*Ass, Temans...
Akhir-akhir ini banyak yang mengeluh dengan APP Spoofing ..
Yang kabarnya Trojan ini dari CHina yang bisa mebuat inet kita lambat dengan
menggadakan Mac Address Gateway ..
Bikin sering komputer jadi Hang apalagi buka yahoo massenger ..
Nah apakan teman2 disini bisa membantu bagaimana cara mengatasi ini lewat
proxy? Mungkin meningkatkan firewall kita ...
Saat ini saya memakai OpenBSD ?
Mohon pencerahannya dari temans semua
Salam
Ibenk Maulana
*
=================================================================================================
Transparent Squid on OpenBSD Tutorial
=================================================================================================
Here is a quick Squid howto tutorial on setting up a transparent Squid
server. The method used is a strict whitelist blacklist listing. We class
the whole internet as insecure and whitelist domains on a turn by turn
basis. Depending on your requirements you may not want to implement
whitelisting and blacklisting but for a small company after a a few months
of sniffing domains there may only be a few domains per day to add to the
whitelist.
Add the Squid package pkg_add
# pkg_add $PKG_PATH/squid-2.5.STABLE13-transparent.tgz
The Squid proxy needs a configuration file to operate correctly.
/etc/squid/squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
acl our_networks src 192.168.0.0/16
acl noproxy1 src 192.168.4.3/32 #dont proxy this machine
acl ie_browser browser `^Mozilla/4\.0 .compatible; MSIE;` #Internet Explorer
acl bad_browser browser ^Gator # spyware crap
acl windowsupdate dstdomain .windowsupdate.com # allow ie
acl windowsupdate dstdomain .windowsupdate.microsoft.com
acl ie_exceptions dstdomain .1u-firewall.com
acl ie_exceptionsa dst 3.4.5.6 #Allow Internet explorer to this IP address
acl SMTP_port port 25
acl whitelist url_regex -i "/etc/squid/whitelist.txt"
acl blacklist url_regex -i "/etc/squid/blacklist.txt"
http_port 127.0.0.1:3128
http_access deny bad_browser
http_access deny SMTP_port
http_access allow whitelist
http_access deny alwaysblacklist
http_access allow noproxy1
http_access deny blacklist
http_access allow our_networks
http_access allow manager localhost
http_access deny to_localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/squid/cache
visible_hostname earth.1u-firewall.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_mgr [EMAIL PROTECTED]
#eof
/etc/squid/blacklist.txt
http://
You will need to fill the whitelist.txt with domains that are deemed OK.
/etc/squid/whitelist.txt
.google.com
.1u-firewall.com
.nhs.uk
.sch.uk
.gov.uk
Create the squid swap directories # squid -z
Start Squid # squid
If the squid.conf changes, Squid will have to be reloaded with the following
command # squid -k reconfigure
PF (OpenBSD's Firewall) needs to be configured so that any inbound request
is passed to the Squid proxy service. The following is a rough outline of
whats needed and a few extras.
/etc/pf.conf
$int_if="fxp0"
$ext_if="fxp1"
no rdr on $int_if inet proto tcp from any to 1.2.3.4 port www #dont proxy
this web server
rdr pass on $int_if inet proto tcp from any to any port www ->
127.0.0.1port 3128 #squid proxy redirect
set skip on lo0 #default pass for loopback
antispoof quick for { lo $int_if } label "Antispoofing" #antispoofing
pass in quick on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep
state label "Squid redirect lookback"
pass out quick on $ext_if inet proto tcp from any to any port www keep state
queue q_web label "Squid redirect external"
pass out quick on $ext_if proto icmp keep state label "ICMP access"
pass out quick on $ext_if from any to 2.3.4.5 keep state label "OK outbound
access 2.3.4.5"
block out log on $ext_if label "Fallback to Block"
#eof
Squid requires access to the PF device. The simplist way is to change the
group on that device # chgrp _squid /dev/pf
# chmod g+rw /dev/pf
[Non-text portions of this message have been removed]
------------------------------------
Official Web Site : http://www.awari.or.id
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/asosiasi-warnet/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/asosiasi-warnet/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
