2009/12/21 Nyoman [D] <nyo...@royalperspective.com>:
> On Mon, 2009-12-21 at 10:10 +0700, "mbah Darmo" wrote:
>> 2009/12/21 Nyoman [D] <nyo...@royalperspective.com>:
>> > On Mon, 2009-12-21 at 07:34 +0700, "mbah Darmo" wrote:
>> >> >> > Nyoman
>> >> >> >
>> >> >> @Pak Nyoman,
>> >> >> sudah saya baca pak...,maaf tadi belum saya paste hasilnya, thanks,
>> >> >>
>> >> >> C:\Documents and Settings\hp>ping 125.163.182.189
>> >> >>
>> >> >> Pinging 125.163.182.189 with 32 bytes of data:
>> >> >>
>> >> >> Reply from 125.163.182.189: bytes=32 time=6ms TTL=64
>> >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64
>> >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64
>> >> >> Reply from 125.163.182.189: bytes=32 time<1ms TTL=64
>> >> >>
>> >> >> C:\Documents and Settings\hp>tracert google.com
>> >> >>
>> >> >> Tracing route to google.com [216.239.61.104]
>> >> >> over a maximum of 30 hops:
>> >> >>
>> >> >> 1 <1 ms <1 ms <1 ms ns1.sctc.local [192.168.0.254]
>> >> >> 2 * * * Request timed out.
>> >> >> Trace complete.
>> >> >>
>> >> >
>> >> > Aneh ya... kenapa traceroute tidak melewati IP 125.163.182.189 ?
>> >> >
>> >> > Bagaimana topology network bapak?
>> >> > Apakah seperti ini??
>> >> >
>> >> > 192.168.0.0/24 (LAN)-----|Mesin Linux sekaligus Proxy|---- Internet
>> >> >
>> >> > Makin penasaran.. masalahnya di mana ya...
>> >> > Coba paste hasil traceroute ke IP 125.163.182.189 pak
>> >> >
>> >> > Nyoman
>> >> >
>> >>
>> >> @Pak Nyoman,
>> >> Topologinya betul seperti yang pak Nyoman gambarkan, berikut ini hasil
>> >> trace route ke 125.163.182.189:
>> >>
>> >> C:\Users\Administrator>tracert 125.163.182.189
>> >>
>> >> Tracing route to 189.subnet125-163-182.speedy.telkom.net.id
>> >> [125.163.182.189]
>> >> over a maximum of 30 hops:
>> >>
>> >> 1 <1 ms <1 ms <1 ms
>> >> 189.subnet125-163-182.speedy.telkom.net.id [125.
>> >> 163.182.189]
>> >>
>> >> Trace complete.
>> >>
>> >> C:\Users\Administrator>
>> >>
>> >> FYI: berikut beberapa rule iptables yang saya eksekusi (mohon
>> >> dikoreksi ya pak...)
>> >>
>> >> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports
>> >> 3128
>> >> iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports
>> >> 3128
>> >> iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT --to-ports
>> >> 3128
>> >> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports
>> >> 3128
>> >> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT
>> >> --to-source 125.163.182.189
>> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> >> --to-ports 3128
>> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
>> >> --to-ports 3128
>> >> iptables -table nat -A POSTROUTING -o eth0 -j MASQUERADE
>> >> iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
>> >> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT --to
>> >> 192.168.1.1/24
>> >>
>> >> dimana:
>> >> eth2 192.168.1.1/24 dari internet
>> >> eth0 192.168.0.0/24 menuju LAN
>> >>
>> >> kami tunggu pencerahannya pak...,(maklum bar4u belajar iptables :D )
>> >>
>> >> thanks & Regards,
>> >> Supriyadi
>> >>
>> >
>> > Silahkan pilih salah satu,
>> > Hapus no 1 atau no 6
>> > Hapus no 4 atau no 7
>> > Hapus no 5 dulu, sementara pake yang -j MASQUERADE (no 8)
>> > Untuk no 10 saya agak bingung... coba deh di hapus atau comment( isi
>> > tanda # depannya) dulu
>> >
>> > Nah ini masalahnya...
>> > kok eth0 pake IP local ? Saya sebelumnya nebak kalau computer ini pake
>> > IP public..
>> > Berarti topology nya nggak seperti yang saya beri dong
>> > Tapi kurang lebih spt ini:
>> >
>> > LAN|---|eth0___eth2|---|sesuatu yang punya IP public|---Internet
>> >
>> > eth0___eth2 adalah mesin/computer yang ada squidnya
>> > sesuatu yang punya IP public saya tidak tahu
>> > Apakah seperti ini ???
>> >
>> > Nyoman
>> >
>>
>> rule nmr 5,6,7,10 sementara saya comment pak,
>> untuk eth0 pake ip local karena menuju ke LAN pak, lalu yang eth2
>> terhubung ke adsl modem, namun modemnya hanya sebagai bridge, jadi
>> yang dial internet servernya (pakai kinternet) kalo misal saya check
>> keluarnya seperti ini pak:
>>
>> server:~ # ip address show
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>> link/ether 00:14:5e:c9:1b:9e brd ff:ff:ff:ff:ff:ff
>> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
>> inet 192.168.55.1/24 brd 192.168.55.255 scope global eth0
>> inet6 fe80::214:5eff:fec9:1b9e/64 scope link
>> valid_lft forever preferred_lft forever
>> 3: sit0: <NOARP> mtu 1480 qdisc noop
>> link/sit 0.0.0.0 brd 0.0.0.0
>> 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>> link/ether 00:21:91:91:b1:0a brd ff:ff:ff:ff:ff:ff
>> inet 192.168.1.2/24 brd 192.168.1.255 scope global eth2
>> inet6 fe80::221:91ff:fe91:b10a/64 scope link
>> valid_lft forever preferred_lft forever
>> 5: dsl0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
>> link/ppp
>> inet 125.163.182.189 peer 125.163.176.1/32 scope global dsl0
>> server:~ #
>>
>> thanks,
>>
>
> Oh.. pppoe ya...
> kalau gitu berarti command salah pak
>
> Coba pake ini...
> iptables -table nat -A POSTROUTING -o dsl0 -j MASQUERADE
> atau:
> iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT
> --to-source 125.163.182.189
>
> Nyoman
>
sudah saya coba pak,sekarang rule nya tinggal ini:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -p tcp --dport 3124 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A POSTROUTING -o dsl0 -s 192.168.1.0/24 -j SNAT
apabila saya check:
server:~ # iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 14094 packets, 1012K bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:81 redir ports 3128
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3124 redir ports 3128
0 0 REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 redir ports 3128
Chain POSTROUTING (policy ACCEPT 21157 packets, 1414K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 20663 packets, 1400K bytes)
pkts bytes target prot opt in out source destination
server:~ #
ternyata juga masih belum bisa pak..,thanks...
regards,
supriyadi
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
