Topic: Help Proxy Transparan [Mohon Bantuanya Kang]

kang mw nanya transparan proxy ni kang

ip yg saya gunakan
===================

eth0=192.168.1.7
subnet = 255.255.255.0

eth1=192.168.100.1
subnet =255.255.255.248


==========================
settingan konfigurasinyo untuk acces list kayak gini kang
==========================
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.17.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # httpmgmt
acl Safe_ports port 488 # gsshttp
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT
acl purge method PURGE acl CONNECT method CONNECT

======================================
tapi pas nyalanke squid -z utk struktur direktori cachenyo cem ni k'
======================================

2011/10/03 10:51:44| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2011/10/03 10:51:44| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2011/10/03 10:51:44| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.1'
2011/10/03 10:51:44| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2011/10/03 10:51:44| WARNING: '127.0.0.0/255.0.0.0' is a subnetwork of '127.0.0.0/255.0.0.0'
2011/10/03 10:51:44| WARNING: because of this '127.0.0.0/255.0.0.0' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '127.0.0.0/255.0.0.0' from the ACL named 'to_localhost'
FATAL: getpwnam failed to find userid for effective user 'squid'
Squid Cache (Version 2.7.STABLE7): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys
Maximum Resident Size: 6224 KB
Page faults with physical i/o: 0
Aborted (core dumped)

maksudnyo apa y kang
kira2 apa masalahnya yach kang mohon bimbinganyo kang..
makasih kang yach sebelumnyo
big_smile

Re: Help Proxy Transparan [Mohon Bantuanya Kang]

yamakasi wrote:

kang mw nanya transparan proxy ni kang

ip yg saya gunakan
===================

eth0=192.168.1.7
subnet = 255.255.255.0

eth1=192.168.100.1
subnet =255.255.255.248


==========================
settingan konfigurasinyo untuk acces list kayak gini kang
==========================
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.17.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # httpmgmt
acl Safe_ports port 488 # gsshttp
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT
acl purge method PURGE acl CONNECT method CONNECT

======================================
tapi pas nyalanke squid -z utk struktur direktori cachenyo cem ni k'
======================================

2011/10/03 10:51:44| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2011/10/03 10:51:44| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2011/10/03 10:51:44| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.1'
2011/10/03 10:51:44| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2011/10/03 10:51:44| WARNING: '127.0.0.0/255.0.0.0' is a subnetwork of '127.0.0.0/255.0.0.0'
2011/10/03 10:51:44| WARNING: because of this '127.0.0.0/255.0.0.0' is ignored to keep splay tree searching predictable
2011/10/03 10:51:44| WARNING: You should probably remove '127.0.0.0/255.0.0.0' from the ACL named 'to_localhost'
FATAL: getpwnam failed to find userid for effective user 'squid'
Squid Cache (Version 2.7.STABLE7): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys
Maximum Resident Size: 6224 KB
Page faults with physical i/o: 0
Aborted (core dumped)

maksudnyo apa y kang
kira2 apa masalahnya yach kang mohon bimbinganyo kang..
makasih kang yach sebelumnyo
big_smile

acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object
pakai 0.0.0.0/0

acl localhost src 127.0.0.1/255.255.255.255
pakai 127.0.0.1/32

acl lan src 192.168.17.0/255.255.255.0
pakai 192.168.17.0/24

urutannya, dr yg single ip (x.x.x.x/32), class C (x.x.x.x/24), baru yg terakhir yg all (0.0.0.0/0)
karena bacanya squid itu dari atas ke bawah

terus user squid belum di buat. btw ini pakai server linux distro apa ya?

thanks

http://icare.jagoanhosting.com/banners/footer-jagoan-hosting-indonesia.gif << web hosting surabaya, mo bikin web murah n kalo ada apa-apa bisa langsung disamperin big_smile
Guling-guling ... http://www.mysmiley.net/imgs/smile/happy/happy0071.gif hihihihi jadi pusing

Re: Help Proxy Transparan [Mohon Bantuanya Kang]

eth0= 192.168.1.7
netmask = 255.255.255.0

eth 1= 192.168.100.0
netmask= 255.255.255.248
gateway=192.168.1.1
dns= 192.168.1.1

maksud ane, ane mw hubungi ke klien dengan menggunakan ip
ip untuk klient = 192.168.100.2
netmask= 255.255.255.248
gateway=192.168.1.1
dns= 192.168.100.1

# ========================#
# PORT KONEKSI
# ========================#

http_port 3128 transparent
icp_port 0

# ========================================================= #
# OPTIONS WHICH AFFECT THE CACHE SIZE
# ========================================================= #
# Ukuran memori (RAM) yang digunakan untuk meng-cache obyek.
#========================================================== #

cache_mem 64 MB

# Ukuran maksimum obyek yg di-cache ke Harddisk & Memory

maximum_object_size 50 MB
maximum_object_size_in_memory 128 KB

# Untuk mengatur agar squid selalu berusaha menyimpan obyek
# dalam memory
# Jika cache_mem sudah penuh, data akan di-swap ke harddisk


cache_swap_low 98%
cache_swap_high 99%

# Metode swapping data dari memory ke cache harddisk
# LFUDA = squid akan men-cache obyek2 berukuran besar
# GDSF = men-cache obyek2 kecil secara progressif

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

# ==========================================#
# DIREKTORI LOG DAN CACHE
# ==========================================#

cache_dir aufs /var/spool/squid 10000 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log squid
cache_store_log none

# Daftar mime squid. Agar proses filtering obyek lebih cepat

mime_table /usr/share/squid/mime.conf

# ========================================================== #
# HIERARCHY STOPLIST
# Daftar kata2 yg jika ditemukan dalam sebuah URL, menyebabkan
# obyek akan ditangani langsung oleh squid.
# ========================================================== #

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# ============================================== #
# DAFTAR AKSES KONTROL
# ============================================== #

acl all src 0.0.0.0/0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl lan src 192.168.100.0/29
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # httpmgmt
acl Safe_ports port 488 # gsshttp
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT


# ============================================== #
# PEMBATASAN AKSES
# ============================================== #

acl waktu_boleh time MTWHFA 08:00-16:00
acl domain_dilarang dstdomain "/etc/squid/daftar_domain_dilarang.txt"
acl url_dilarang url_regex -i "/etc/squid/daftar_url_dilarang.txt"
acl dilarang_download time MTWHFA 08:00-12:00
acl x_file url_regex -i ftp .mp3 .mp4 .mpg .mpeg .avi .wmv .mkv .wav .3gp .dat $
acl bebas_download time MTWHFA 15:00-19:00

# =========================================== #

delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 64000/80000
delay_access 1 allow !bebas_download
delay_access 1 deny all

delay_class 2 2
delay_parameters 2 -1/-1 2048000/3072000
delay_access 2 allow bebas_download
delay_access 2 deny all

# ============================================== #
# AKSES INTERNET
# ============================================== #

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny !waktu_boleh
http_access deny domain_dilarang
http_access deny url_dilarang

http_access allow lan

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow localhost
http_reply_access allow all
icp_access allow all

# ========================= #
# Membatasi Download File
# ========================= #

#Tolak download jika file lebih besar dari 10MB=10000x1024 byte
# = 10240000 byte
reply_body_max_size 10240000 allow x_file !dilarang_download

# ========================= #
# Monitoring cachemgr.cgi
# ========================= #
# ========================= #

cachemgr_passwd yamakasi all

# =============================================== #
# TUNING CACHE PROXY
# =============================================== #

refresh_pattern ^ftp:                   1440           20%                  10080
refresh_pattern ^gopher:          1440           0%                    1440
refresh_pattern:                                   0           20%                  4320


# ============================================= #
# ADMINISTRATIVE PARAMETERS
# ============================================= #

cache_mgr admin@dkp.co.id
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy7.dkp.go.id

#==============================#
# PESAN ERROR BAHASA INDONESIA
#==============================#

error_directory /usr/share/squid/errors/id

pas ane mw jalanin cachenya
squid -z
muncul error kayak gini kang

2011/10/05 19:00:16| parseConfigFile: squid.conf:158 unrecognized: 'refresh_pattern:'
2011/10/05 19:00:16| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2011/10/05 19:00:16| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2011/10/05 19:00:16| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2011/10/05 19:00:16| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.1'
2011/10/05 19:00:16| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2011/10/05 19:00:16| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2011/10/05 19:00:16| WARNING: '127.0.0.0/255.0.0.0' is a subnetwork of '127.0.0.0/255.0.0.0'
2011/10/05 19:00:16| WARNING: because of this '127.0.0.0/255.0.0.0' is ignored to keep splay tree searching predictable
2011/10/05 19:00:16| WARNING: You should probably remove '127.0.0.0/255.0.0.0' from the ACL named 'to_localhost'
2011/10/05 19:00:16| Creating Swap Directories


tolong yach kang kasih solusi yach kang....
mohon bimbinganya yach kang
big_smile

Re: Help Proxy Transparan [Mohon Bantuanya Kang]

yg ini

acl all src 0.0.0.0/0

Ganti dgn ini

acl all src all

Di tag refresh_pattern di benerin lg, atau biarkan default saja.

Save n close editor

cek :
squid -k parse
(kalau tidak muncul apa-apa konfig udah benar, kalo ada error ya benerin lagi)

kalo udah ga ada masalah br buat direktory swap cache'y :
squid -z

subnet ama ip n gateway pd eth1 di atas di cek lagi tuh.


Jgn asal copast file config squid nya, sesuai dulu.

Kalo masih ada yg error liat lagi pesan error nya, disitukan di sebutin tag mana saja yg belum benar.

Re: Help Proxy Transparan [Mohon Bantuanya Kang]

udah ane perbaiki kang tapi kok masih error
mohon kasih petunjuknya kang
ane bingung nie

errornya munculnya kayak gini
maap sebelumnya ane copy dari sell

2011/10/06 14:10:41| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '127.0.0.1/255.0.0.0'
2011/10/06 14:10:41| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2011/10/06 14:10:41| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2011/10/06 14:10:41| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2011/10/06 14:10:41| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.0/255.0.0.0'
2011/10/06 14:10:41| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2011/10/06 14:10:41| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2011/10/06 14:10:41| WARNING: '127.0.0.0/255.0.0.0' is a subnetwork of '127.0.0.0/255.0.0.0'
2011/10/06 14:10:41| WARNING: because of this '127.0.0.0/255.0.0.0' is ignored to keep splay tree searching predictable
2011/10/06 14:10:41| WARNING: You should probably remove '127.0.0.0/255.0.0.0' from the ACL named 'to_localhost'


kira2 pada bagian mana yach kang errornya