Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 9 of 15 FirstFirst ... 7891011 ... LastLast
Results 121 to 135 of 221
  1. #121
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    cat /var/log/squid/access.log |grep ERROR_ACCESS

    nanti keliatan
    perintah itu dah di jalan kan. tp ga muncul apa2. di buzz2 kok ga balas2

  2. #122
    Status
    Offline
    d0n4t's Avatar
    Newbie
    Join Date
    Apr 2008
    Posts
    60
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hmmm bagus nih tutorial Click here to enlarge

    coba paste squid.conf nya di sini boss.. biar boss d3v4 bisa liat jelas

  3. #123
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    ok deh nih aku pastein konfigurasinya

    ip mikrotik 202.152.19.59/29
    ip Proxy server 202.152.19.60/29

    nih NAT di mikrotiknya

    chain=dstnat action=redirect to-ports=3128 src-address=!202.152.19.60
    in-interface=ether2 dst-port=80 protocol=tcp

    nih squid.conf nya.

    http_port 3128 transparent
    icp_port 3130
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 6 MB
    cache_swap_low 98
    cache_swap_high 99
    maximum_object_size 64 MB
    maximum_object_size_in_memory 64 KB
    ipcache_size 8192
    ipcache_low 98
    ipcache_high 99
    fqdncache_size 8192
    cache_mgr asraf@edited
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    cache_dir ufs /var/spool/squid 102400 16 256
    cache_access_log /var/log/squid/access.log
    #cache_access_log none
    cache_log /var/log/squid/cache.log
    cache_store_log none
    emulate_httpd_log off
    pid_filename /var/run/squid.pid
    mime_table /usr/share/squid/mime.conf
    log_fqdn off
    memory_pools off
    client_netmask 255.255.255.255
    client_netmask 255.255.255.0
    client_netmask 255.255.255.248
    refresh_pattern ^ftp: 40320 95% 241920 reload-into-ims
    refresh_pattern . 120 80% 14400 reload-into-ims override-lastmod
    quick_abort_min 0
    quick_abort_max 0
    quick_abort_pct 98
    negative_ttl 2 minutes
    half_closed_clients off
    read_timeout 15 minutes
    client_lifetime 2 hours
    pconn_timeout 60 seconds
    request_timeout 1 minutes
    shutdown_lifetime 10 seconds
    positive_dns_ttl 60 seconds
    negative_dns_ttl 30 seconds
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1
    acl lan src 192.168.0.0/24
    acl mikrotik src 202.152.19.59/29
    acl to_localhost dst 127.0.0.0/8
    acl PURGE method PURGE
    acl POST method POST
    acl GETONLY method GET
    acl VIRUS urlpath_regex winnt/system32/cmd.exe?
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl snmppublic snmp_community public
    # Hotmail workaround
    header_access Accept-Encoding deny all
    http_access allow localhost
    http_access allow lan
    http_access allow manager lan
    http_access allow mikrotik
    http_access allow PURGE localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny PURGE
    http_access deny VIRUS
    http_access deny all
    http_reply_access allow all
    icp_access allow lan
    icp_access deny all
    miss_access allow lan
    miss_access deny all
    cache_effective_user proxy
    cache_effective_group proxy
    visible_hostname proxy.asrafnet.com
    logfile_rotate 7
    forwarded_for on
    icp_hit_stale on
    log_icp_queries off
    query_icmp on
    buffered_logs off
    strip_query_terms off
    icon_directory /usr/share/squid/icons
    error_directory /usr/share/squid/errors/English
    store_avg_object_size 13 KB
    store_objects_per_bucket 10
    client_db on
    snmp_port 3401
    snmp_access allow snmppublic lan
    snmp_access deny all
    coredump_dir /cache01
    reload_into_ims on
    pipeline_prefetch on
    ie_refresh on
    vary_ignore_expire on

    trus kalo setiap aku restart squidnya napa selalu muncul beginian ya

    asraf@asraf-proxy:~$ sudo /etc/init.d/squid restart
    * Restarting Squid HTTP proxy squid 2008/05/21 08:48:30| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
    2008/05/21 08:48:30| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
    2008/05/21 08:48:30| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
    2008/05/21 08:48:30| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.1'
    2008/05/21 08:48:30| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
    2008/05/21 08:48:30| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
    2008/05/21 08:48:30| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '202.152.19.59/29'
    2008/05/21 08:48:30| WARNING: '127.0.0.0/255.0.0.0' is a subnetwork of '127.0.0.0/255.0.0.0'
    2008/05/21 08:48:30| WARNING: because of this '127.0.0.0/255.0.0.0' is ignored to keep splay tree searching predictable
    2008/05/21 08:48:30| WARNING: You should probably remove '127.0.0.0/255.0.0.0' from the ACL named 'to_localhost'
    [ OK ]

    topologi nya seperti gambar yg udah ku posting sebelumnya

    nah tolong di koreksi ya Click here to enlarge

  4. #124
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba di koreksi acl nya

    client_netmask 255.255.255.255
    client_netmask 255.255.255.0
    client_netmask 255.255.255.248
    jadi satu aja :
    client_netmask 255.255.255.0
    setelah itu local nya :
    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1
    acl lan src 192.168.0.0/24
    acl mikrotik src 202.152.19.59/29
    acl to_localhost dst 127.0.0.0/8 <-- buang
    di jadiin :
    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl lan src 192.168.0.0/255.255.255.0
    acl mikrotik src 202.152.19.59/255.255.255.248
    dengan asumsi LAN nya menggunakan network : 192.168.0.0/255.255.255.0 (kelas C)

    itu saja dulu Click here to enlarge

  5. #125
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    coba di koreksi acl nya



    jadi satu aja :


    setelah itu local nya :


    di jadiin :


    dengan asumsi LAN nya menggunakan network : 192.168.0.0/255.255.255.0 (kelas C)

    itu saja dulu Click here to enlarge
    perintah dah di laksanakan bos. tapi hasil nya masih sama Click here to enlarge. menunggu perintah selanjutnya Click here to enlarge

  6. #126
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    oooo...

    coba ilangin redirect nat yang di mikrotik, pake proxy nya manual di browser. test masih acces_denied ga ?

  7. #127
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    oooo...

    coba ilangin redirect nat yang di mikrotik, pake proxy nya manual di browser. test masih acces_denied ga ?
    masih bos Click here to enlarge

  8. #128
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ip komputer yang di pake berapa ?

    eh.. kaskus kan emang lagi down, klo yang lain kebuka ga ?
    yahoo atau google ?

  9. #129
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    ip komputer yang di pake berapa ?

    eh.. kaskus kan emang lagi down, klo yang lain kebuka ga ?
    yahoo atau google ?
    iya itu secreenshot waktu kaskus down. tp buka google juga ga bisa. .tp nanti aku pastein IPTBALES aku kali aja ada yg salah
    Last edited by unique_leader; 22-05-2008 at 09:11.

  10. #130
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    nih IPTABLES nya tolong di koreksi lagi

    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.

    exit 0
    # Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
    *mangle
    :PREROUTING ACCEPT [872:963121]
    :INPUT ACCEPT [872:963121]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [822:185373]
    :POSTROUTING ACCEPT [829:186238]
    COMMIT
    # Completed on Mon May 19 17:56:37 2008
    # Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT DROP [0:0]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
    -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
    -A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
    -A INPUT -d 202.152.19.60 -i eth1 -j ACCEPT
    -A INPUT -d 202.152.19.63 -i eth1 -j ACCEPT
    -A INPUT -d 224.0.0.1 -j DROP
    -A INPUT -j LOG
    -A INPUT -j DROP
    -A FORWARD -d 224.0.0.1 -j DROP
    -A FORWARD -j LOG
    -A FORWARD -j DROP
    -A OUTPUT -o lo -j ACCEPT
    -A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
    -A OUTPUT -s 202.152.19.60 -o eth1 -j ACCEPT
    -A OUTPUT -s 202.152.19.63 -o eth1 -j ACCEPT
    -A OUTPUT -d 224.0.0.1 -j DROP
    -A OUTPUT -j LOG
    -A OUTPUT -j DROP
    COMMIT
    # Completed on Mon May 19 17:56:37 2008
    # Generated by iptables-save v1.3.6 on Mon May 19 17:56:37 2008
    *nat
    :PREROUTING ACCEPT [7:561]
    :POSTROUTING ACCEPT [31:2024]
    :OUTPUT ACCEPT [42:4350]
    -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
    COMMIT
    # Completed on Mon May 19 17:56:37 2008
    # Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
    *mangle
    :PREROUTING ACCEPT [890:964311]
    :INPUT ACCEPT [890:964311]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [834:185913]
    :POSTROUTING ACCEPT [841:186778]
    COMMIT
    # Completed on Mon May 19 18:03:03 2008
    # Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT DROP [0:0]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
    -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
    -A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
    -A INPUT -d 202.152.19.60 -i eth1 -j ACCEPT
    -A INPUT -d 202.152.19.63 -i eth1 -j ACCEPT
    -A INPUT -d 224.0.0.1 -j DROP
    -A INPUT -j LOG
    -A INPUT -j DROP
    -A FORWARD -d 224.0.0.1 -j DROP
    -A FORWARD -j LOG
    -A FORWARD -j DROP
    -A OUTPUT -o lo -j ACCEPT
    -A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
    -A OUTPUT -s 202.152.19.60 -o eth1 -j ACCEPT
    -A OUTPUT -s 202.152.19.63 -o eth1 -j ACCEPT
    -A OUTPUT -d 224.0.0.1 -j DROP
    -A OUTPUT -j LOG
    -A OUTPUT -j DROP
    COMMIT
    # Completed on Mon May 19 18:03:03 2008
    # Generated by iptables-save v1.3.6 on Mon May 19 18:03:03 2008
    *nat
    :PREROUTING ACCEPT [18:1407]
    :POSTROUTING ACCEPT [34:2204]
    :OUTPUT ACCEPT [45:4530]
    -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
    -A PREROUTING -i 202.152.19.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 202.152.19.60:3128
    COMMIT
    # Completed on Mon May 19 18:03:03 2008

  11. #131
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba di hilangkan dulu segala macam iptabes dari proxy nya, karena sebenernya nggak berguna2 amat.

    iptables -t nat -F
    iptables -F
    iptables -t filter -F

    setelah itu baru coba proxy nya manual di browser client.

  12. #132
    Status
    Offline
    pathic's Avatar
    Baru Gabung
    Join Date
    Apr 2008
    Posts
    18
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah terima kasih nih atas tutorialnya om d3v4.

    tapi ada yang saya mo tanyain ?

    1. cisco di atas itu cisco router apa switch ?
    2. kalo misalnya kita pake koneksi nya pake FO (Int'l & IIX/OIXP) dan ADSL, topologinya bagus nya seperti apa ?
    3. trus ip public ada nya di squid nya yah ?

    maaf kalo pertanyaanya mendasar, soalnya baru 1 bulan masuk networking !
    Click here to enlarge

    thanks

  13. #133
    Status
    Offline
    desukajo's Avatar
    Member
    Join Date
    Jul 2007
    Posts
    124
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    wah kok jadi bingung milih topologinya...banyak banget!!!padahal dah jadi SQUIDnya..mau tanya aja bagusan mana ya topologi squid sperti ini:

    top #1

    inet---Mikrotik---mikrotik(BM)--mikrotikClient---Client2
    ------------------[bridging]--------|
    -----------------------------------|
    ----------------------------------SQUID

    top #2

    inet--Mikrotik---SQUID--MIkrotik(BM)---MikrotikClient---Client2


    tujuannya:
    1.biar ip client[ip private] bisa kedetek dan tau akses kemana aja
    2.biar bisa atur bandwith untuk masing2 client

    menurut rekan2 semua,topologi mana yang cocok ato ada top yg lain biar tujuan di atas bisa dilakukan.


    thx sebelumnya..

  14. #134
    Status
    Offline
    unique_leader's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    639
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    1 (100%)
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    coba di hilangkan dulu segala macam iptabes dari proxy nya, karena sebenernya nggak berguna2 amat.

    iptables -t nat -F
    iptables -F
    iptables -t filter -F

    setelah itu baru coba proxy nya manual di browser client.
    sudah di dijalankan bos. tapi hasilnya masih sama

  15. #135
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pathic Click here to enlarge
    wah terima kasih nih atas tutorialnya om d3v4.

    tapi ada yang saya mo tanyain ?

    1. cisco di atas itu cisco router apa switch ?
    2. kalo misalnya kita pake koneksi nya pake FO (Int'l & IIX/OIXP) dan ADSL, topologinya bagus nya seperti apa ?
    3. trus ip public ada nya di squid nya yah ?

    maaf kalo pertanyaanya mendasar, soalnya baru 1 bulan masuk networking !
    Click here to enlarge

    thanks
    1. cisco itu router. biasanya klo pake FO satu paket sama modem
    2. jaringan itu di buat berdasarkan keperluan dan kemampuan si pembuat jaringan pak. jika saya kasi saran takutnya tidak sesuai dengan pemakaian dan penggunaan di sana.
    3. pada contoh ini, seluruh nya menggunakan ip public. tidak ada sama sekali ip lokal.

    mau curhat sedikit nih Click here to enlarge

    ibarat lukisan, pelukis mau membuat lukisan monalisa sesuai dengan imajinasi dan kemampuan si pelukis.

    pada saat ini di forum ini sering terjadi seperti ini, sketsa lukisan di buat sama leonardo da vinci, dan kemudian di teruskan sama orang yang baru belajar melukis atau baru bisa melukis sedikit2. Click here to enlarge dan pengen sebagus lukisan monalisa Click here to enlarge

    atau sering juga sketsa lukisan acak kadut minta di teruskan sama leonardo da vinci dan pengen menghasilkan lukisan monalisa Click here to enlarge

    setelah jadi, karena sesuatu hal, lukisan yang jadi adalah lukisan TESSY srimulat Click here to enlarge eheheheheheheh.. yah.. apa mau di kata. Click here to enlarge

    saran saya pak, buat lah semau bapak, yang kira2 cocok sama pemakaian di sana. dan semampu bapak. dengan data yang bapak berikan saya tidak bisa menyarankan topologi seperti apa yang bagus. Click here to enlarge karena pada dasarnya semua lukisan bagus. semua nya adalah karya seni yang pantas untuk di hargai.


    Click here to enlarge Originally Posted by desukajo Click here to enlarge
    wah kok jadi bingung milih topologinya...banyak banget!!!padahal dah jadi SQUIDnya..mau tanya aja bagusan mana ya topologi squid sperti ini:

    top #1

    inet---Mikrotik---mikrotik(BM)--mikrotikClient---Client2
    ------------------[bridging]--------|
    -----------------------------------|
    ----------------------------------SQUID
    ini boros mikrotik, buat apa banyak2 amat router malah memperbanyak hop, dan memperlambat koneksi data.

    top #2

    inet--Mikrotik---SQUID--MIkrotik(BM)---MikrotikClient---Client2


    tujuannya:
    1.biar ip client[ip private] bisa kedetek dan tau akses kemana aja
    2.biar bisa atur bandwith untuk masing2 client

    menurut rekan2 semua,topologi mana yang cocok ato ada top yg lain biar tujuan di atas bisa dilakukan.


    thx sebelumnya..
    apa beda mikrotik BM sama mikrotik client ? ini isp ya ? ip public terdistribusi atau tidak ? mikrotik yang dekat inet itu untuk apa ?


    Click here to enlarge Originally Posted by unique_leader Click here to enlarge
    sudah di dijalankan bos. tapi hasilnya masih sama
    whahahahahaha.. PM aja ip proxy nya user + password coba sini gw remote dah.. ada2 aja.
    Click here to enlarge

 

 
Page 9 of 15 FirstFirst ... 7891011 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •