http_reply_access allow all
    icp_access deny all
    always_direct deny all
    always_direct allow bypass

  10. #9
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kidx13 Click here to enlarge
    server lomasih tercache oleh squid Click here to enlarge
    ip server local 192.168.1.11



    acl mynet src 192.168.0.0/24
    acl mynet src 192.168.1.0/24
    acl mynet src 192.168.10.0/24
    acl mynet src 192.168.99.0/24
    acl bypass dst 192.168.1.11
    cache deny bypass
    http_access allow mynet
    http_access deny all
    http_reply_access allow all
    icp_access deny all
    always_direct deny all
    always_direct allow bypass
    buat apa di belokkin ke proxy kalo gk mau di cache Click here to enlarge

  11. #10
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    buat apa di belokkin ke proxy kalo gk mau di cache Click here to enlarge
    makanya saya tanyakan bagian mananya yang salah ?
    saya inign agar file2 yang ada di server lokal tidak di cache oleh proxy

  12. #11
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mending pake cara nya electrix_85. Cuman nambahin sedikit di nat yang udah ada.

  13. The Following User Says Thank You to c0nf For This Useful Post:


  14. #12
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kidx13 Click here to enlarge
    makanya saya tanyakan bagian mananya yang salah ?
    saya inign agar file2 yang ada di server lokal tidak di cache oleh proxy
    di atas kan dah saya kasih tau Click here to enlarge

    bisa aja menggunakan cara bro spring
    tp saya rasa jadi tidak effisien
    karena traffic dengan tujuan server lokal sudah terlanjur masuk ke squid
    kemudian squid harus di buat rule membypass traffic lokal tersebut
    bukan hanya semakin rumit , tetapi bisa menyebabkan komplikasi

    Code:
    Internet ---- Mikrotik ----> Akses Point -----> user hotspot
    ......................|
    ..................swith -----> Proxy
    
    
    ether1 = internet
    ether2 = LOKAL 192.168.1.0/24
    ether3 = Hotspot 192.168.99.0/24
    ether4 = Bridge dgn ether3
    ether5 = server lokal 192.168.0.0/24
    
    ip server lokal : 192.168.0.2 ----> ether5
    ip server proxy : 192.168.1.20 ----> ether2
    ether Lokal yang mana pada topology ?
    Last edited by adiputrolds; 20-06-2011 at 14:51.

  15. #13
    Status
    Offline
    Spring's Avatar
    Contributor
    Join Date
    Oct 2009
    Location
    Manado
    Posts
    965
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by electrix_85 Click here to enlarge
    di atas kan dah saya kasih tau Click here to enlarge

    bisa aja menggunakan cara bro spring
    tp saya rasa jadi tidak effisien
    karena traffic dengan tujuan server lokal sudah terlanjut masuk ke squid
    kemudian squid harus di buat rule membypass traffic lokal tersebut
    bukan hanya semakin rumit , tetapi bisa menyebabkan komplikasi
    itu emang jalan alternatif bagi yg blm gitu ngerti belok-belokin trafic... Click here to enlarge

    setuju deh sama bro elektrix, mending jgn pake punyaku... Click here to enlarge

    mending gini:
    Code:
    /ip firewall nat add chain=dstnat src-address=[network-client] dst-address=[!ip-server-lokal] action=dst-nat to-addresses=[ip-web-proxy] to-ports=[port-squid]

  16. The Following User Says Thank You to Spring For This Useful Post:


  17. #14
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by spring Click here to enlarge
    itu emang jalan alternatif bagi yg blm gitu ngerti belok-belokin trafic... Click here to enlarge

    setuju deh sama bro elektrix, mending jgn pake punyaku... Click here to enlarge

    mending gini:
    Code:
    /ip firewall nat add chain=dstnat src-address=[network-client] dst-address=[!ip-server-lokal] action=dst-nat to-addresses=[ip-web-proxy] to-ports=[port-squid]
    ip server+proxt = 192.168.1.11, 192.168.0.2
    ip proxy = 192.168.0.2
    client hostpot = 192.168.99.0/24

    add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
    dst-port=80,8080,3128 protocol=tcp src-address-list=!server+proxy \
    to-addresses=192.168.0.2 to-ports=3128
    add action=dst-nat chain=dstnat comment="BYPASS CACHE SERVER LOKAL" \
    disabled=no dst-address=!192.168.0.2 dst-port=80,8080,3128 protocol=tcp \
    src-address=192.168.99.0/24 to-addresses=192.168.0.2 to-ports=3128


    hasil squid :

    s193.hotfile.com ....................... 31687 ......... 0.00
    192.168.1.11 ............................ 21134 ......... 0.00
    wpc.41e1.edgecastcdn.net .......... 20183 ......... 0.00
    ................... 17354 ......... 0.12
    Last edited by kidx13; 20-06-2011 at 15:27.

  18. #15
    Status
    Offline
    kidx13's Avatar
    Member
    Join Date
    Aug 2010
    Posts
    197
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge
    Click here to enlargeClick here to enlarge
    Click here to enlargeClick here to enlargeClick here to enlarge
    Click here to enlarge
    Click here to enlarge
    Click here to enlarge
    Click here to enlarge

    Up dulu

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 24-11-2010, 13:23
  2. Replies: 7
    Last Post: 03-05-2010, 19:30
  3. [ASK] Bagaimana Cara Setting Traffic YM Lokal Link
    By qzroeh in forum General Networking
    Replies: 7
    Last Post: 03-04-2008, 08:13

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •