BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 01 May 2012, 15:21

jaringan di tempat saya menggunakan Mikrotik + Squid proxy external ubntu server 10.04

- Topologi network Mikrotik sejajar dg Squid Proxy

isp (192.168.1.1) -----Mikrotik ---- squid proxy (192.168.10.1)
|
|
Lokal network (10.5.50.0/24)
Note :
ip GW mikrotik ke modem = 192.168.1.2
ip GW mikrotik ke lokal network = 10.5.50.1
1p GW mikrotik ke squid proxy = 192.168.10.2

Semuanya sdh terkonfigurasi dg baik..client di lan lokal bisa browsing internet...naaah yg jdi masalah pd saat sy liat "tail -f /var/log/squid/access.log | ccze " yang terecord hanya ip squid server-nya saja..nah loh pada kemana ip local range 10.5.50.0/24 ??

Apa ada routing yg harus sy tambahkan..iptables-nya mungkin..?
saat ini iptables-nya masih default (blm ada)

Atau nat firewall saya yg slah di mikrotik ?
User avatar
fathayu
Posts: 2
Joined: 15 May 2012, 02:25
Location: bekasi, indonesia

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby fathayu » 15 May 2012, 04:32

ym ane add gan... mumpung lagi ol sekarang

ym: fathayu
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 16 May 2012, 23:24

Akhirnya ada yang mw bantuin ane...tpi..waduh..pas ente ol di forum..ane kagak ol di forum gan.... oke..sy add ym-nya...ini ym ane gan > wong_284
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby yudiarbi » 17 May 2012, 02:59

iptables di sisi server gmn?di sisi mikrotik jg gimana?
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 18 May 2012, 13:36

Oke..masbro yudiarbi ini sy gelar konfigurasinya...

1. Iptables di sisi ubuntu server...sy cek dengan iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. nat firewall disisi mikrotik ke parent proxy

ip firewall nat add chain srcnat action masquerade

dan

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=!192.168.10.1 disabled=no dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128
User avatar
antoniusgenta
Posts: 103
Joined: 29 Dec 2011, 14:40
Location: jakarta

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby antoniusgenta » 22 May 2012, 00:12

andi_wong wrote:Oke..masbro yudiarbi ini sy gelar konfigurasinya...

1. Iptables di sisi ubuntu server...sy cek dengan iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. nat firewall disisi mikrotik ke parent proxy

ip firewall nat add chain srcnat action masquerade

dan

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=!192.168.10.1 disabled=no dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128


sudah tambahkan rule di squidnya mas?
acl localnet (ip local)

regards
genta
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby yudiarbi » 22 May 2012, 08:50

di sisi mikrotik coba bro :

Code: Select all

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=10.5.50.1 dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 23 May 2012, 09:49

>> Antoniusgenta
kalo acl localnet di squid sdh ada bro...


>> Yudiarbi
Sudah sy coba bro...tapi client malah gk bisa akses internet..

Trus saya coba sprt di bawah ini :
ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=10.5.50.0/24 dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128

Hasilnya client bisa akses internet tapi kecepatan aksesnya malah agak lambat..

trus saya tambahkan interfaces out = public di >> ip firewall nat add chain srcnat action masquerade

Hasilnya beberapa Client ada penampakannya di access log squid dan juga di SARG report...namun cuma bertahan sebentar..trus balik lagi ke awal yaitu hanya ip-address dari squid proxy yg tampil di access log dan SARG repot..

Masbro-masbro sekalian ada gagasan lain... ??
User avatar
SaidBasyar
Posts: 2
Joined: 25 May 2012, 22:07
Location: Jombang Jawa timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby SaidBasyar » 25 May 2012, 22:14

da yg bisa bantu aq membangun proxy external MT dengan ubuntu server 10... ????
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby yudiarbi » 26 May 2012, 22:31

@andi_wong :
sesuai data smpyn :

Code: Select all

IP address mikrotik menuju proxy : 192.168.10.2
IP address klien-klien : 10.5.50.0/24
sy asumsikan :
IP address proxy menuju mikrotik : 192.168.10.3

coba ini bos :

Code: Select all

/ip firewall address-list
add address=192.168.10.0/24 list=ip-proxy
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.10.3 to-ports=3128

di proxy eksternal, Simpan baris-baris berikut ini kedalam file /etc/rc.local

Code: Select all

route add default gateway 192.168.10.2
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 10.5.50.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.10.3 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.10.3 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT

semoga membantu
@saidbasyar:search aj bro, posting kendala di sini biar sama2 belajar
User avatar
darelove
Posts: 6
Joined: 30 May 2012, 06:21

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby darelove » 30 May 2012, 06:47

coba pake ini gan settingan firewal di mikrotik

chain=dstnat action=dst-nat to-addresses=ipproxyagan to-ports=3128 protocol=tcp src-address=!ipproxyagan
src-address-list=LocalNet dst-address-list=!addreslistproxy dst-port=80,8080,3128
connection-mark=http-con

kalo masih belum bisa mampir aja ke forum mikrotik indonesianya gan banyak yg ngurus beginian sama head proxy lusca :D
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 30 May 2012, 22:19

@ Yudiarbi :
Mantep nih masbro Yudiarbi...panduannya sgt jelas sekali...baiklah akan saya coba...tp harus menunggu waktu yg tepat dulu utk uji coba (maklum server kantor)..user pd ribut kalo inet macet dikit...nanti hasilnya akan segera ku publish disini..

@ SaidBasyar : Bner kata Masbro Yudiarbi..searh dulu di mbah google lalu nanti digelar aja jika problemnya...spt yg sy lakukan skrg..

@ darelove : Siiip masbro darelove..nanti sy coba juga sarannya..
User avatar
bing123
Posts: 21
Joined: 30 Dec 2010, 22:54
Location: jember;indonesia
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bing123 » 01 Jun 2012, 12:47

pengen belajar juga,.....
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby yudiarbi » 01 Jun 2012, 15:04

di sini kita sama2 belajar mas bro @bing123.. :D
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 02 Jun 2012, 20:07

@ Masbro Yudiarbi > sudah sy coba seperti petunjuk setingan2 diatas yaitu firewall nat di mikrotik dan iptables di ubuntu servernya..

Hasilnya adalah hampir sama, sbb :

1. Ip address clinet yg di set static terekam semua...yaitu dari 10.5.50.50 - 10.5.50.69
2. Tetapi ip address client yg didpt dari DHCP-nya hotspot malah tertangkap beberapa saja ? Sperti 10.5.50.120, 10.5.50.143, 10.5.50.109, ...

Penampakannya seperti gbr dibawah ini Masbro...


https://sites.google.com/site/ecaknyo/h ... ubuntu.png


Kira-kira...apalagi yg mau di tambah / di modifikasi setingan yg sdh ada...utk sekedar info di hotspot server profile , http proxy dan port-nya sdh mengarah ke external proxy (192.168.10.1:3128)..


@ Darelove > Setelah dicoba setingannya.. hasilnya yang terekam oleh SARG ada penampkannya clientnya bro, yg PC-nya Ip addressny di set static...tetapi client yg ip addressny dri DHCP hotspot gk terekam sm sekali...
Attachments
sarg utk ubuntu.png
sarg utk ubuntu.png (39.65 KiB) Viewed 847 times
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby yudiarbi » 02 Jun 2012, 20:14

loh ada hostspotnya juga?itu topologi kok gak disertain?
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby bang_andi » 02 Jun 2012, 20:40

@ Yudiarbi : iya ada hotspotny jg....maap..lupa sy sertai di topologinya..hehe
User avatar
GongLang
Posts: 93
Joined: 20 Jul 2012, 19:55
Location: PematangSiantar
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby GongLang » 24 Jul 2012, 08:03

Minta pencerahan donk sesepuh diatas -_-`
Sudah mumet gan ...

Kejadiannya sama seperti mas bro @andi_wong
Client bisa browsing, bisa remote SSH tapi squid tidak bekerja sama sekali

Topology nya sama sepert mas bro @andi_wong

ISP (192.168.100.254) --- Mikrotik (192.168.0.254) --- Squid Proxy (192.168.66.222)
LAN (192.168.0.0/24) output dari Mikrotik

IP Mikrotik ke Modem = 192.168.100.253
IP Mikrotik ke Proxy = 192.168.66.254
IP Mikrotik = 192.168.0.254

semua "squid.conf" sudah di check tidak ada yang bermasalah dengan perintah "Squid3 -k parse"
iptables pun sudah di configuration sesuai dengan permasalah mas bro @andi_wong

berikut ini hasil tampilannya

Code: Select all

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:http redir ports 3128
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:https redir ports 3128
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:http-alt redir ports 3128

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere



Tapi ... saat di check di "access.log" malah seperti ini

Code: Select all

1343086223.881      0 127.0.0.1 TCP_MISS/200 3045 GET cache_object://localhost/info - NONE/- text/plain
1343087053.372      0 127.0.0.1 TCP_MISS/200 3047 GET cache_object://localhost/info - NONE/- text/plain



dan berikut ini hasil check "cache.log"

Code: Select all

2012/07/24 07:43:05|         0 Objects expired.
2012/07/24 07:43:05|         0 Objects cancelled.
2012/07/24 07:43:05|         0 Duplicate URLs purged.
2012/07/24 07:43:05|         0 Swapfile clashes avoided.
2012/07/24 07:43:05|   Took 0.05 seconds (  0.00 objects/sec).
2012/07/24 07:43:05| Beginning Validation Procedure
2012/07/24 07:43:05|   Completed Validation Procedure
2012/07/24 07:43:05|   Validated 25 Entries
2012/07/24 07:43:05|   store_swap_size = 0
2012/07/24 07:43:06| storeLateRelease: released 0 objects



dan berikut ini settingan di mikrotik

Code: Select all

/ip firewall nat

add action=dst-nat chain=dstnat comment=DNS disabled=no dst-port=53 protocol=\
    udp to-addresses=192.168.100.254 to-ports=53
add action=dst-nat chain=dstnat comment="Proxy External to Squid" disabled=no \
    dst-address-list=ip-proxy dst-port=80-85,8080,3128 in-interface=\
    ether5-lan protocol=tcp src-address-list=ip-local to-addresses=\
    192.168.66.222 to-ports=3128
add action=dst-nat chain=dstnat comment=SSH disabled=no dst-address-list=\
    ip-proxy dst-port=22 protocol=tcp src-address-list=local to-addresses=\
    192.168.66.222 to-ports=22
add action=dst-nat chain=dstnat comment=webmin disabled=no dst-address-list=\
    ip-proxy dst-port=26564 protocol=tcp src-address-list=local to-addresses=\
    192.168.66.222 to-ports=26564
add action=src-nat chain=srcnat comment="NAT To Hardware" disabled=no \
    dst-address=192.168.100.0/24 to-addresses=192.168.100.253
add action=src-nat chain=srcnat disabled=no dst-address=192.168.200.0/24 \
    dst-address-list=ip-proxy to-addresses=192.168.66.222
add action=masquerade chain=srcnat comment="Output Connection" disabled=no \
    out-interface=ether3-browsing
add action=masquerade chain=srcnat disabled=no out-interface=ether3-browsing \
    routing-mark=browsing
add action=masquerade chain=srcnat disabled=no out-interface=ether4-proxy \
    routing-mark=proxy
add action=masquerade chain=srcnat disabled=no out-interface=ether5-lan





[color:#3366FF]sepertinya permasalahannya ada di iptables squid

Kemungkinan :(
mohon pencerahannya para sesepuh

Terima kasih :)[/color]
User avatar
GongLang
Posts: 93
Joined: 20 Jul 2012, 19:55
Location: PematangSiantar
Contact:

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby GongLang » 02 Aug 2012, 02:34

Bro ...
Helep dunk ...
Squid sudah bisa bekerja dengan sempurna
akan tetapi, jika di check Access log nya ...
kok malah yang terekam hanya dari IP Gateway nya Mikrotik aja yah
Sedangkan Client yang mengakses nya ... IP malah tidak kelihatan sama sekali

apakah ada yang salah di setting ???
Berikut ini penampakan dari "access.log" squid3

Code: Select all


02/Aug/2012:02:40:29 +0700    182 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:29 +0700    179 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:37 +0700  50119 192.168.66.254 TCP_MISS/200 1584 GET http://0-149.channel.facebook.com/pull? - DIRECT/66.220.151.80 application/json
02/Aug/2012:02:40:40 +0700    178 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    855 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    190 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    175 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    171 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml




Mohon pencerahan para sesepuh diatas

Terima Kasih
User avatar
peiks
Posts: 5
Joined: 10 Sep 2012, 15:11

Re: BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Postby peiks » 13 Sep 2012, 00:15

salam kenal sma gan...
apakah ip public yg ada di modem defaul itu bsa di rubah atau emg paten ya?maklm pemula gan....

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 2 guests