On 2/16/07, netzerospace <[EMAIL PROTECTED]> wrote:
huaaaaaaaah... jadi tambah ribet om bayu
sekarang proxy saya masalah nya nambah banyak yah...
apa squid.conf saya yg salah...
client udah bisa buka website si..
tapi ip based...
jadi asal tau ip google atw yahoo pasti bisa...
kalo pake DNS ga mau... kaya www.google.com gabisa...
gimana yah...
/me dah coba di iptables tapi kayanya salah di squid.conf deh...
teori proxy yg saya tau.. :
- client ga perlu tau alamat ip sebenernya dari website yg di tuju...
- client ga perlu setting ip DNS server
- client ga perlu bisa ping google untuk melakukan koneksi...
semua nya bisa di atasi kalo ga transparant ... kalo transparant ada yg
berubah kah.. ??
yg /me lakukan di transparant proxy udah seperti yg diatas..
ini squid.conf /me
===================
#http_port 192.168.0.1:8080
#icp_port 3130
cache_mem 10 MB
cache_dir ufs /mnt/net/squid 256 16 256
#--------- default
acl all src 0.0.0.0/0.0.0.0
acl dst_all dst 0.0.0.0/0.0.0.0
acl CONNECT method CONNECT
#---------- transparent
http_port 192.168.0.1:8080 transparent
always_direct allow all
#--------- allow host
acl good_ip src "/etc/squid/good_ip.txt"
#--------- data acl
acl block_advertisers url_regex -i "/etc/squid/block_advertisers.txt"
acl block_porn url_regex -i "/etc/squid/block_porn.txt"
acl not_porn url_regex -i "/etc/squid/not_porn.txt"
acl block_proxy url_regex -i "/etc/squid/block_proxy.txt"
acl QUERY urlpath_regex cgi-bin \?
#--------- data port
#acl safe_ports port 80 443
#--------- custom denied info
deny_info CUSTOM_ERRS_ADVERTISERS block_advertisers
deny_info CUSTOM_ERRS_PORN block_porn
deny_info CUSTOM_ERRS_PROXY block_proxy
#---------- jgn di cache
no_cache deny block_advertisers
no_cache deny block_porn
no_cache deny QUERY
#---------- yang dipake apa aja acl nya
#http_access allow not_porn
#http_access deny block_advertisers
#http_access deny block_porn
http_access deny block_proxy
#---------- host
http_access allow good_ip
#---------- port
http_access deny CONNECT
#http_access deny !safe_ports
#---------- default
http_access deny all
#---------- info
cache_effective_user squid
cache_effective_group squid
cache_mgr [EMAIL PROTECTED]
maximum_object_size 256 KB
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
logfile_rotate 10
=======================================
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/24 --dport 80
-j REDIRECT --to-port 8080
=======================================
apa ada yg kurang yah
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
liat
/etc/resolv.conf
boleh ?
kalo bisa di squid.conf nya opsi dns nameservernya di kasih nilai,
misal di set ke 127.0.0.1 or dns dari ISP
sebenere si, kalo mode transparent nilai dns server di klien harus di
set... misal cuman diarahkan ke ipnya gateway. nah kalo masalah klien
gak boleh ping.. yah di blok aja port icmpnya :)
--
semusim info pindah ke Google
bayu - mandriva at http://bayuart.wordpress.com
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
