ports 443 dan https di squid

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

ports 443 dan https di squid

Postby sipelaut » 30 Oct 2010, 15:10

salam
baru nerapin transparent proxy di kantor
kok squidku gak bisa-bisa lewatin https ??
login facebook dan gmail jadi susah masuknya!!!
bisa tolong dibantu para master-master semuanya

berikut hasil copas dari squid saya..
==========================================================
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.0.0/255.255.255.0
#acl ip-porn dst "/etc/squid/acl/ip-porn.txt"
acl Safe_ports port 443 #https
acl SSL_ports port 443 #https
acl Safe_ports port 80 # http
acl safe_ports port 666
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 631 # cups
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 5050 # yahoo Messanger
acl Safe_ports port 23 # yahoo Messanger
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow CONNECT SSL_ports
#http_access deny !Safe_ports
http_access deny !Safe_ports
#http_access deny CONNECT SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access allow all
http_reply_access allow all
cache_mgr muammalhamidy@gmail.com
visible_hostname umum.net.id
unique_hostname KOMANDANSIPELAUT
hostname_aliases umum.net
cache deny QUERY all manager localhost to_localhost localnet
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
========================================================================
kira2 apanya yg salah yaa di configurasi SSL saya
mohon bantuannya para master sekalian
makasih sebelumnya
wassalam
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: ports 443 dan https di squid

Postby zitux » 30 Oct 2010, 16:51

pernah ngalamin tp lupa diapain kemaren :grin:
User avatar
hendraone007
Posts: 6
Joined: 05 Oct 2010, 20:33

Re: ports 443 dan https di squid

Postby hendraone007 » 30 Oct 2010, 18:38

kok g ada baris http_port ya? cuma sebagian ya, bro.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 30 Oct 2010, 19:43

zitux wrote:pernah ngalamin tp lupa diapain kemaren

wedeww... tolong dong broo zitux... di inget-inget lagi... cos butuh bangatt nichh... dikantor pada rame...
nama baik saya ditangan anda broo... :)

hendraone007 wrote:kok g ada baris http_port ya? cuma sebagian ya, bro.

iya saya hanya copas squid saya sebagian nichh
tapi...
bisa diperjelas lgi broo...
http_port yg seperti apa
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: ports 443 dan https di squid

Postby zitux » 30 Oct 2010, 23:04

hehe.. bener lupa om :(
yg jelas backup squid.conf sekarang
coba paste dgn squid.conf yg baru / standar harus nya dah bisa
Tampilkan
# Rules: Safe Port
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 22 53 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

klo dah jalan https nya baru diedit 1 1 :grin:
cukuplha 1 malam buat cari2 masalah nya ..bini ngalah dulu :grin:
piss... :grin:
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 30 Oct 2010, 23:28

wow.. mantaff aku malah baru tau nichh.. klo port 563 873 ini secure hee.... maklum nubie
makasih broo... saya coba dolo
sampek lupa saya menggunakan squid 2.6 stable untuk mesin ubuntu 8.04 server
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 01 Nov 2010, 07:58

masih belum bisa broo....
tetep gak mau konek ke facebook sama gmail
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: ports 443 dan https di squid

Postby zitux » 01 Nov 2010, 12:42

bener2 lupa om :(
mungkin sedikit membantu
http://forums.fedoraforum.org/showthread.php?t=202612
http://opensource.telkomspeedy.com/foru ... hp?id=9897
http://stackoverflow.com/questions/2601 ... sing-squid
dari diskusi diatas kyknya juga berhubungan dgn iptables om
ditelusuri aja pelan jgn lupa backup :grin:
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 01 Nov 2010, 14:56

zitux wrote:bener2 lupa om :(
mungkin sedikit membantu
http://forums.fedoraforum.org/showthread.php?t=202612
http://opensource.telkomspeedy.com/foru ... hp?id=9897
http://stackoverflow.com/questions/2601 ... sing-squid
dari diskusi diatas kyknya juga berhubungan dgn iptables om
ditelusuri aja pelan jgn lupa backup :grin:

masih gak bisa broo...
udah coba iptablesnya
tapi malah gak bisa konek
berikut reportnya
root@umum:~#iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.1:3128
root@umum:~#iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.11.1:3128
root@umum:~#iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
root@umum:~#iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
root@umum:~#iptables -t filter -A FORWARD -i eth1 -p tcp --dport 443 -j ACCEPT
root@umum:~#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.1

setelah saya jalankan malah tidak bisa konek sama sekali
kayaknya masalahnya ada di iptables yg ini
root@umum:~#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.1


hasil iptable saya
root@umum:~# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 24890 packets, 2110K bytes)
pkts bytes target prot opt in out source destination
386 18596 DNAT tcp -- eth1 any anywhere anywhere tcp dpt:www to:192.168.10.1:3128
0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:www redir ports 3128

Chain POSTROUTING (policy ACCEPT 137K packets, 9517K bytes)
pkts bytes target prot opt in out source destination
1488 103K SNAT all -- any eth0 anywhere anywhere to:192.168.10.1

Chain OUTPUT (policy ACCEPT 138K packets, 9585K bytes)
pkts bytes target prot opt in out source destination
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: ports 443 dan https di squid

Postby zitux » 01 Nov 2010, 15:11

binun dah
ini squid saya lengkap

Tampilkan
#################################################################
# Port
http_port 3128 transparent
server_http11 on
icp_port 3130
prefer_direct off
#################################################################
# Cache & Object
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#################################################################
# cache_dir
cache_dir aufs /home/proxy1 5000 12 256
cache_dir aufs /home/proxy2 5000 12 256
cache_dir aufs /home/proxy3 5000 12 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
#################################################################
# Rules: Safe Port
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 22 53 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl Safe_ports port 101 # slm
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
#################################################################
# Refresh Pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
#################################################################
# HAVP + Clamav
#cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
#################################################################
# HIERARCHY (BYPASS CGI)
#hierarchy_stoplist cgi-bin ? .js .jsp
#acl QUERY urlpath_regex cgi-bin \? .js .jsp
#no_cache deny QUERY
#################################################################
# SNMP
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
#################################################################
# ALLOWED ACCESS
acl zitux src 192.168.2.0/24
acl Jam_blokir time MTWHFA 09:03-17:00
acl pornos url_regex -i "/etc/squid/porno.txt"
http_access deny zitux pornos Jam_blokir
http_access allow zitux
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow zitux
icp_access allow localhost
icp_access deny all
always_direct deny all
#################################################################
# Cache CGI & Administrative
cache_mgr th@opikdesign.com
cachemgr_passwd 123 all
visible_hostname dns.zitux.net
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14
#################################################################
# Marking ZPH for b/w management
zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136


iptables.sav
Tampilkan
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*nat
:PREROUTING ACCEPT [121:7527]
:POSTROUTING ACCEPT [34:2765]
:OUTPUT ACCEPT [95:7583]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth2 -p tcp -m tcp --dport 101 -j DNAT --to-destination 192.168.2.4:101
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50 -j DNAT --to-destination 192.168.2.4:50
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Wed Aug 4 03:09:33 2010
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*filter
:INPUT ACCEPT [2318:262002]
:FORWARD ACCEPT [190:33499]
:OUTPUT ACCEPT [986:333084]
COMMIT
# Completed on Wed Aug 4 03:09:33 2010
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*mangle
:PREROUTING ACCEPT [2518:296533]
:INPUT ACCEPT [2320:262311]
:FORWARD ACCEPT [198:34222]
:OUTPUT ACCEPT [987:333162]
:POSTROUTING ACCEPT [1203:370822]
-A FORWARD -d 192.168.2.0/24 -o eth2 -p tcp -m multiport --dports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A FORWARD -s 192.168.2.0/24 -o eth2 -p tcp -m multiport --sports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A FORWARD -m tos --tos 0x04/0xff -j MARK --set-xmark 0x4/0xffffffff
-A OUTPUT -m tos --tos 0x04/0x3f -j MARK --set-xmark 0x4/0xffffffff
-A POSTROUTING -d 192.168.2.0/24 -o eth2 -p tcp -m multiport --dports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A POSTROUTING -s 192.168.2.0/24 -o eth2 -p tcp -m multiport --sports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A POSTROUTING -m tos --tos 0x04/0xff -j MARK --set-xmark 0x4/0xffffffff
COMMIT
# Completed on Wed Aug 4 03:09:33 2010


malah ndak nyenggol 443
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 01 Nov 2010, 19:52

iptables.sav
Tampilkan
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*nat
:PREROUTING ACCEPT [121:7527]
:POSTROUTING ACCEPT [34:2765]
:OUTPUT ACCEPT [95:7583]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth2 -p tcp -m tcp --dport 101 -j DNAT --to-destination 192.168.2.4:101
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50 -j DNAT --to-destination 192.168.2.4:50
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Wed Aug 4 03:09:33 2010
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*filter
:INPUT ACCEPT [2318:262002]
:FORWARD ACCEPT [190:33499]
:OUTPUT ACCEPT [986:333084]
COMMIT
# Completed on Wed Aug 4 03:09:33 2010
# Generated by iptables-save v1.4.4 on Wed Aug 4 03:09:33 2010
*mangle
:PREROUTING ACCEPT [2518:296533]
:INPUT ACCEPT [2320:262311]
:FORWARD ACCEPT [198:34222]
:OUTPUT ACCEPT [987:333162]
:POSTROUTING ACCEPT [1203:370822]
-A FORWARD -d 192.168.2.0/24 -o eth2 -p tcp -m multiport --dports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A FORWARD -s 192.168.2.0/24 -o eth2 -p tcp -m multiport --sports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A FORWARD -m tos --tos 0x04/0xff -j MARK --set-xmark 0x4/0xffffffff
-A OUTPUT -m tos --tos 0x04/0x3f -j MARK --set-xmark 0x4/0xffffffff
-A POSTROUTING -d 192.168.2.0/24 -o eth2 -p tcp -m multiport --dports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A POSTROUTING -s 192.168.2.0/24 -o eth2 -p tcp -m multiport --sports 22,135,137,138,139,445 -j MARK --set-xmark 0x10/0xffffffff
-A POSTROUTING -m tos --tos 0x04/0xff -j MARK --set-xmark 0x4/0xffffffff
COMMIT
# Completed on Wed Aug 4 03:09:33 2010


malah ndak nyenggol 443 [/quote]

bagian ini jalaninnya kayak gimana broo...
jadi bingung :)
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: ports 443 dan https di squid

Postby zitux » 01 Nov 2010, 20:45

cuma buat wacana aja om.. beda server kan beda fungsi jelas beda konfig.. dgn konfig sperti itu https udah bisa dibuka...

maksutnya jalanin ??cara liat nya toh ?

cat /etc/iptables.sav
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 16 Nov 2010, 21:24

akhirnya setelah googling sana-sini dapet script ini

============
#!/bin/sh
# ----------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# ----------------------------------
# IP Address Squid Server
SQUID_SERVER="192.168.10.1"
# Interface Proxy server yang terhubung ke Internet
INTERNET="eth0"
# Interface Proxy server Yang terhubung ke LAN
LAN_IN="eth1"
# Port SQUID
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
===============

saya simpan dengan nama proxy_gue.sh
cuman masih bingung nichh cara membuatnya jadi auto saat server di mattin lalu diidupin lagi
jadiinya tiap kali diidupin musti dipanggil dengan perintah ./proxy_gue
bisa gak file ini saya jadikan autostart
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: ports 443 dan https di squid

Postby Rh354 » 17 Nov 2010, 12:52

sipelaut wrote:akhirnya setelah googling sana-sini dapet script ini

============
#!/bin/sh
# ----------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-set ... howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# ----------------------------------
# IP Address Squid Server
SQUID_SERVER="192.168.10.1"
# Interface Proxy server yang terhubung ke Internet
INTERNET="eth0"
# Interface Proxy server Yang terhubung ke LAN
LAN_IN="eth1"
# Port SQUID
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
===============

saya simpan dengan nama proxy_gue.sh
cuman masih bingung nichh cara membuatnya jadi auto saat server di mattin lalu diidupin lagi
jadiinya tiap kali diidupin musti dipanggil dengan perintah ./proxy_gue
bisa gak file ini saya jadikan autostart


taruh skripnya di direktori /etc/ini.d/

buat executable

Code: Select all

sudo chmod +x /etc/init.d/proxy_gue.sh


buat biar startup saat booting

Code: Select all

sudo update-rc.d proxy_gue.sh defaults


note :

opsi default membuat skrip ditaruh di runlevels 2, 3, 4 dan 5 pada saat booting lalu stop di runlevels 0, 1 dan 6 pada saat shutdown
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 17 Nov 2010, 13:08

tengkyu broo... langsung dicoba

lalu untuk yg ini
Rh354 wrote:opsi default membuat skrip ditaruh di runlevels 2, 3, 4 dan 5 pada saat booting lalu stop di runlevels 0, 1 dan 6 pada saat shutdown

maksudnya gimana broo...."runlevels 2, 3, 4 dan 5"
lalu "stop runlevel di 0, 1 dan 6 pada saat sutdown"
jelasin dongg...!!???
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: ports 443 dan https di squid

Postby Rh354 » 17 Nov 2010, 13:22

sipelaut wrote:tengkyu broo... langsung dicoba

lalu untuk yg ini
Rh354 wrote:opsi default membuat skrip ditaruh di runlevels 2, 3, 4 dan 5 pada saat booting lalu stop di runlevels 0, 1 dan 6 pada saat shutdown

maksudnya gimana broo...."runlevels 2, 3, 4 dan 5"
lalu "stop runlevel di 0, 1 dan 6 pada saat sutdown"
jelasin dongg...!!???


sudo update-rc.d proxy_gue.sh defaults

perhatikan yg gw bold jadi secara defaults ntar skrip tersebut ada di runlevel 2,3,4 dan 5

ni ada bacaan ringan

Code: Select all

http://en.wikipedia.org/wiki/Runlevel
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 22 Nov 2010, 13:47

tanyak lagi mas...
klo nanti saya edit filenya gimana mas...
apakah harus saya chmod lagi,
trus....
misalkan perintah ini udah berjalan lalu suatu saat akan saya batalkan apakah tinggal menghapus file tersebut
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: ports 443 dan https di squid

Postby Rh354 » 23 Nov 2010, 19:49

sipelaut wrote:tanyak lagi mas...
klo nanti saya edit filenya gimana mas...
apakah harus saya chmod lagi,
trus....
misalkan perintah ini udah berjalan lalu suatu saat akan saya batalkan apakah tinggal menghapus file tersebut
biar gampang instal rcconf

sudo apt-get install rcconf


cari scriptnya lalu hilangkan tanda "*" dengan tekan spasi..done...klo udah bs di remove scriptnya dengan aman :D

sudo rcconf
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: ports 443 dan https di squid

Postby sipelaut » 24 Nov 2010, 09:02

it's work...
oke mas makasih ilmunya bekerja dengan sukses.
btw... klo yang anda kasih kan cara guampangnya..

klo cara sulitnya ada gak mas....
pengen tau juga nichhh... :)
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: ports 443 dan https di squid

Postby Rh354 » 27 Nov 2010, 22:27

ni contohnya

Mengatur Run Level Default
Secara Default, Run Level standar di Ubuntu adalah 2, untuk menggantinya menjadi Run Level lain edit file /etc/event.d/rc-default, kemudian cari tulisan �telinit 2? Coba kita misalkan kita ingin runlevel defaul menjadi ke 3 (modus teks non GUI). Ganti telinit 2 menjadi telinit 3

Tampilkan
# rc � runlevel compatibility
#
# This task guesses what the �default runlevel� should be and starts the
# appropriate script.

start on stopped rcS

script
runlevel �reboot || true

if grep -q -w � �-s\|single\|S� /proc/cmdline; then
telinit S
elif [ -r /etc/inittab ]; then
RL=�$(sed -n -e �/^id:[0-9]*:initdefault:/{s/^id://;s/:.*//;p}� /etc/inittab || true)�
if [ -n "$RL" ]; then
telinit $RL
else
telinit 2
fi
else
telinit 2
fi
end script

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 1 guest