Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy Exte

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy Exte

Postby bang_andi » 14 Dec 2011, 13:11

A. Saya setting di mikrotik web-proxy nya seperti ini

Src.Address : 0.0.0.0
Port : 8383

Parent proxy : 192.168.10.1
port : 3128

B. Terus Firewall NAT nya seperti ini :
Karena saya memakai 2 lan

ip firewall add chain=dstnat
action=dst-nat to-addresses=192.168.10.1
to-ports=3128
protocol=tcp src-address=10.5.50.0/24
in-interface=lan dst-port=80

dan

ip firewall add chain=dstnat
action=dst-nat to-addresses=192.168.10.1
to-ports=3128
protocol=tcp src-address=10.5.60.0/24
in-interface=lan dst-port=80


C. Konfigurasi squid nya seperti ini :

# WELCOME TO SQUID 2.7.STABLE7
# ----------------------------
#
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------

# TAG: acl
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
# Allowing or Denying access based on defined access lists
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl lan_a src 10.5.50.0/24
acl lan_b src 10.5.60.0/24

http_access allow lan_a
http_access allow lan_b

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

# TAG: icp_access
icp_access allow all


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# TAG: http_port
# Squid normally listens to port 3128
http_port 3128


# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_mem (bytes)
cache_mem 64 MB

# TAG: maximum_object_size_in_memory (bytes)
maximum_object_size_in_memory 50 KB


# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_dir
cache_dir ufs /var/spool/squid 10000 16 256


# TAG: minimum_object_size (bytes)
#Default:
# minimum_object_size 0 KB

# TAG: maximum_object_size (bytes)
#Default:
# maximum_object_size 4096 KB

# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
cache_swap_low 90
cache_swap_high 95


# LOGFILE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_log
cache_log /var/log/squid/cache.log


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

# TAG: cache
# Default is to allow all to be cached
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# TAG: refresh_pattern
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: negative_ttl time-units
#Default:
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
#Default:
# positive_dns_ttl 6 hours

# TAG: negative_dns_ttl time-units
#Default:
# negative_dns_ttl 1 minute

# TAG: broken_vary_encoding
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TIMEOUTS
# -----------------------------------------------------------------------------

# TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute
connect_timeout 5 minute


# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

# TAG: cache_mgr
#
#Default:
# cache_mgr root
cache_mgr "apriandi"

# TAG: mail_from
#Default:
# none
mail_from apriandi@smansumsel-sa.sch.id

# TAG: visible_hostname
visible_hostname squid

# DNS OPTIONS
# -----------------------------------------------------------------------------

# TAG: dns_nameservers
dns_nameservers 8.8.4.4

# TAG: hosts_file
#Default:
# hosts_file /etc/hosts


# MISCELLANEOUS
# -----------------------------------------------------------------------------

# TAG: coredump_dir
#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

D. Masalahnya seperti ini
Sewaktu saya lihat di access.log nya..

TCP_denied 403 atau Miss ( maaf... lupa di screenshoot )

Mohon pencerahannya ?
User avatar
bluez
Posts: 22
Joined: 17 Feb 2010, 17:02
Location: Lewoleba, Indonesia

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby bluez » 14 Dec 2011, 15:32

mikrotik web proxynya sendiri enable juga yah om??
User avatar
Slincerdream
Posts: 9
Joined: 14 May 2011, 19:00
Location: Yogyakarta

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby Slincerdream » 14 Dec 2011, 19:02

saran ja om, web proxy mikrotik disable aja, port 80 dari client lgsung di belokkan ke proxy ubuntu.
ether1 = wan
ether2= Lan
ether3= Proxy

semoga membantu, (RB1100 13 Lan port?)mohon dikoreksi kalau salah
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby bang_andi » 15 Dec 2011, 08:38

udah saya disable..tpi tetep..gk bisa browsing client-nya...anehnya ada yg bisa dg scope/pool ip address yg sama...
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby bang_andi » 15 Dec 2011, 08:43

kira2 di settingan squid proxy saya ada yg salah kagak gan..ada tahapan yg sy lupa / lewatkan...? atau mungkin trik belokin dari mikrotik ke external proxy yg kurang pas..iya RB1100 punya 13 port

Mari belajar bersama..ini akan menjadi tutorial ubuntu forum..kelinci percobaannya network saya..walaah :crazy: ..ahahaha
User avatar
Slincerdream
Posts: 9
Joined: 14 May 2011, 19:00
Location: Yogyakarta

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby Slincerdream » 15 Dec 2011, 13:04

ANDI_WONG wrote:kira2 di settingan squid proxy saya ada yg salah kagak gan..ada tahapan yg sy lupa / lewatkan...? atau mungkin trik belokin dari mikrotik ke external proxy yg kurang pas..iya RB1100 punya 13 port

Mari belajar bersama..ini akan menjadi tutorial ubuntu forum..kelinci percobaannya network saya..walaah :crazy: ..ahahaha


coba ke trit ini. bisa jadi referensi, :)
User avatar
bang_andi
Posts: 398
Joined: 03 Sep 2010, 09:07
Location: Di sekitar sungai musi...
Contact:

Re: Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy

Postby bang_andi » 19 Dec 2011, 11:24

oke gan...ke TKP....btw settingan saya sudah running...jd tinggal tune up squid dn bberapa editan lg di hotspot usernya ( hotspot user masih terblok )..hehe :grin:

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 1 guest