Network Kadang Salah Routing

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 12:27

Topologi :

Code: Select all

Modem Dsl (BRIDGE) ---> Hub | 192.168.100.100 192.168.100.253 192.168.100.xxx 192.168.100.xxx proxyserver dnsServer client1 client2
isi ip tables :
=============================================

Code: Select all

:INPUT ACCEPT [1716750:1128141527] :FORWARD ACCEPT [265902:37739749] :OUTPUT ACCEPT [2004537:1521630036] :POSTROUTING ACCEPT [2270439:1559369785] COMMIT # Completed on Sat Oct 1 13:30:40 2011 # Generated by iptables-save v1.4.4 on Sat Oct 1 13:30:40 2011 *nat :PREROUTING ACCEPT [61033:3188118] :POSTROUTING ACCEPT [15466:1015749] :OUTPUT ACCEPT [32224:2130430] -A PREROUTING -d 192.168.100.100/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s 192.168.100.0/24 -o ppp0 -j MASQUERADE COMMIT # Completed on Sat Oct 1 13:30:40 2011 # Generated by iptables-save v1.4.4 on Sat Oct 1 13:30:40 2011 *filter :INPUT ACCEPT [490861:326331597] :FORWARD ACCEPT [43458:6774636] :OUTPUT ACCEPT [547756:387119642] COMMIT =============================================== end of iptables
Routing :

Code: Select all

root@ubuntu77:~# netstat -rN Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 110.139.604.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
Permasalahan :

untuk browsing di client koneksi http berjalan bagus baik tanpa proxy maupun di set proxy manual. tapi untuk koneksi https. tidak semua website bisa seperti halnya : login faceboook. Game poker zynga. tapi untuk email tidak ada masalah

adakah para suhu suhu disini yang bisa membantu saya
User avatar
danz0
Posts: 140
Joined: 19 Jan 2010, 12:37
Location: Suroboyo

Re: Network Kadang Salah Routing

Postby danz0 » 01 Oct 2011, 16:53

Kondisi https g bisa ktika pake proxy ato g?
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Re: Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 19:41

kalo di lepas mode bridge nya (gateway/dns kembali ke modem)..... semua terkoneksi bagus..... dalam masalah saya bukan hanya https....tetapi koneksi yg tidak menggunakan port 80 terkadang tidak bisa di routing.

Contohnya :
Buka aplikasi zynga poker tidak bisa jalan hanya sampai pada Loading Page animasi gambar hati 100%. setelah itu gak muncul apa2
Login Facebook terkadang tidak bisa
Game WoW juga cuman sampai di loading game...(login character bisa)
Tapi untuk email : (gmail/yahoo) tidak ada masalah
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Network Kadang Salah Routing

Postby yudiarbi » 01 Oct 2011, 20:34

ini mesin proxy dan dns tersendiri?
User avatar
cysergtlo
Posts: 18
Joined: 28 May 2011, 11:25
Location: Indonesia

Re: Network Kadang Salah Routing

Postby cysergtlo » 01 Oct 2011, 23:59

Proxy dan DNS dalam 1 mesin......menggunakan 2 eth card : eth0 dan 2

berikut saya coba lagi menggunakan iptables yg berbeda hasilnya tetap sama :

Code: Select all

iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --flush iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -s 192.168.100.0/255.255.255.0 -d 0/0 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to-destination 192.168.100.253:3128 iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth2 -j DNAT --to-destination 192.168.100.253:3128 iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
ISI FILE /etc/netwok/interface :

Code: Select all

# The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.100.100 netmask 255.255.255.0 network 192.168.100.0 broadcast 192.168.100.255 auto eth2 iface eth2 inet static address 192.168.100.253 netmask 255.255.255.0 auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf provider dsl-provider
Setingan di Client :
Gateway : 192.168.100.100
DNS : 192.168.100.100

Berikut sebagian Konfigurasi Squid Saya (sya tdk lampirkan semua biar enak di cek)

Code: Select all

http_port 3128 transparent http11 server_http11 on #http_port 3128 transparent #server_http11 off icp_port 0 visible_hostname proxy log_fqdn off log_icp_queries off buffered_logs off emulate_httpd_log off # TAG: FTP section ftp_list_width 32 ftp_passive on ftp_sanitycheck on # TAG: ACL Section acl localnet src 192.168.0.0/16 uri_whitespace strip #DNS NAMESERVER dns_nameservers 127.0.0.1 cache_mem 4 MB maximum_object_size_in_memory 600 bytes memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /cache1 12800 64 256 cache_dir aufs /cache2 12800 64 256 minimum_object_size 512 bytes maximum_object_size 20 MB offline_mode off cache_swap_low 98 cache_swap_high 99 # Setup some default acls #Acl Jangan Cache for Web From localnet acl localdestnet dst 192.168.100.0/24 always_direct allow localdestnet acl all src 0.0.0.0/0 acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 81 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports http_access allow localhost # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all header_access X-Forwarded-For deny all # TAG: ZPH tcp_outgoing_tos 0x30 localnet zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136
saya koreksi : Klo proxy di set manual login facebook bisa....tapi game poker tidak bisa. Demikian juga YM. Tapi untuk email tidak ada masalah Proxy di set manual/no proxy di client
User avatar
yudiarbi
Posts: 627
Joined: 22 Mar 2011, 09:31
Location: Probolinggo, Jawa Timur
Contact:

Re: Network Kadang Salah Routing

Postby yudiarbi » 03 Oct 2011, 13:47

coba hapus semua iptables, dengan catatan mode modem adalah bridge
iptables diganti sbb :
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
bagian squid.conf :
http_port 3128 transparent
server_http11 on
trus di uncomment dulu bagian localdestnetnya
localdestnet ini local webserver ya?

Who is online

Users browsing this forum: No registered users and 15 guests