(ask) blok akses dg ACL squid & IPtables via Vbox

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

(ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 05 Jul 2010, 03:34

maz mau tanya gimana cara blokir akses client menggunakan proxy squid dengan acl dan iptables??
disini Qcb menggunakan vbox dimana nanti client pura2nya berada (win$)
interface ubuntu = ppp0
squid server = 192.168.1.1
squid port = 3128
name host only adapter di Vbox = vboxnet0

host only network nya :

IPv4 Adress = 192.168.1.1
IPv4 Network Mask = 255.555.555.0

untuk setting eth0 di Vbox :
IP = 192.168.1.2
netmask = 255.255.255.0
gateway = 192.168.1.1
DNS = 8.8.8.8 8.8.4.4 (sama dg dns di squid.conf)

untuk acl di squid.conf cm saya tambahkan sebagai cb cb:
acl lan src 192.168.1.0/24
acl block dstdomain .youtube.com .facebook.com .friendster.com

http_access allow lan
http_access deny block
http_access deny all

untuk iptablesnya :

Code: Select all

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface vboxnet0 -j ACCEPT
iptables -A INPUT -i vboxnet0 -j ACCEPT
iptables -A OUTPUT -o vboxnet0 -j ACCEPT
iptables -t nat -A PREROUTING -i vboxnet0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

pas Q cb akses youtube.com di vbox malah g keblok maz begitu juga facebook.com & friendster.com ..malahan bisa browsing dg ACL yg Q blok di squid.conf
ak cek log squid nya sih jalan pas browsing di Vbox
(tidak ada error pas instalasi maupun konfigurasi squid di ubuntu)

bisakah IPtables diatur menggunakan module --string untuk memblok akses client dalam hal ini di Vbox ??
misal konfigurasi IPtables di ubuntu nya:

Code: Select all

iptables -A INPUT -m string --algo kmp --string youtube -j REJECT
iptables -A FORWARD -m string --algo kmp --string youtube -j REJECT

iptables -A INPUT -m string --algo kmp --string Youtube -j REJECT
iptables -A FORWARD -m string --algo kmp --string Youtube -j REJECT


kira kira yg kurang / salah di mana ya maz?maklum baru belajar....
seblum nya trimakasih... .
User avatar
ninja
Posts: 2260
Joined: 27 Jan 2010, 16:23
Location: Tangerang, Banten, indonesia
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby ninja » 05 Jul 2010, 04:47

newbie izin nyimak dolo...
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby Rh354 » 05 Jul 2010, 19:15

ijin menyimak sis
User avatar
belajarlinux
Posts: 64
Joined: 30 Jun 2010, 01:18

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby belajarlinux » 06 Jul 2010, 04:12

waduh... ane terlalu newbie gan... :D
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 06 Jul 2010, 06:33

udah bisa maz ternyata di ACL squid nya yg bermasalah,,
bisanya dijadikan list bukan domain

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl
http_access deny blocklist


(http_access deny blocklist ak letakkan di atas http_access allow manager localhost)

hasilnya :
Tampilkan
[img:left]http://img180.imageshack.us/img180/7526/screenshot1i.png[/img]
:grin: Tq maz semua nya .. .
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby Rh354 » 07 Jul 2010, 11:09

bukannya dari dl emang di list yak di acl :D
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 07 Jul 2010, 19:51

kl penulisannya di squid.conf gini :
acl block dstdomain .youtube.com .facebook.com .friendster.com g bisa ngeblok di client (vbox)
tapi kl di buat list
acl blocklist url_regex -i "/etc/squid/blocklist.acl >> bisa
sebelumnya ku cb juga dengan
acl blocklist url_regex -i "/etc/squid/blocklist.txt >> g mau

:confused:
User avatar
thrvers
Posts: 4458
Joined: 01 Jan 2010, 13:28
Location: Jombang, Indonesia
Contact:

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby thrvers » 07 Jul 2010, 20:11

'
kok aneh sis??
dah coba cek squid.conf abis ubah2 tu setting:
$ sudo squid -k parse

ada error2 nda ato cman warning :confused:
User avatar
amanda
Posts: 203
Joined: 22 May 2010, 02:35

Re: (ask) blok akses dg ACL squid & IPtables via Vbox

Postby amanda » 07 Jul 2010, 20:31

udah , g ada error nya ky nya

Code: Select all

2010/07/07 19:26:38| Starting Squid Cache version 2.7.STABLE9 for i386-debian-linux-gnu...
2010/07/07 19:26:38| Process ID 2986
2010/07/07 19:26:38| With 1024 file descriptors available
2010/07/07 19:26:38| Using epoll for the IO loop
2010/07/07 19:26:38| DNS Socket created at 0.0.0.0, port 38453, FD 6
2010/07/07 19:26:38| Adding nameserver 180.131.144.144 from squid.conf
2010/07/07 19:26:38| Adding nameserver 180.131.144.145 from squid.conf
2010/07/07 19:26:38| helperOpenServers: Starting 7 'storeurl-ubuntu.pl' processes
2010/07/07 19:26:38| logfileOpen: opening log /cache/access.log
2010/07/07 19:26:38| Swap maxSize 4096000 + 6144 KB, estimated 315549 objects
2010/07/07 19:26:38| Target number of buckets: 15777
2010/07/07 19:26:38| Using 16384 Store buckets
2010/07/07 19:26:38| Max Mem  size: 6144 KB
2010/07/07 19:26:38| Max Swap size: 4096000 KB
2010/07/07 19:26:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/07/07 19:26:38| Store logging disabled
2010/07/07 19:26:38| Rebuilding storage in /cache (CLEAN)
2010/07/07 19:26:38| Using Least Load store dir selection
2010/07/07 19:26:38| Current Directory is /
2010/07/07 19:26:38| Loaded Icons.
2010/07/07 19:26:38| Accepting transparently proxied HTTP connections at 192.168.1.1, port 3128, FD 19.
2010/07/07 19:26:38| HTCP Disabled.
2010/07/07 19:26:38| WCCP Disabled.
2010/07/07 19:26:38| Ready to serve requests.
2010/07/07 19:26:38| Store rebuilding is 24.7% complete
2010/07/07 19:26:39| Done reading /cache swaplog (16602 entries)
2010/07/07 19:26:39| Finished rebuilding storage from disk.
2010/07/07 19:26:39|     16602 Entries scanned
2010/07/07 19:26:39|         0 Invalid entries.
2010/07/07 19:26:39|         0 With invalid flags.
2010/07/07 19:26:39|     16602 Objects loaded.
2010/07/07 19:26:39|         0 Objects expired.
2010/07/07 19:26:39|         0 Objects cancelled.
2010/07/07 19:26:39|         0 Duplicate URLs purged.
2010/07/07 19:26:39|         0 Swapfile clashes avoided.
2010/07/07 19:26:39|   Took 0.6 seconds (30010.3 objects/sec).
2010/07/07 19:26:39| Beginning Validation Procedure
2010/07/07 19:26:39|   Completed Validation Procedure
2010/07/07 19:26:39|   Validated 16602 Entries
2010/07/07 19:26:39|   store_swap_size = 186848k
2010/07/07 19:26:39| storeLateRelease: released 0 objects..


penulisan acl juga dah ku cb dengan

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.txt"
http_access deny blocklist

dan

Code: Select all

acl blocklist url_regex "/etc/squid/blocklist.txt"
http_access deny blocklist


alhasil bisanya cm dengan :

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl
http_access deny blocklist


wew.. :confused:

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 2 guests