Network Kadang Salah Routing

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 12:27

Topologi :

Code: Select all

Modem Dsl (BRIDGE) ---> Hub
                         |
  192.168.100.100   192.168.100.253  192.168.100.xxx   192.168.100.xxx
     proxyserver      dnsServer         client1           client2


isi ip tables :
=============================================

Code: Select all

:INPUT ACCEPT [1716750:1128141527]
:FORWARD ACCEPT [265902:37739749]
:OUTPUT ACCEPT [2004537:1521630036]
:POSTROUTING ACCEPT [2270439:1559369785]
COMMIT
# Completed on Sat Oct  1 13:30:40 2011
# Generated by iptables-save v1.4.4 on Sat Oct  1 13:30:40 2011
*nat
:PREROUTING ACCEPT [61033:3188118]
:POSTROUTING ACCEPT [15466:1015749]
:OUTPUT ACCEPT [32224:2130430]
-A PREROUTING -d 192.168.100.100/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.100.0/24 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sat Oct  1 13:30:40 2011
# Generated by iptables-save v1.4.4 on Sat Oct  1 13:30:40 2011
*filter
:INPUT ACCEPT [490861:326331597]
:FORWARD ACCEPT [43458:6774636]
:OUTPUT ACCEPT [547756:387119642]
COMMIT
=============================================== end of iptables


Routing :

Code: Select all

root@ubuntu77:~# netstat -rN
Kernel IP routing table
Destination     Gateway   Genmask         Flags   MSS Window  irtt Iface
110.139.604.1   0.0.0.0   255.255.255.255 UH        0 0          0 ppp0
192.168.100.0   0.0.0.0   255.255.255.0   U         0 0          0 eth0
192.168.100.0   0.0.0.0   255.255.255.0   U         0 0          0 eth2
0.0.0.0         0.0.0.0   0.0.0.0         U         0 0          0 ppp0


Permasalahan :

untuk browsing di client koneksi http berjalan bagus baik tanpa proxy maupun di set proxy manual. tapi untuk koneksi https. tidak semua website bisa seperti halnya : login faceboook. Game poker zynga. tapi untuk email tidak ada masalah

adakah para suhu suhu disini yang bisa membantu saya
User avatar
danz0
Posts: 140
Joined: 19 Jan 2010, 12:37
Location: Suroboyo

Re: Network Kadang Salah Routing

Postby danz0 » 01 Oct 2011, 16:53

Kondisi https g bisa ktika pake proxy ato g?
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Re: Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 19:41

kalo di lepas mode bridge nya (gateway/dns kembali ke modem)..... semua terkoneksi bagus..... dalam masalah saya bukan hanya https....tetapi koneksi yg tidak menggunakan port 80 terkadang tidak bisa di routing.

Contohnya :
Buka aplikasi zynga poker tidak bisa jalan hanya sampai pada Loading Page animasi gambar hati 100%. setelah itu gak muncul apa2
Login Facebook terkadang tidak bisa
Game WoW juga cuman sampai di loading game...(login character bisa)
Tapi untuk email : (gmail/yahoo) tidak ada masalah
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Network Kadang Salah Routing

Postby yudiarbi » 01 Oct 2011, 20:34

ini mesin proxy dan dns tersendiri?
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Re: Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 23:59

Proxy dan DNS dalam 1 mesin......menggunakan 2 eth card : eth0 dan 2

berikut saya coba lagi menggunakan iptables yg berbeda hasilnya tetap sama :

Code: Select all


iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --flush
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.0/255.255.255.0 -d 0/0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80  -i eth0 -j DNAT --to-destination 192.168.100.253:3128
iptables -t nat -A PREROUTING -p tcp --dport 80  -i eth2 -j DNAT --to-destination 192.168.100.253:3128
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128


ISI FILE /etc/netwok/interface :

Code: Select all

# The loopback network interface
auto lo
iface lo inet loopback

  auto eth0
  iface eth0 inet static
  address 192.168.100.100
  netmask 255.255.255.0
  network 192.168.100.0
  broadcast 192.168.100.255

  auto eth2
  iface eth2 inet static
  address 192.168.100.253
  netmask 255.255.255.0

auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider


Setingan di Client :
Gateway : 192.168.100.100
DNS : 192.168.100.100

Berikut sebagian Konfigurasi Squid Saya (sya tdk lampirkan semua biar enak di cek)

Code: Select all

http_port 3128 transparent http11
server_http11 on
#http_port 3128 transparent
#server_http11 off
icp_port 0

visible_hostname proxy


log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off

# TAG: FTP section
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

# TAG: ACL Section
acl localnet src 192.168.0.0/16

uri_whitespace strip

#DNS NAMESERVER
dns_nameservers 127.0.0.1

cache_mem 4 MB
maximum_object_size_in_memory 600 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir   aufs   /cache1   12800   64   256
cache_dir   aufs   /cache2   12800   64   256


minimum_object_size 512 bytes
maximum_object_size 20 MB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# Setup some default acls

#Acl Jangan Cache for Web From localnet
acl localdestnet dst 192.168.100.0/24

always_direct allow localdestnet

acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet


# Default block all to be sure
http_access deny all
header_access X-Forwarded-For deny all

# TAG: ZPH
tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136


saya koreksi : Klo proxy di set manual login facebook bisa....tapi game poker tidak bisa. Demikian juga YM. Tapi untuk email tidak ada masalah Proxy di set manual/no proxy di client
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Network Kadang Salah Routing

Postby yudiarbi » 03 Oct 2011, 13:47

coba hapus semua iptables, dengan catatan mode modem adalah bridge
iptables diganti sbb :
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
bagian squid.conf :
http_port 3128 transparent
server_http11 on
trus di uncomment dulu bagian localdestnetnya
localdestnet ini local webserver ya?

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 3 guests