Network Kadang Salah Routing

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
cysergtlo

Network Kadang Salah Routing

Post 01 Oct 2011, 12:27

Topologi :

Code: Select all

Modem Dsl (BRIDGE) ---> Hub 
                         |
  192.168.100.100   192.168.100.253  192.168.100.xxx   192.168.100.xxx
     proxyserver      dnsServer         client1           client2 
isi ip tables :
=============================================

Code: Select all

:INPUT ACCEPT [1716750:1128141527]
:FORWARD ACCEPT [265902:37739749]
:OUTPUT ACCEPT [2004537:1521630036]
:POSTROUTING ACCEPT [2270439:1559369785]
COMMIT
# Completed on Sat Oct  1 13:30:40 2011
# Generated by iptables-save v1.4.4 on Sat Oct  1 13:30:40 2011
*nat
:PREROUTING ACCEPT [61033:3188118]
:POSTROUTING ACCEPT [15466:1015749]
:OUTPUT ACCEPT [32224:2130430]
-A PREROUTING -d 192.168.100.100/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.100.0/24 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sat Oct  1 13:30:40 2011
# Generated by iptables-save v1.4.4 on Sat Oct  1 13:30:40 2011
*filter
:INPUT ACCEPT [490861:326331597]
:FORWARD ACCEPT [43458:6774636]
:OUTPUT ACCEPT [547756:387119642]
COMMIT
=============================================== end of iptables
Routing :

Code: Select all

root@ubuntu77:~# netstat -rN
Kernel IP routing table
Destination     Gateway   Genmask         Flags   MSS Window  irtt Iface
110.139.604.1   0.0.0.0   255.255.255.255 UH        0 0          0 ppp0
192.168.100.0   0.0.0.0   255.255.255.0   U         0 0          0 eth0
192.168.100.0   0.0.0.0   255.255.255.0   U         0 0          0 eth2
0.0.0.0         0.0.0.0   0.0.0.0         U         0 0          0 ppp0
Permasalahan :

untuk browsing di client koneksi http berjalan bagus baik tanpa proxy maupun di set proxy manual. tapi untuk koneksi https. tidak semua website bisa seperti halnya : login faceboook. Game poker zynga. tapi untuk email tidak ada masalah

adakah para suhu suhu disini yang bisa membantu saya


User avatar
danz0

Post 01 Oct 2011, 16:53

Kondisi https g bisa ktika pake proxy ato g?


User avatar
cysergtlo

Post 01 Oct 2011, 19:41

kalo di lepas mode bridge nya (gateway/dns kembali ke modem)..... semua terkoneksi bagus..... dalam masalah saya bukan hanya https....tetapi koneksi yg tidak menggunakan port 80 terkadang tidak bisa di routing.

Contohnya :
Buka aplikasi zynga poker tidak bisa jalan hanya sampai pada Loading Page animasi gambar hati 100%. setelah itu gak muncul apa2
Login Facebook terkadang tidak bisa
Game WoW juga cuman sampai di loading game...(login character bisa)
Tapi untuk email : (gmail/yahoo) tidak ada masalah


User avatar
yudiarbi
Contact:

Post 01 Oct 2011, 20:34

ini mesin proxy dan dns tersendiri?


User avatar
cysergtlo

Post 01 Oct 2011, 23:59

Proxy dan DNS dalam 1 mesin......menggunakan 2 eth card : eth0 dan 2

berikut saya coba lagi menggunakan iptables yg berbeda hasilnya tetap sama :

Code: Select all


iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --flush
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.0/255.255.255.0 -d 0/0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80  -i eth0 -j DNAT --to-destination 192.168.100.253:3128
iptables -t nat -A PREROUTING -p tcp --dport 80  -i eth2 -j DNAT --to-destination 192.168.100.253:3128
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
ISI FILE /etc/netwok/interface :

Code: Select all

# The loopback network interface
auto lo
iface lo inet loopback

  auto eth0
  iface eth0 inet static
  address 192.168.100.100
  netmask 255.255.255.0
  network 192.168.100.0
  broadcast 192.168.100.255

  auto eth2
  iface eth2 inet static
  address 192.168.100.253
  netmask 255.255.255.0

auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider
Setingan di Client :
Gateway : 192.168.100.100
DNS : 192.168.100.100

Berikut sebagian Konfigurasi Squid Saya (sya tdk lampirkan semua biar enak di cek)

Code: Select all

http_port 3128 transparent http11
server_http11 on
#http_port 3128 transparent
#server_http11 off
icp_port 0

visible_hostname proxy


log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off

# TAG: FTP section
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

# TAG: ACL Section
acl localnet src 192.168.0.0/16 

uri_whitespace strip

#DNS NAMESERVER
dns_nameservers 127.0.0.1

cache_mem 4 MB
maximum_object_size_in_memory 600 bytes
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir	aufs	/cache1	12800	64	256
cache_dir	aufs	/cache2	12800	64	256


minimum_object_size 512 bytes
maximum_object_size 20 MB
offline_mode off
cache_swap_low 98
cache_swap_high 99

# Setup some default acls

#Acl Jangan Cache for Web From localnet
acl localdestnet dst 192.168.100.0/24

always_direct allow localdestnet

acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 81 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563 81
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow localnet


# Default block all to be sure
http_access deny all
header_access X-Forwarded-For deny all

# TAG: ZPH
tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
saya koreksi : Klo proxy di set manual login facebook bisa....tapi game poker tidak bisa. Demikian juga YM. Tapi untuk email tidak ada masalah Proxy di set manual/no proxy di client


User avatar
yudiarbi
Contact:

Post 03 Oct 2011, 13:47

coba hapus semua iptables, dengan catatan mode modem adalah bridge
iptables diganti sbb :
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
bagian squid.conf :
http_port 3128 transparent
server_http11 on
trus di uncomment dulu bagian localdestnetnya
localdestnet ini local webserver ya?


Post Reply

Who is online

Users browsing this forum: No registered users and 46 guests