Seting Transparant Proxy

Linux Proxy Servers

Moderator: Moderators

User avatar
ngacir
New Member
New Member
Posts: 39
Joined: Mon Jan 31, 2005 8:40 am
Location: Jakarta
Contact:

Seting Transparant Proxy

Postby ngacir » Thu Jun 30, 2005 11:43 am

Halllo rkan2 semua

Saya ada masalah dengan konfigurasi internet dari client ( XP SP2), saya harus mengisi Prfered DNS Server dng IP squid, baru internet dpt terkoneksi, bila hanya IP gateway yg diisi dng IP squid internet tidak terkoneksi ke client, fungsi squid kan seharusnya memaksa cleint masuk ke squid.

Terimakasih atas perhatiannya.

Pentium IV 3.2 (LGA)
RAM 2GB
HDD 80 GB SATA
OS : Mandrake Linux 10.0.1 ( Download Community version )
squid : 2.6

squid.conf saya

http_port 3128
icp_port 3130
udp_incoming_address 0.0.0.0
udp__outgoing_address 255.255.255.255
hierarchy_stoplist cgi-bin ?.js .jsp
acl QUERY urlpath_regex cgi-bin \?.js .jsp
hierarchy_stoplist cgi-bin ?.js .jsp
no_cache deny QUERY
cache_dir diskd /var/spool/squid 512 16 256
cache_mem 32 MB
negative_ttl 1 minutes
cache_effective_user squid
cache_effective_group squid
maximum_object_size 32 MB
minimum_object_size 4 KB
cache_swap_high 99 %
half_closed_clients off
cache_swap_low 98%
ipcache_size 1024
ipcache_low 90
ipcache_high 95
quick_abort_min 0
quick_abort_min 0
quick_abort_pct 100
log_fqdn off
log_icp_queries off
cache_log none
icp_hit_stale on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
cache_store_log none
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
override-lastmod
override-lastmode
override-lastmode
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 180 95% 120960
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl forbiden dstdomain "/etc/squid/noacces.ye"
acl forbiden2 url_regex -i "/etc/squid/noacces2.ye"



http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost

http_access deny forbiden
http_access deny forbiden2

acl ngacir src 10.0.0.0/255.255.255.0

http_access allow ngacir

header_access Acccept-Encoding deny all

http_access allow localhost


http_reply_access allow all
icp_access allow all
visible_hostname ngacir@ngacir.com
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
append_domain .edu
err_html_text ferry@sphlc.edu
deny_info ERR_CUSTOM_ACCESS_DENIED all
memory_pools off
coredump_dir /var/spool/squid
ie_refresh off

User avatar
jo
Advanced Member
Advanced Member
Posts: 781
Joined: Sat Apr 02, 2005 8:15 pm
Location: Jakarta, Indonesia
Contact:

Postby jo » Fri Jul 01, 2005 9:29 pm

yang maksa client itu bukan squid mas...
squid hanya nerima request trus neruskannya...
yang maksa client itu iptables (atau biasa kita bilang firewall)
iptables inilah yang maksa client masuk ke squid.
What you think and What you feel and What manifests is always a Match
http://vblade.blogspot.com

User avatar
clovanzo
Junior Member
Junior Member
Posts: 212
Joined: Wed Aug 18, 2004 1:37 pm
Location: Jakarta

Postby clovanzo » Sat Jul 02, 2005 2:25 pm

Setuju sama bung jo, iptables yang berperan memaksa client untuk lewat squid. Oh ya, bung ngacir udah baca ini?
http://efnet.linux.or.id/docs/instalasi-squid.html

User avatar
ngacir
New Member
New Member
Posts: 39
Joined: Mon Jan 31, 2005 8:40 am
Location: Jakarta
Contact:

Postby ngacir » Thu Jul 28, 2005 10:35 am

saya sudah set IP TABLES di rc.local sesuai dng tutorial http://efnet.linux.or.id/docs/instalasi-squid.html , tapi tetap saya harus men set prefered DNS server baru PC Client dapat terhubung ke internet

User avatar
Fish
Senior Member
Senior Member
Posts: 614
Joined: Thu Jul 29, 2004 8:14 pm
Location: pindah neng kulon'e station purwosari sak wis'e ril spoor :-)
Contact:

Postby Fish » Thu Jul 28, 2005 11:41 am

ya tetep aja kudu pake DNS mas.. fungsinya kan buat meresolv hostname, kalo di kosongin ya skarang komputernya bingung donk, dia musti nyari resolv ke mana gitu loch.. :) sedangkan squid kan bukan berfungsi sbg dns server, squid juga butuh dns. so mending mas bikin dns server sendiri.. jadi satu sama pc route atau jadi satu sama squid juga bisa koq :)
" Ngelmu Iku Kelakone Kanthi Laku "
uid=99(nobody) gid=99(nogroup) groups=99(nogroup),98(nobody)

User avatar
ngacir
New Member
New Member
Posts: 39
Joined: Mon Jan 31, 2005 8:40 am
Location: Jakarta
Contact:

Help Me .... ????

Postby ngacir » Fri Jul 29, 2005 7:31 am

Gini Mas Fish

Saya pake win 2000 server sbg PDC dan DNS klo IP DNS Server saya arahin ke linux ( 1 PC saya jadikan DNS dan mesin squid ) user yg akan login ke win 2K server lama bgt br bisa login, tapi klo DNS server dari client saya arahin ke IP WIN 2K,client tdk bisa browsing internet secara langsung, harus saya set PROXY di tiap PC Client ( Bisa Gempor dahhh )

Terimakasih

User avatar
rezky
Senior Member
Senior Member
Posts: 261
Joined: Mon Jul 11, 2005 12:05 pm
Location: Depan Monitor

mmm...

Postby rezky » Fri Jul 29, 2005 11:06 am

DNS nya dari mana aja gak masalah..tapi mesti ada.
trus yg nentuin masuk proxy itu router bukan di et di pc (utk transparant)
ato spt mas fisg bilang router+squid dalam satu PC..
jadi PC itu utk gateway juga dan untuk squid juga..
trus pada routernya lakukan redirect tuk koneksi 80 diredirect ke ipsquid dengan port 3128 ato 8080..pakai iptables..


pc-----> switch---->pcrouter+squid--->internet

:)
rzk
I'M JuST NoThInG...........

User avatar
Fish
Senior Member
Senior Member
Posts: 614
Joined: Thu Jul 29, 2004 8:14 pm
Location: pindah neng kulon'e station purwosari sak wis'e ril spoor :-)
Contact:

Postby Fish » Fri Aug 19, 2005 8:08 am

tetep saja harus pake dns mas, sekarang gini, transparent proxy itu kan dia memaksa klien untuk memakai squid, hanya seakan2 dia ngga memakai squid, jadi untuk pertama kali melakukan koneksi, pc klien tetep harus bisa me resolv kemana tujuan nya. sedangkan kalau di pc klien langsung di pasang proxy, kemana pun tujuan nya dia harus ke proxy dulu, jadi ujung2nya proxy yg meresolv tujuannya. nah beda nya sudah keliatan kan ? permasalahan nya karena setting transparent proxy lha nama nya aja transparent, ndak keliatan, bentuknya aja pemaksaan agar koneksi pc klien melalui squid, nah sebelum pc klien masuk squid, dia kan harus tahu kemana arah tujuan dia browsing tho ? hehehe.. omongan gue belibet ya? :D
" Ngelmu Iku Kelakone Kanthi Laku "

uid=99(nobody) gid=99(nogroup) groups=99(nogroup),98(nobody)

User avatar
ngacir
New Member
New Member
Posts: 39
Joined: Mon Jan 31, 2005 8:40 am
Location: Jakarta
Contact:

Masih Belum jalan

Postby ngacir » Fri Aug 19, 2005 12:31 pm

To mas Fish ama yg laen ....

Sorry nih mas, saya masih belum bisa ngejalanin squid dng bener.

Konfigurasi proxy server saya

proxy : squid stable 2.5.6 (saya pakai squid bawaan dari mandrake 10.1, saya coba juga pake squid 2.5.9 dng configurasi ./configure \
--enable-gnuregex \
--enable-async-io=24 \
--with-aufs-threads=24 \
--with-pthreads \
--with-aio \
--with-dl \
--enable-storeio=aufs \
--enable-removal-policies=heap \
--enable-icmp \
--enable-delay-pools \
--disable-wccp \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-languages=English \
--enable-err-languages=English \
--enable-linux-netfilter \
--disable-ident-lookups \
--disable-hostname-checks \
--enable-underscores

DNS : daemontools-0.76 dan djbdns-1.05

eth1 -> ADSL Modem

eth0 -> terhubung ke switch -> cleint

Agar client dpt browsing saya harus set Prefered DNS Server ke IP eth0 yg terhubung ke switch/client.

Satu server lg windows 2000 server, yg saya gunakan sebagai PDC,file server dll.
konfigurasi :

NIC 1 ( ip 10.0.0.254 ) -> switch.


Masalahnya klo IP client utk Prefered DNS Server saya arahkan ke eth0 (mesin squid) proses login user ke windows 2000 server sangat lama dan client dapat browsing dengan nyaman.

Tapi klo IP client utk Prefered DNS Server saya ganti dengan IP windows 2000 server ( ip 10.0.0.254) proses login user ke windows 2000 server berjalan dengan mulus,cepat, tapi client tdk dapat browsing ( proxy server harus diset manual * Internet option -> connection - lan seting - > (IP eth0 dari squid ).

Nahh begitu mas masalah saya, tolong dong gimana cara ngeset nya bingung nihh.

Thanks berat buat semuanya.

User avatar
Fish
Senior Member
Senior Member
Posts: 614
Joined: Thu Jul 29, 2004 8:14 pm
Location: pindah neng kulon'e station purwosari sak wis'e ril spoor :-)
Contact:

Postby Fish » Fri Aug 19, 2005 8:00 pm

di server ada transparent proxy apa ngga ?
" Ngelmu Iku Kelakone Kanthi Laku "

uid=99(nobody) gid=99(nogroup) groups=99(nogroup),98(nobody)

User avatar
ngacir
New Member
New Member
Posts: 39
Joined: Mon Jan 31, 2005 8:40 am
Location: Jakarta
Contact:

Postby ngacir » Mon Aug 22, 2005 6:51 am

Di server 2000 gak ada transparant proxy, hanya sebagai Autentifikasi user file sharing


Return to “Linux Proxy Servers”

Who is online

Users browsing this forum: No registered users and 2 guests