(ask) blok akses dg ACL squid & IPtables via Vbox

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
amanda

(ask) blok akses dg ACL squid & IPtables via Vbox

Post 05 Jul 2010, 03:34

maz mau tanya gimana cara blokir akses client menggunakan proxy squid dengan acl dan iptables??
disini Qcb menggunakan vbox dimana nanti client pura2nya berada (win$)
interface ubuntu = ppp0
squid server = 192.168.1.1
squid port = 3128
name host only adapter di Vbox = vboxnet0

host only network nya :

IPv4 Adress = 192.168.1.1
IPv4 Network Mask = 255.555.555.0

untuk setting eth0 di Vbox :
IP = 192.168.1.2
netmask = 255.255.255.0
gateway = 192.168.1.1
DNS = 8.8.8.8 8.8.4.4 (sama dg dns di squid.conf)

untuk acl di squid.conf cm saya tambahkan sebagai cb cb:
acl lan src 192.168.1.0/24
acl block dstdomain .youtube.com .facebook.com .friendster.com

http_access allow lan
http_access deny block
http_access deny all

untuk iptablesnya :

Code: Select all

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface vboxnet0 -j ACCEPT
iptables -A INPUT -i vboxnet0 -j ACCEPT
iptables -A OUTPUT -o vboxnet0 -j ACCEPT
iptables -t nat -A PREROUTING -i vboxnet0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
pas Q cb akses youtube.com di vbox malah g keblok maz begitu juga facebook.com & friendster.com ..malahan bisa browsing dg ACL yg Q blok di squid.conf
ak cek log squid nya sih jalan pas browsing di Vbox
(tidak ada error pas instalasi maupun konfigurasi squid di ubuntu)

bisakah IPtables diatur menggunakan module --string untuk memblok akses client dalam hal ini di Vbox ??
misal konfigurasi IPtables di ubuntu nya:

Code: Select all

iptables -A INPUT -m string --algo kmp --string youtube -j REJECT
iptables -A FORWARD -m string --algo kmp --string youtube -j REJECT

iptables -A INPUT -m string --algo kmp --string Youtube -j REJECT
iptables -A FORWARD -m string --algo kmp --string Youtube -j REJECT
kira kira yg kurang / salah di mana ya maz?maklum baru belajar....
seblum nya trimakasih... .


User avatar
Rh354

Post 05 Jul 2010, 19:15

ijin menyimak sis


User avatar
belajarlinux

Post 06 Jul 2010, 04:12

waduh... ane terlalu newbie gan... :D


User avatar
amanda

Post 06 Jul 2010, 06:33

udah bisa maz ternyata di ACL squid nya yg bermasalah,,
bisanya dijadikan list bukan domain

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl
http_access deny blocklist
(http_access deny blocklist ak letakkan di atas http_access allow manager localhost)

hasilnya : [spoiler][imgleft]http://img180.imageshack.us/img180/7526 ... shot1i.png[/img][/spoiler] :grin: Tq maz semua nya .. .


User avatar
Rh354

Post 07 Jul 2010, 11:09

bukannya dari dl emang di list yak di acl :D


User avatar
amanda

Post 07 Jul 2010, 19:51

kl penulisannya di squid.conf gini :
acl block dstdomain .youtube.com .facebook.com .friendster.com g bisa ngeblok di client (vbox)
tapi kl di buat list
acl blocklist url_regex -i "/etc/squid/blocklist.acl >> bisa
sebelumnya ku cb juga dengan
acl blocklist url_regex -i "/etc/squid/blocklist.txt >> g mau

:confused:


User avatar
thrvers
Contact:

Post 07 Jul 2010, 20:11

'
kok aneh sis??
dah coba cek squid.conf abis ubah2 tu setting:
$ sudo squid -k parse

ada error2 nda ato cman warning :confused:


User avatar
amanda

Post 07 Jul 2010, 20:31

udah , g ada error nya ky nya

Code: Select all

2010/07/07 19:26:38| Starting Squid Cache version 2.7.STABLE9 for i386-debian-linux-gnu...
2010/07/07 19:26:38| Process ID 2986
2010/07/07 19:26:38| With 1024 file descriptors available
2010/07/07 19:26:38| Using epoll for the IO loop
2010/07/07 19:26:38| DNS Socket created at 0.0.0.0, port 38453, FD 6
2010/07/07 19:26:38| Adding nameserver 180.131.144.144 from squid.conf
2010/07/07 19:26:38| Adding nameserver 180.131.144.145 from squid.conf
2010/07/07 19:26:38| helperOpenServers: Starting 7 'storeurl-ubuntu.pl' processes
2010/07/07 19:26:38| logfileOpen: opening log /cache/access.log
2010/07/07 19:26:38| Swap maxSize 4096000 + 6144 KB, estimated 315549 objects
2010/07/07 19:26:38| Target number of buckets: 15777
2010/07/07 19:26:38| Using 16384 Store buckets
2010/07/07 19:26:38| Max Mem  size: 6144 KB
2010/07/07 19:26:38| Max Swap size: 4096000 KB
2010/07/07 19:26:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/07/07 19:26:38| Store logging disabled
2010/07/07 19:26:38| Rebuilding storage in /cache (CLEAN)
2010/07/07 19:26:38| Using Least Load store dir selection
2010/07/07 19:26:38| Current Directory is /
2010/07/07 19:26:38| Loaded Icons.
2010/07/07 19:26:38| Accepting transparently proxied HTTP connections at 192.168.1.1, port 3128, FD 19.
2010/07/07 19:26:38| HTCP Disabled.
2010/07/07 19:26:38| WCCP Disabled.
2010/07/07 19:26:38| Ready to serve requests.
2010/07/07 19:26:38| Store rebuilding is 24.7% complete
2010/07/07 19:26:39| Done reading /cache swaplog (16602 entries)
2010/07/07 19:26:39| Finished rebuilding storage from disk.
2010/07/07 19:26:39|     16602 Entries scanned
2010/07/07 19:26:39|         0 Invalid entries.
2010/07/07 19:26:39|         0 With invalid flags.
2010/07/07 19:26:39|     16602 Objects loaded.
2010/07/07 19:26:39|         0 Objects expired.
2010/07/07 19:26:39|         0 Objects cancelled.
2010/07/07 19:26:39|         0 Duplicate URLs purged.
2010/07/07 19:26:39|         0 Swapfile clashes avoided.
2010/07/07 19:26:39|   Took 0.6 seconds (30010.3 objects/sec).
2010/07/07 19:26:39| Beginning Validation Procedure
2010/07/07 19:26:39|   Completed Validation Procedure
2010/07/07 19:26:39|   Validated 16602 Entries
2010/07/07 19:26:39|   store_swap_size = 186848k
2010/07/07 19:26:39| storeLateRelease: released 0 objects..
penulisan acl juga dah ku cb dengan

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.txt"
http_access deny blocklist
dan

Code: Select all

acl blocklist url_regex "/etc/squid/blocklist.txt"
http_access deny blocklist
alhasil bisanya cm dengan :

Code: Select all

acl blocklist url_regex -i "/etc/squid/blocklist.acl
http_access deny blocklist
wew.. :confused:


Post Reply

Who is online

Users browsing this forum: No registered users and 103 guests