server : eth0 : gw1 eth1 : gw2 eth3 : LAN rc.local : /sbin/iptables --flush /sbin/iptables --table nat --flush /sbin/iptables --delete-chain /sbin/iptables --table nat --delete-chain /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT /sbin/iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward dhclient ifconfig eth2 192.168.1.1 ifconfig eth3 down #ifconfig eth1 192.168.2.1 #route add default gw 192.168.1.1 #ipmasq /etc/init.d/bind9 start named
/sbin/iptables -A PREROUTING -t nat -p tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to 202.73.109.166:2210 ------------------------------------------------------------------------------------------------------------------- squid.conf http_port 2210 icp_port 3130 snmp_port 3401 cache_mgr admin #cache_peer 123.45.67.89 parent 3128 3130 proxy-only #cache_peer 202.143.61.37 sibling 3128 3130 proxy-only #cache_peer 222.124.79.54 parent 2210 3130 proxy-only # ngembat proxy cbn ah di proxy.cbn.net.id port 8080 #cache_peer proxy.cbn.net.id sibling 8080 3130 proxy-only #icp_query_timeout 2000 #connection_timeout 90 #reply_body_max_size 2048 #maximum_icp_query_timeout 2000 #mcast_icp_query_timeout 2000 dead_peer_timeout 10 seconds acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY visible_hostname rendezvous.server02.sat-c.net cache_mem 128 MB cache_swap_low 80% cache_swap_high 100% #cache_dir diskd /cache1 3200 8 64 max-size=-1 Q1=64 Q2=72 #cache_dir diskd /cache2 3200 8 64 max-size=-1 Q1=64 Q2=72 #cache_dir diskd /cache3 3200 8 64 max-size=-1 Q1=64 Q2=72 #cache_dir diskd /cache4 3200 8 64 max-size=-1 Q1=64 Q2=72 cache_dir diskd /var/spool/squid 1024 8 64 max-size=-1 Q1=64 Q2=72 #cache_dir ufs /cache 1600 4 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid forwarded_for off half_closed_clients off cache_effective_user proxy cache_effective_group proxy cache_mgr [EMAIL PROTECTED] refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 #acl x1 url_regex "/etc/streaming" #acl x2 urlpath_regex -i "/etc/download" acl gator dstdomain .gator.com acl gohip dstdomain .gohip.com acl kazaa dstdomain .kazaa.com acl ad dstdomain .advertising.com acl real dstdomain .xreal.com acl pornsite url_regex 220.73.222.254 acl LAN src 192.168.1.0/255.255.255.0 acl NOC src 192.168.1.0/255.255.255.0 acl snmpcommunity snmp_community nama_snmpcommunity # bila ingin meng-grab traffik dari squid acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl SSL_ports port 443 563 acl Safe_ports port 21 80 81 53 110 143 443 563 70 210 1025-65535 #acl Safe_ports port 21 80 #acl Safe_ports port 2000-2500 #acl Safe_ports port 4000-5900 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #header_access User-Agent deny all #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha) # HTTP REQUEST TO A LOCAL WEB SERVER httpd_accel_host 202.73.109.166 httpd_accel_port 80 acl acceleratedHost dst 202.73.109.166/255.255.255.255 acl acceleratedPort port 8000 http_access allow manager localhost # http_access deny manager # di-uncomment bila tidak ingin menggunakan cachemgr.cgi http_access deny !Safe_ports http_access deny pornsite http_access deny CONNECT !SSL_ports snmp_access allow snmpcommunity #http_access deny x1 #http_access deny x2 http_access deny gator http_access deny gohip http_access deny ad http_access deny real http_access deny kazaa http_access allow LAN http_access allow NOC http_access allow localhost http_access allow acceleratedHost http_access deny all snmp_access deny all # OPSIONAL #always_direct allow LAN #always_direct allow NOC #never_direct allow all httpd_accel_host virtual #httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cachemgr_passwd ayamgoreng manager negative_ttl 1 minutes buffered_logs on # BEBERAPA KLIEN DILARANG MENGAKSES WEB DI MALAM HARI #acl terlarang src 192.168.1.128/255.255.255.192 #acl aksesiang time SMTWHFA 08:00-20:00 #acl aksesiang time 08:00-20:00 #http_access allow terlarang aksesiang #http_access deny terlarang ================================== saya mau port 80 21 8080 yang di rekuest oleh semua client melalui gw1(eth0) port 5000:8000 pake eth1 gimana yah ngatur nya ? karena saya liat di squid kagak ngepek apa perlu pake ip tables ? -- [EMAIL PROTECTED]:/home/mirza# iptables -A FORWARD -p tcp -i eth3 --dport 80 -j ROUTE -oif eth0 Bad argument `eth0' Try `iptables -h' or 'iptables --help' for more information. [EMAIL PROTECTED]:/home/mirza# [EMAIL PROTECTED]:/home/mirza# iptables -A FORWARD -p tcp -i eth3 --dport 80 -j ROUTE --oif eth0 iptables v1.3.1: Unknown arg `--oif' Try `iptables -h' or 'iptables --help' for more information. [EMAIL PROTECTED]:/home/mirza# ga bisa juga mungkin ad ayang bisa ngasih solusinya ? UBUNTU BREEZY ASAP -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis