Nubie mencoba Squid (Proxy)

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Nubie mencoba Squid (Proxy)

Postby Furqon » 02 Apr 2011, 22:16

Para mastah2 ubuntu server saya mau tny nih ane punya topologi kek gni

Internet
|
Modem ip lokal 10.x.x.x
|
|eth1 10.x.x.x
Server gateway&Proxy(ubuntu 10.04LTS)
|eth0 172.20.2.1/22 lokal
|
---------switch/hub-----------
komp client 172.20.2.10-20/22 mikrotik wifi 172.20.2.2/22

Sebelumnya saya cri ref di inet cara instal & config squid di ubuntu 10.04 LTS setelah cri sana-sini akhirnya saia coba ngoprek squidnya berikut isi nya:

http_port 3128 transparent
icp_port 3130
prefer_direct off
cache_mem 200 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 1024 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 bytes
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /home/proxy1 9000 32 128
cache_dir aufs /home/proxy2 9000 32 128
cache_dir aufs /home/proxy3 9000 32 128
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-nocache
ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache
ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache
ignore-private
refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
refresh_pattern . 0 20% 4320
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY
snmp_port 3401
acl snmpsquid snmp_community public
snmp_access allow snmpsquid localhost
snmp_access deny all
acl furqon src 172.20.2.1/22
http_access allow furqon
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow furqon
icp_access allow localhost
icp_access deny all
always_direct deny all

cache_mgr muslich.furqon@gmail.com
cachemgr_passwd 123 all
visible_hostname administrator
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14

setelah itu saya masukkan rule iptablesnya
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80 -j REDIRECT --to-ports 3128

setelah itu saya coba buka browser kok ERROR THE REQUEST URL COULD NOT BE RETRIVED di bawah sendiri ada tulisan
*Missing or unknown request method
*Mising URL
*Missing HTTP Identifier
*Request Too Large
*Content Length Missing for post or put request
*Ilegal Character in hostname bla..bla..bla

Tp klo saya hapus rulenya lancar jaya tp percuma port 80 ga bs redirect ke 3128

yang saya tanyakan simpel,kesalahan squid saya ada dmn?
:confused:
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 02 Apr 2011, 23:08

mencoba membantu, mgkn routingnya begini:
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -m udp --dport 80 -j REDIRECT --to-ports 3128
eth0 diganti eth1 krn eth1 mengarah ke modem.
sebgai tambahan(bisa dipake bisa tidak), cache_mem terlalu besar bos, kasihan memorynya, oya modemnya mode bridge kan?
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby Furqon » 02 Apr 2011, 23:28

Thanks to sodara yudiarbi atas responnya :) mksd sodara coba diganti eth1 ya trus rule yg lama delete? idealnya mem_cachenya di kasih brp klo memory 1G? saya baca di kasih 1/3 dr size memory yg g ke pake.modemnya adsl jd mode PPOE.
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 03 Apr 2011, 02:37

Furqon wrote:Thanks to sodara yudiarbi atas responnya :) mksd sodara coba diganti eth1 ya trus rule yg lama delete? idealnya mem_cachenya di kasih brp klo memory 1G? saya baca di kasih 1/3 dr size memory yg g ke pake.modemnya adsl jd mode PPOE.

bnr rule yg sblme didelete aj, krn yg lama meredirect yg dr eth0 padahal eth0nya dr topologi punya bos furqon adalah milik lokal, ksh aj cache nya 8mb aj, biar selebihnya hardisknya yg kerja, jd memorynya bs untuk yg lain, kl saya mode modem biasanya bridge, jd biar server yg manage...
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby Furqon » 03 Apr 2011, 16:03

yudiarbi wrote:
Furqon wrote:Thanks to sodara yudiarbi atas responnya :) mksd sodara coba diganti eth1 ya trus rule yg lama delete? idealnya mem_cachenya di kasih brp klo memory 1G? saya baca di kasih 1/3 dr size memory yg g ke pake.modemnya adsl jd mode PPOE.

bnr rule yg sblme didelete aj, krn yg lama meredirect yg dr eth0 padahal eth0nya dr topologi punya bos furqon adalah milik lokal, ksh aj cache nya 8mb aj, biar selebihnya hardisknya yg kerja, jd memorynya bs untuk yg lain, kl saya mode modem biasanya bridge, jd biar server yg manage...

udah saya coba ganti rule-nya & mem_cachenya jd 8MB kok tetep ga bs ya????error nya sama :cry: di modem apakah mode bridgenya harus diganti jg.....??? kyknya g perlu y :). gmn nih ???
User avatar
MasDjo
Posts: 1260
Joined: 03 Jan 2010, 17:38
Location: Bayuangga City
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby MasDjo » 03 Apr 2011, 19:40

yudiarbi wrote:eth0 diganti eth1 krn eth1 mengarah ke modem

Justru yg benar adalah yg mengarah ke LAN (switch) dlm hal ini bro furqon memakai eth0.
Dan jangan lupa ip forward agar bisa sharing internet, kira2 sbb (dimasukkan pada /etc/rc.local):

Code: Select all

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

Edit /etc/sysctl.conf, hilangkan tanda pagar pada baris :
# net.ipv4.ip_forward=1
Terakhir, reboot server.
Kalau kurang jelas bisa mengikuti primbon berikut :D :
Tutorial Lengkap Ubuntu Server by Opik
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 03 Apr 2011, 19:48

maaf bos djo, bukanne menggurui, dr yg aq bACA topologi bro furqon, eth1 nya itu dari modem, kl preroutingnya ke eth0, masak yg dr lan lewat port proxy dulu?bukane dr modem lewat proxy br dikasihkan ke client yg dlm hal ini dr modem eth1?
jd misal client request, oleh server di routing dulu, kl gak ad di proxy dia minta modem, belok proxy untuk di cache, jd yg di cache adlh dr modem, bkn dr client, sekali lagi mohon maaf bukannya menggurui, kita sekedar sharing....
hehe, primbonnya sama bos djo, tuh punya opikdesign, topologinya yg eth0 mengarah modem, makanya yg dirouting yg dari modem... :D
User avatar
MasDjo
Posts: 1260
Joined: 03 Jan 2010, 17:38
Location: Bayuangga City
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby MasDjo » 03 Apr 2011, 20:17

Wah..ketemu master bos.... :jadi malu:
Tapi kok aneh ya bos yudi, jika saya memakai eth1 (yg ke modem) justru proxynya gak berfungsi, alias gak nge hit sama sekali alias seperti direct ke internet tanpa cache .
Apakah karena pengaruh modem ? Saya memakai dial modem bukan dial dari server (ppp0) kan forwarding saya dari eth1 (lancard yg mengarah ke modem) .... perlu ngoprek lagi ini :grin:
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 03 Apr 2011, 20:51

maaf bos djo, newbie juga bos saya, salam kenal, kl mode pppoe coba sama2 ngecek ya master masdjo konfigurasi interfacesnya, biasane di posisi gateway itu berpengaruh di routingnya, itu setahuq bos djo.....
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby Furqon » 03 Apr 2011, 21:33

Jadi blm ada solvenya ya... :confused: :confused:
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 04 Apr 2011, 08:46

Furqon wrote:Jadi blm ada solvenya ya... :confused: :confused:
loh kok bisa bos?kan ud ad jawabannya di atas, coba cek satu2 reply2 di atas...
User avatar
MasDjo
Posts: 1260
Joined: 03 Jan 2010, 17:38
Location: Bayuangga City
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby MasDjo » 04 Apr 2011, 09:59

Kalo pake modem mode bridge, pake solusinya bro Yudiarbi
Kalo pake modem mode PPPoE (modem sbg router + dhcp server) coba pakai cara saya ... :grin:
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 04 Apr 2011, 11:43

mantap master masdjo....
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby Furqon » 04 Apr 2011, 14:07

Ane pake sebagai router & DHCP berarti pakai cara mastah MasDjo....
User avatar
MasDjo
Posts: 1260
Joined: 03 Jan 2010, 17:38
Location: Bayuangga City
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby MasDjo » 04 Apr 2011, 20:05

Berarti kalo tidak mode bridge NAT nya jadi :

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 04 Apr 2011, 20:29

MasDjo wrote:Berarti kalo tidak mode bridge NAT nya jadi :

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

seep n mantap, yg bisa diartikan, routingkan langsung semua paket ke eth1 yg dlm hal ini ke modem....
untuk proxynya

Code: Select all

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

yang diartikan
belokkan dari eth1 sebelum ke lokal semua paket tcp dari port 80 ke port 3128 milik proxy
User avatar
ilham2930
Posts: 1123
Joined: 02 Jan 2010, 19:30
Location: /indonesia/tangerang/bonank_city
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby ilham2930 » 05 Apr 2011, 10:05

klo ane pake modem di bridge + mikrotik untuk routernya, jadi untuk topik ini...
ijin nyimak aja ya..!!
User avatar
Furqon
Posts: 6
Joined: 02 Apr 2011, 20:24
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby Furqon » 05 Apr 2011, 14:56

Ane mau lapor nih hingga saat ini squid masih blm bs jalan paka cara MasDjo. ane ngikuti cara om Opik tp ane gagal pas ngasih permission cache proxy1,2,3 pake chown kira2 knp ya? klo ane masuk /home/proxy ga ada & tolong dikoreksi barangkali ada yg kurang dari list squid ane yg di atas. :confused:
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby zitux » 07 Apr 2011, 16:01

pesan gagal nya mas ?

apakah proxy1,2,3 sudah ada di /home/proxy

ls /home/proxy

atau ls /home

?

klo belum coba dimount dulu :)
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Nubie mencoba Squid (Proxy)

Postby yudiarbi » 07 Apr 2011, 21:36

Furqon wrote:Ane mau lapor nih hingga saat ini squid masih blm bs jalan paka cara MasDjo. ane ngikuti cara om Opik tp ane gagal pas ngasih permission cache proxy1,2,3 pake chown kira2 knp ya? klo ane masuk /home/proxy ga ada & tolong dikoreksi barangkali ada yg kurang dari list squid ane yg di atas. :confused:

gagal ngasih permision?gmn pesannya bos?untuk iptables kl pake cara saya gmn?

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 6 guests