(ask) blok akses dg ACL squid & IPtables via Vbox

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

(ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 05 Jul 2010, 03:34

maz mau tanya gimana cara blokir akses client menggunakan proxy squid dengan acl dan iptables??
disini Qcb menggunakan vbox dimana nanti client pura2nya berada (win$)
interface ubuntu = ppp0
squid server = 192.168.1.1
squid port = 3128
name host only adapter di Vbox = vboxnet0

host only network nya :

IPv4 Adress = 192.168.1.1
IPv4 Network Mask = 255.555.555.0

untuk setting eth0 di Vbox :
IP = 192.168.1.2
netmask = 255.255.255.0
gateway = 192.168.1.1
DNS = 8.8.8.8 8.8.4.4 (sama dg dns di squid.conf)

untuk acl di squid.conf cm saya tambahkan sebagai cb cb:
acl lan src 192.168.1.0/24
acl block dstdomain .youtube.com .facebook.com .friendster.com

http_access allow lan
http_access deny block
http_access deny all

untuk iptablesnya :

Code: Select all

#!/bin/sh iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X echo "1" > /proc/sys/net/ipv4/ip_forward iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables --append FORWARD --in-interface vboxnet0 -j ACCEPT iptables -A INPUT -i vboxnet0 -j ACCEPT iptables -A OUTPUT -o vboxnet0 -j ACCEPT iptables -t nat -A PREROUTING -i vboxnet0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128 iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A INPUT -j LOG iptables -A INPUT -j DROP
pas Q cb akses youtube.com di vbox malah g keblok maz begitu juga facebook.com & friendster.com ..malahan bisa browsing dg ACL yg Q blok di squid.conf
ak cek log squid nya sih jalan pas browsing di Vbox
(tidak ada error pas instalasi maupun konfigurasi squid di ubuntu)

bisakah IPtables diatur menggunakan module --string untuk memblok akses client dalam hal ini di Vbox ??
misal konfigurasi IPtables di ubuntu nya:

Code: Select all

iptables -A INPUT -m string --algo kmp --string youtube -j REJECT iptables -A FORWARD -m string --algo kmp --string youtube -j REJECT iptables -A INPUT -m string --algo kmp --string Youtube -j REJECT iptables -A FORWARD -m string --algo kmp --string Youtube -j REJECT
kira kira yg kurang / salah di mana ya maz?maklum baru belajar....
seblum nya trimakasih... .
User avatar
ninja
Posts: 2260
Joined: 27 Jan 2010, 16:23
Location: Tangerang, Banten, indonesia
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby ninja » 05 Jul 2010, 04:47

newbie izin nyimak dolo...
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby Rh354 » 05 Jul 2010, 19:15

ijin menyimak sis
User avatar
belajarlinux
Posts: 64
Joined: 30 Jun 2010, 01:18

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby belajarlinux » 06 Jul 2010, 04:12

waduh... ane terlalu newbie gan... :D
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 06 Jul 2010, 06:33

udah bisa maz ternyata di ACL squid nya yg bermasalah,,
bisanya dijadikan list bukan domain

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl http_access deny blocklist
(http_access deny blocklist ak letakkan di atas http_access allow manager localhost)

hasilnya : [spoiler][img:left]http://img180.imageshack.us/img180/7526 ... shot1i.png[/img][/spoiler] :grin: Tq maz semua nya .. .
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby Rh354 » 07 Jul 2010, 11:09

bukannya dari dl emang di list yak di acl :D
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 07 Jul 2010, 19:51

kl penulisannya di squid.conf gini :
acl block dstdomain .youtube.com .facebook.com .friendster.com g bisa ngeblok di client (vbox)
tapi kl di buat list
acl blocklist url_regex -i "/etc/squid/blocklist.acl >> bisa
sebelumnya ku cb juga dengan
acl blocklist url_regex -i "/etc/squid/blocklist.txt >> g mau

:confused:
User avatar
thrvers
Posts: 4458
Joined: 01 Jan 2010, 13:28
Location: Jombang, Indonesia
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby thrvers » 07 Jul 2010, 20:11

'
kok aneh sis??
dah coba cek squid.conf abis ubah2 tu setting:
$ sudo squid -k parse

ada error2 nda ato cman warning :confused:
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 07 Jul 2010, 20:31

udah , g ada error nya ky nya

Code: Select all

2010/07/07 19:26:38| Starting Squid Cache version 2.7.STABLE9 for i386-debian-linux-gnu... 2010/07/07 19:26:38| Process ID 2986 2010/07/07 19:26:38| With 1024 file descriptors available 2010/07/07 19:26:38| Using epoll for the IO loop 2010/07/07 19:26:38| DNS Socket created at 0.0.0.0, port 38453, FD 6 2010/07/07 19:26:38| Adding nameserver 180.131.144.144 from squid.conf 2010/07/07 19:26:38| Adding nameserver 180.131.144.145 from squid.conf 2010/07/07 19:26:38| helperOpenServers: Starting 7 'storeurl-ubuntu.pl' processes 2010/07/07 19:26:38| logfileOpen: opening log /cache/access.log 2010/07/07 19:26:38| Swap maxSize 4096000 + 6144 KB, estimated 315549 objects 2010/07/07 19:26:38| Target number of buckets: 15777 2010/07/07 19:26:38| Using 16384 Store buckets 2010/07/07 19:26:38| Max Mem size: 6144 KB 2010/07/07 19:26:38| Max Swap size: 4096000 KB 2010/07/07 19:26:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2010/07/07 19:26:38| Store logging disabled 2010/07/07 19:26:38| Rebuilding storage in /cache (CLEAN) 2010/07/07 19:26:38| Using Least Load store dir selection 2010/07/07 19:26:38| Current Directory is / 2010/07/07 19:26:38| Loaded Icons. 2010/07/07 19:26:38| Accepting transparently proxied HTTP connections at 192.168.1.1, port 3128, FD 19. 2010/07/07 19:26:38| HTCP Disabled. 2010/07/07 19:26:38| WCCP Disabled. 2010/07/07 19:26:38| Ready to serve requests. 2010/07/07 19:26:38| Store rebuilding is 24.7% complete 2010/07/07 19:26:39| Done reading /cache swaplog (16602 entries) 2010/07/07 19:26:39| Finished rebuilding storage from disk. 2010/07/07 19:26:39| 16602 Entries scanned 2010/07/07 19:26:39| 0 Invalid entries. 2010/07/07 19:26:39| 0 With invalid flags. 2010/07/07 19:26:39| 16602 Objects loaded. 2010/07/07 19:26:39| 0 Objects expired. 2010/07/07 19:26:39| 0 Objects cancelled. 2010/07/07 19:26:39| 0 Duplicate URLs purged. 2010/07/07 19:26:39| 0 Swapfile clashes avoided. 2010/07/07 19:26:39| Took 0.6 seconds (30010.3 objects/sec). 2010/07/07 19:26:39| Beginning Validation Procedure 2010/07/07 19:26:39| Completed Validation Procedure 2010/07/07 19:26:39| Validated 16602 Entries 2010/07/07 19:26:39| store_swap_size = 186848k 2010/07/07 19:26:39| storeLateRelease: released 0 objects..
penulisan acl juga dah ku cb dengan

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.txt" http_access deny blocklist
dan

Code: Select all

acl blocklist url_regex "/etc/squid/blocklist.txt" http_access deny blocklist
alhasil bisanya cm dengan :

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl http_access deny blocklist
wew.. :confused:

Who is online

Users browsing this forum: No registered users and 30 guests