[EMAIL PROTECTED]:/home/mirza# iptables -A POSTROUTING -t mangle -i eth3 -p tcp --dport 80 -j ROUTE --gw sekian.sekian.sekian.sekian --oif eth0 iptables v1.3.1: Unknown arg `--gw' Try `iptables -h' or 'iptables --help' for more information. [EMAIL PROTECTED]:/home/mirza#
On 8/2/06, Hari Hendaryanto <[EMAIL PROTECTED]> wrote:
Mirza Khadnezar wrote: > server : > eth0 : gw1 > eth1 : gw2 > eth3 : LAN > > rc.local : > /sbin/iptables --flush > /sbin/iptables --table nat --flush > /sbin/iptables --delete-chain > /sbin/iptables --table nat --delete-chain > /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 > -j MASQUERADE > /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT > /sbin/iptables --table nat --append POSTROUTING --out-interface eth1 > -j MASQUERADE > /sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT > echo 1 > /proc/sys/net/ipv4/ip_forward > dhclient > ifconfig eth2 192.168.1.1 > ifconfig eth3 down > #ifconfig eth1 192.168.2.1 > #route add default gw 192.168.1.1 > #ipmasq > /etc/init.d/bind9 start > named > > /sbin/iptables -A PREROUTING -t nat -p tcp -s 192.168.1.0/24 --dport > 80 -j DNAT --to 202.73.109.166:2210 > ------------------------------------------------------------------------------------------------------------------- > > squid.conf > > http_port 2210 > icp_port 3130 > snmp_port 3401 > cache_mgr admin > > #cache_peer 123.45.67.89 parent 3128 3130 proxy-only > #cache_peer 202.143.61.37 sibling 3128 3130 proxy-only > #cache_peer 222.124.79.54 parent 2210 3130 proxy-only > > # ngembat proxy cbn ah di proxy.cbn.net.id port 8080 > #cache_peer proxy.cbn.net.id sibling 8080 3130 proxy-only > > > > #icp_query_timeout 2000 > #connection_timeout 90 > #reply_body_max_size 2048 > #maximum_icp_query_timeout 2000 > #mcast_icp_query_timeout 2000 > > dead_peer_timeout 10 seconds > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > visible_hostname rendezvous.server02.sat-c.net > cache_mem 128 MB > > cache_swap_low 80% > cache_swap_high 100% > > #cache_dir diskd /cache1 3200 8 64 max-size=-1 Q1=64 Q2=72 > #cache_dir diskd /cache2 3200 8 64 max-size=-1 Q1=64 Q2=72 > #cache_dir diskd /cache3 3200 8 64 max-size=-1 Q1=64 Q2=72 > #cache_dir diskd /cache4 3200 8 64 max-size=-1 Q1=64 Q2=72 > cache_dir diskd /var/spool/squid 1024 8 64 max-size=-1 Q1=64 Q2=72 > #cache_dir ufs /cache 1600 4 256 > > cache_access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > cache_store_log /var/log/squid/store.log > pid_filename /var/run/squid.pid > > forwarded_for off > > half_closed_clients off > cache_effective_user proxy > cache_effective_group proxy > cache_mgr [EMAIL PROTECTED] > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > #acl x1 url_regex "/etc/streaming" > #acl x2 urlpath_regex -i "/etc/download" > acl gator dstdomain .gator.com > acl gohip dstdomain .gohip.com > acl kazaa dstdomain .kazaa.com > acl ad dstdomain .advertising.com > acl real dstdomain .xreal.com > acl pornsite url_regex 220.73.222.254 > acl LAN src 192.168.1.0/255.255.255.0 > acl NOC src 192.168.1.0/255.255.255.0 > acl snmpcommunity snmp_community nama_snmpcommunity # bila ingin > meng-grab traffik dari squid > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1 > acl SSL_ports port 443 563 > acl Safe_ports port 21 80 81 53 110 143 443 563 70 210 1025-65535 > #acl Safe_ports port 21 80 > #acl Safe_ports port 2000-2500 > #acl Safe_ports port 4000-5900 > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > #header_access User-Agent deny all > #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha) > > # HTTP REQUEST TO A LOCAL WEB SERVER > httpd_accel_host 202.73.109.166 > httpd_accel_port 80 > acl acceleratedHost dst 202.73.109.166/255.255.255.255 > acl acceleratedPort port 8000 > > http_access allow manager localhost > # http_access deny manager # di-uncomment bila tidak ingin > menggunakan cachemgr.cgi > http_access deny !Safe_ports > http_access deny pornsite > http_access deny CONNECT !SSL_ports > snmp_access allow snmpcommunity > > #http_access deny x1 > #http_access deny x2 > http_access deny gator > http_access deny gohip > http_access deny ad > http_access deny real > http_access deny kazaa > > http_access allow LAN > http_access allow NOC > http_access allow localhost > http_access allow acceleratedHost > http_access deny all > snmp_access deny all > > # OPSIONAL > #always_direct allow LAN > #always_direct allow NOC > #never_direct allow all > httpd_accel_host virtual > #httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > cachemgr_passwd ayamgoreng manager > negative_ttl 1 minutes > buffered_logs on > > # BEBERAPA KLIEN DILARANG MENGAKSES WEB DI MALAM HARI > > #acl terlarang src 192.168.1.128/255.255.255.192 > #acl aksesiang time SMTWHFA 08:00-20:00 > #acl aksesiang time 08:00-20:00 > #http_access allow terlarang aksesiang > #http_access deny terlarang > > ================================== > > saya mau port 80 21 8080 yang di rekuest oleh semua client melalui > gw1(eth0) > port 5000:8000 pake eth1 > > gimana yah ngatur nya ? > karena saya liat di squid kagak ngepek > apa perlu pake ip tables ? > -- > [EMAIL PROTECTED]:/home/mirza# iptables -A FORWARD -p tcp -i eth3 > --dport 80 -j ROUTE -oif eth0 > Bad argument `eth0' > Try `iptables -h' or 'iptables --help' for more information. > [EMAIL PROTECTED]:/home/mirza# > [EMAIL PROTECTED]:/home/mirza# iptables -A FORWARD -p tcp -i eth3 > --dport 80 -j ROUTE --oif eth0 > iptables v1.3.1: Unknown arg `--oif' > Try `iptables -h' or 'iptables --help' for more information. > [EMAIL PROTECTED]:/home/mirza# > > ga bisa juga > mungkin ad ayang bisa ngasih solusinya ? > UBUNTU BREEZY > > ASAP > coba command iptables nya begini: iptables -A POSTROUTING -t mangle -i eth3 -p tcp --dport 80 -j ROUTE --gw x.x.x.x --oif eth0 mungkin bisa :) regards PT.CITRA SARI MAKMUR SATELLITE & TERRESTRIAL NETWORK Connecting the distance - anytime, anywhere, any content -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
-- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
