BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
bang_andi
Been thanked: 5 times
Contact:

BANTU DONG..KONFIGURASI SQUID EXTERNAL + MIKROTIK

Post 01 May 2012, 15:21

jaringan di tempat saya menggunakan Mikrotik + Squid proxy external ubntu server 10.04

- Topologi network Mikrotik sejajar dg Squid Proxy

isp (192.168.1.1) -----Mikrotik ---- squid proxy (192.168.10.1)
|
|
Lokal network (10.5.50.0/24)
Note :
ip GW mikrotik ke modem = 192.168.1.2
ip GW mikrotik ke lokal network = 10.5.50.1
1p GW mikrotik ke squid proxy = 192.168.10.2

Semuanya sdh terkonfigurasi dg baik..client di lan lokal bisa browsing internet...naaah yg jdi masalah pd saat sy liat "tail -f /var/log/squid/access.log | ccze " yang terecord hanya ip squid server-nya saja..nah loh pada kemana ip local range 10.5.50.0/24 ??

Apa ada routing yg harus sy tambahkan..iptables-nya mungkin..?
saat ini iptables-nya masih default (blm ada)

Atau nat firewall saya yg slah di mikrotik ?


User avatar
fathayu

Post 15 May 2012, 04:32

ym ane add gan... mumpung lagi ol sekarang

ym: fathayu


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 16 May 2012, 23:24

Akhirnya ada yang mw bantuin ane...tpi..waduh..pas ente ol di forum..ane kagak ol di forum gan.... oke..sy add ym-nya...ini ym ane gan > wong_284


User avatar
yudiarbi
Contact:

Post 17 May 2012, 02:59

iptables di sisi server gmn?di sisi mikrotik jg gimana?


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 18 May 2012, 13:36

Oke..masbro yudiarbi ini sy gelar konfigurasinya...

1. Iptables di sisi ubuntu server...sy cek dengan iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. nat firewall disisi mikrotik ke parent proxy

ip firewall nat add chain srcnat action masquerade

dan

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=!192.168.10.1 disabled=no dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128


User avatar
antoniusgenta

Post 22 May 2012, 00:12

andi_wong wrote:Oke..masbro yudiarbi ini sy gelar konfigurasinya...

1. Iptables di sisi ubuntu server...sy cek dengan iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. nat firewall disisi mikrotik ke parent proxy

ip firewall nat add chain srcnat action masquerade

dan

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=!192.168.10.1 disabled=no dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128
sudah tambahkan rule di squidnya mas?
acl localnet (ip local)

regards
genta


User avatar
yudiarbi
Contact:

Post 22 May 2012, 08:50

di sisi mikrotik coba bro :

Code: Select all

ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=10.5.50.1 dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 23 May 2012, 09:49

>> Antoniusgenta
kalo acl localnet di squid sdh ada bro...


>> Yudiarbi
Sudah sy coba bro...tapi client malah gk bisa akses internet..

Trus saya coba sprt di bawah ini :
ip firewall nat add action=dst-nat chain=dstnat comment=�ke proxy� src-address=10.5.50.0/24 dst-port=80,8080 protocol=tcp to-addresses=192.168.10.1 to-ports=3128

Hasilnya client bisa akses internet tapi kecepatan aksesnya malah agak lambat..

trus saya tambahkan interfaces out = public di >> ip firewall nat add chain srcnat action masquerade

Hasilnya beberapa Client ada penampakannya di access log squid dan juga di SARG report...namun cuma bertahan sebentar..trus balik lagi ke awal yaitu hanya ip-address dari squid proxy yg tampil di access log dan SARG repot..

Masbro-masbro sekalian ada gagasan lain... ??


User avatar
SaidBasyar

Post 25 May 2012, 22:14

da yg bisa bantu aq membangun proxy external MT dengan ubuntu server 10... ????


User avatar
yudiarbi
Contact:

Post 26 May 2012, 22:31

@andi_wong :
sesuai data smpyn :

Code: Select all

IP address mikrotik menuju proxy : 192.168.10.2
IP address klien-klien : 10.5.50.0/24
sy asumsikan :
IP address proxy menuju mikrotik : 192.168.10.3
coba ini bos :

Code: Select all

/ip firewall address-list
add address=192.168.10.0/24 list=ip-proxy
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.10.3 to-ports=3128
di proxy eksternal, Simpan baris-baris berikut ini kedalam file /etc/rc.local

Code: Select all

route add default gateway 192.168.10.2
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 10.5.50.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.10.3 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.10.3 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
semoga membantu
@saidbasyar:search aj bro, posting kendala di sini biar sama2 belajar


User avatar
darelove

Post 30 May 2012, 06:47

coba pake ini gan settingan firewal di mikrotik

chain=dstnat action=dst-nat to-addresses=ipproxyagan to-ports=3128 protocol=tcp src-address=!ipproxyagan
src-address-list=LocalNet dst-address-list=!addreslistproxy dst-port=80,8080,3128
connection-mark=http-con

kalo masih belum bisa mampir aja ke forum mikrotik indonesianya gan banyak yg ngurus beginian sama head proxy lusca :D


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 30 May 2012, 22:19

@ Yudiarbi :
Mantep nih masbro Yudiarbi...panduannya sgt jelas sekali...baiklah akan saya coba...tp harus menunggu waktu yg tepat dulu utk uji coba (maklum server kantor)..user pd ribut kalo inet macet dikit...nanti hasilnya akan segera ku publish disini..

@ SaidBasyar : Bner kata Masbro Yudiarbi..searh dulu di mbah google lalu nanti digelar aja jika problemnya...spt yg sy lakukan skrg..

@ darelove : Siiip masbro darelove..nanti sy coba juga sarannya..


User avatar
bing123

Post 01 Jun 2012, 12:47

pengen belajar juga,.....


User avatar
yudiarbi
Contact:

Post 01 Jun 2012, 15:04

di sini kita sama2 belajar mas bro @bing123.. :D


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 02 Jun 2012, 20:07

@ Masbro Yudiarbi > sudah sy coba seperti petunjuk setingan2 diatas yaitu firewall nat di mikrotik dan iptables di ubuntu servernya..

Hasilnya adalah hampir sama, sbb :

1. Ip address clinet yg di set static terekam semua...yaitu dari 10.5.50.50 - 10.5.50.69
2. Tetapi ip address client yg didpt dari DHCP-nya hotspot malah tertangkap beberapa saja ? Sperti 10.5.50.120, 10.5.50.143, 10.5.50.109, ...

Penampakannya seperti gbr dibawah ini Masbro...


https://sites.google.com/site/ecaknyo/h ... ubuntu.png


Kira-kira...apalagi yg mau di tambah / di modifikasi setingan yg sdh ada...utk sekedar info di hotspot server profile , http proxy dan port-nya sdh mengarah ke external proxy (192.168.10.1:3128)..


@ Darelove > Setelah dicoba setingannya.. hasilnya yang terekam oleh SARG ada penampkannya clientnya bro, yg PC-nya Ip addressny di set static...tetapi client yg ip addressny dri DHCP hotspot gk terekam sm sekali...
Attachments
sarg utk ubuntu.png
sarg utk ubuntu.png (39.65 KiB) Viewed 3418 times


User avatar
yudiarbi
Contact:

Post 02 Jun 2012, 20:14

loh ada hostspotnya juga?itu topologi kok gak disertain?


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 02 Jun 2012, 20:40

@ Yudiarbi : iya ada hotspotny jg....maap..lupa sy sertai di topologinya..hehe


User avatar
GongLang
Contact:

Post 24 Jul 2012, 08:03

Minta pencerahan donk sesepuh diatas -_-`
Sudah mumet gan ...

Kejadiannya sama seperti mas bro @andi_wong
Client bisa browsing, bisa remote SSH tapi squid tidak bekerja sama sekali

Topology nya sama sepert mas bro @andi_wong

ISP (192.168.100.254) --- Mikrotik (192.168.0.254) --- Squid Proxy (192.168.66.222)
LAN (192.168.0.0/24) output dari Mikrotik

IP Mikrotik ke Modem = 192.168.100.253
IP Mikrotik ke Proxy = 192.168.66.254
IP Mikrotik = 192.168.0.254

semua "squid.conf" sudah di check tidak ada yang bermasalah dengan perintah "Squid3 -k parse"
iptables pun sudah di configuration sesuai dengan permasalah mas bro @andi_wong

berikut ini hasil tampilannya

Code: Select all

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:http redir ports 3128
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:https redir ports 3128
REDIRECT   tcp  --  192.168.0.0/24       anywhere             tcp dpt:http-alt redir ports 3128

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere

Tapi ... saat di check di "access.log" malah seperti ini

Code: Select all

1343086223.881      0 127.0.0.1 TCP_MISS/200 3045 GET cache_object://localhost/info - NONE/- text/plain
1343087053.372      0 127.0.0.1 TCP_MISS/200 3047 GET cache_object://localhost/info - NONE/- text/plain

dan berikut ini hasil check "cache.log"

Code: Select all

2012/07/24 07:43:05|         0 Objects expired.
2012/07/24 07:43:05|         0 Objects cancelled.
2012/07/24 07:43:05|         0 Duplicate URLs purged.
2012/07/24 07:43:05|         0 Swapfile clashes avoided.
2012/07/24 07:43:05|   Took 0.05 seconds (  0.00 objects/sec).
2012/07/24 07:43:05| Beginning Validation Procedure
2012/07/24 07:43:05|   Completed Validation Procedure
2012/07/24 07:43:05|   Validated 25 Entries
2012/07/24 07:43:05|   store_swap_size = 0
2012/07/24 07:43:06| storeLateRelease: released 0 objects

dan berikut ini settingan di mikrotik

Code: Select all

/ip firewall nat

add action=dst-nat chain=dstnat comment=DNS disabled=no dst-port=53 protocol=\
    udp to-addresses=192.168.100.254 to-ports=53
add action=dst-nat chain=dstnat comment="Proxy External to Squid" disabled=no \
    dst-address-list=ip-proxy dst-port=80-85,8080,3128 in-interface=\
    ether5-lan protocol=tcp src-address-list=ip-local to-addresses=\
    192.168.66.222 to-ports=3128
add action=dst-nat chain=dstnat comment=SSH disabled=no dst-address-list=\
    ip-proxy dst-port=22 protocol=tcp src-address-list=local to-addresses=\
    192.168.66.222 to-ports=22
add action=dst-nat chain=dstnat comment=webmin disabled=no dst-address-list=\
    ip-proxy dst-port=26564 protocol=tcp src-address-list=local to-addresses=\
    192.168.66.222 to-ports=26564
add action=src-nat chain=srcnat comment="NAT To Hardware" disabled=no \
    dst-address=192.168.100.0/24 to-addresses=192.168.100.253
add action=src-nat chain=srcnat disabled=no dst-address=192.168.200.0/24 \
    dst-address-list=ip-proxy to-addresses=192.168.66.222
add action=masquerade chain=srcnat comment="Output Connection" disabled=no \
    out-interface=ether3-browsing
add action=masquerade chain=srcnat disabled=no out-interface=ether3-browsing \
    routing-mark=browsing
add action=masquerade chain=srcnat disabled=no out-interface=ether4-proxy \
    routing-mark=proxy
add action=masquerade chain=srcnat disabled=no out-interface=ether5-lan



sepertinya permasalahannya ada di iptables squid

Kemungkinan :(
mohon pencerahannya para sesepuh

Terima kasih :)


User avatar
GongLang
Contact:

Post 02 Aug 2012, 02:34

Bro ...
Helep dunk ...
Squid sudah bisa bekerja dengan sempurna
akan tetapi, jika di check Access log nya ...
kok malah yang terekam hanya dari IP Gateway nya Mikrotik aja yah
Sedangkan Client yang mengakses nya ... IP malah tidak kelihatan sama sekali

apakah ada yang salah di setting ???
Berikut ini penampakan dari "access.log" squid3

Code: Select all


02/Aug/2012:02:40:29 +0700    182 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:29 +0700    179 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:37 +0700  50119 192.168.66.254 TCP_MISS/200 1584 GET http://0-149.channel.facebook.com/pull? - DIRECT/66.220.151.80 application/json
02/Aug/2012:02:40:40 +0700    178 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    855 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    190 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    175 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    171 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml


Mohon pencerahan para sesepuh diatas

Terima Kasih


User avatar
peiks

Post 13 Sep 2012, 00:15

salam kenal sma gan...
apakah ip public yg ada di modem defaul itu bsa di rubah atau emg paten ya?maklm pemula gan....


User avatar
ilham2930
Contact:

Post 13 Sep 2012, 08:42

GongLang wrote:Bro ...
Helep dunk ...
Squid sudah bisa bekerja dengan sempurna
akan tetapi, jika di check Access log nya ...
kok malah yang terekam hanya dari IP Gateway nya Mikrotik aja yah
Sedangkan Client yang mengakses nya ... IP malah tidak kelihatan sama sekali

apakah ada yang salah di setting ???
Berikut ini penampakan dari "access.log" squid3

Code: Select all


02/Aug/2012:02:40:29 +0700    182 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:29 +0700    179 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:37 +0700  50119 192.168.66.254 TCP_MISS/200 1584 GET http://0-149.channel.facebook.com/pull? - DIRECT/66.220.151.80 application/json
02/Aug/2012:02:40:40 +0700    178 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    855 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    190 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    175 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    171 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml


Mohon pencerahan para sesepuh diatas

Terima Kasih


coba tambahkan rule nat di mikrotik untuk masquerade ke interface ISP, Public, dan Internal/LAN


User avatar
ilham2930
Contact:

Post 13 Sep 2012, 08:43

peiks wrote:salam kenal sma gan...
apakah ip public yg ada di modem defaul itu bsa di rubah atau emg paten ya?maklm pemula gan....


klo sewa yang static, tidak akan berubah..
tapi klo sewa yang dinamis akan berubah setiap kali dial ke internet..


User avatar
dja

Post 20 Nov 2012, 21:11

yudiarbi wrote:@andi_wong :
sesuai data smpyn :

Code: Select all

IP address mikrotik menuju proxy : 192.168.10.2
IP address klien-klien : 10.5.50.0/24
sy asumsikan :
IP address proxy menuju mikrotik : 192.168.10.3
coba ini bos :

Code: Select all

/ip firewall address-list
add address=192.168.10.0/24 list=ip-proxy
/ip firewall nat
add action=dst-nat chain=dstnat comment="transparent proxy" dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.10.3 to-ports=3128
di proxy eksternal, Simpan baris-baris berikut ini kedalam file /etc/rc.local

Code: Select all

route add default gateway 192.168.10.2
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 10.5.50.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.10.3 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.10.3 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
semoga membantu
@saidbasyar:search aj bro, posting kendala di sini biar sama2 belajar
para master tolong dibantu dong...!! tak buat seperti ini kok malah masuk winbox jadi error + koneksi internet terputus ..manakah yang harus diseting lagi??


User avatar
dja

Post 21 Nov 2012, 14:50

ok mas terimaksih banyak ,,kendala teratasi dibagian MT,


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 23 Nov 2012, 09:06

GongLang wrote:Bro ...
Helep dunk ...
Squid sudah bisa bekerja dengan sempurna
akan tetapi, jika di check Access log nya ...
kok malah yang terekam hanya dari IP Gateway nya Mikrotik aja yah
Sedangkan Client yang mengakses nya ... IP malah tidak kelihatan sama sekali

apakah ada yang salah di setting ???
Berikut ini penampakan dari "access.log" squid3

Code: Select all


02/Aug/2012:02:40:29 +0700    182 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:29 +0700    179 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:37 +0700  50119 192.168.66.254 TCP_MISS/200 1584 GET http://0-149.channel.facebook.com/pull? - DIRECT/66.220.151.80 application/json
02/Aug/2012:02:40:40 +0700    178 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    855 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    190 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    175 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    171 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml


Mohon pencerahan para sesepuh diatas

Terima Kasih
1. Coba samakan kita samakan dulu settingan awalnya, firewall nat sm gk sprti yang dibawah ini :

chain=dstnat action=dst-nat to-addresses=192.168.10.1 to-ports=3128
protocol=tcp src-address=!192.168.10.0/24 dst-port=80,8080

2. Untuk iptable di ubuntu server dihilangkan saja..tdk apa-apa..

Jgn lupa local network sdh di allow di squid conf.

3. Rule masquerade di bagian Out.Interface ditambahkn ethernet lokal mikrotik yg menuju ke ISP

chain=srcnat action=masquerade out-interface=Telkom


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 23 Nov 2012, 09:15

andi_wong wrote:
GongLang wrote:Bro ...
Helep dunk ...
Squid sudah bisa bekerja dengan sempurna
akan tetapi, jika di check Access log nya ...
kok malah yang terekam hanya dari IP Gateway nya Mikrotik aja yah
Sedangkan Client yang mengakses nya ... IP malah tidak kelihatan sama sekali

apakah ada yang salah di setting ???
Berikut ini penampakan dari "access.log" squid3

Code: Select all


02/Aug/2012:02:40:29 +0700    182 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:29 +0700    179 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:37 +0700  50119 192.168.66.254 TCP_MISS/200 1584 GET http://0-149.channel.facebook.com/pull? - DIRECT/66.220.151.80 application/json
02/Aug/2012:02:40:40 +0700    178 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    855 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:41 +0700    190 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    175 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml
02/Aug/2012:02:40:59 +0700    171 192.168.66.254 TCP_MISS/200 638 POST http://ubuntu-indonesia.com/forums/ubbthreads.php - DIRECT/113.197.35.151 text/xml


Mohon pencerahan para sesepuh diatas

Terima Kasih
1. Coba kita samakan dulu settingan awalnya, firewall nat sm gk sprti yang dibawah ini :

chain=dstnat action=dst-nat to-addresses=192.168.10.1 to-ports=3128
protocol=tcp src-address=!192.168.10.0/24 dst-port=80,8080

Ket :

192.168.10.1 = squid proxy server dg port 3128
192.168.10.0/24 = ip network squid proxy, jd bkn memakai ip network user local ( disini sy memakai local network utk user/client 10.5.50.0/24 dan 10.5.60.0/24 )

2. Untuk iptable di ubuntu server dihilangkan saja..tdk apa-apa..

Jgn lupa local network sdh di allow di squid conf.

3. Rule masquerade di bagian Out.Interface ditambahkn ethernet lokal mikrotik yg menuju ke ISP

chain=srcnat action=masquerade out-interface=Telkom


Post Reply

Who is online

Users browsing this forum: No registered users and 57 guests