Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy Exte

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
bang_andi
Been thanked: 5 times
Contact:

Mau Tanya....Setting Mikrotik RB1100 dengan Squid Proxy Exte

Post 14 Dec 2011, 13:11

A. Saya setting di mikrotik web-proxy nya seperti ini

Src.Address : 0.0.0.0
Port : 8383

Parent proxy : 192.168.10.1
port : 3128

B. Terus Firewall NAT nya seperti ini :
Karena saya memakai 2 lan

ip firewall add chain=dstnat
action=dst-nat to-addresses=192.168.10.1
to-ports=3128
protocol=tcp src-address=10.5.50.0/24
in-interface=lan dst-port=80

dan

ip firewall add chain=dstnat
action=dst-nat to-addresses=192.168.10.1
to-ports=3128
protocol=tcp src-address=10.5.60.0/24
in-interface=lan dst-port=80


C. Konfigurasi squid nya seperti ini :

# WELCOME TO SQUID 2.7.STABLE7
# ----------------------------
#
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------

# TAG: acl
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
# Allowing or Denying access based on defined access lists
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl lan_a src 10.5.50.0/24
acl lan_b src 10.5.60.0/24

http_access allow lan_a
http_access allow lan_b

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

# TAG: icp_access
icp_access allow all


# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# TAG: http_port
# Squid normally listens to port 3128
http_port 3128


# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_mem (bytes)
cache_mem 64 MB

# TAG: maximum_object_size_in_memory (bytes)
maximum_object_size_in_memory 50 KB


# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_dir
cache_dir ufs /var/spool/squid 10000 16 256


# TAG: minimum_object_size (bytes)
#Default:
# minimum_object_size 0 KB

# TAG: maximum_object_size (bytes)
#Default:
# maximum_object_size 4096 KB

# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
cache_swap_low 90
cache_swap_high 95


# LOGFILE OPTIONS
# -----------------------------------------------------------------------------

# TAG: cache_log
cache_log /var/log/squid/cache.log


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

# TAG: cache
# Default is to allow all to be cached
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# TAG: refresh_pattern
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: negative_ttl time-units
#Default:
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
#Default:
# positive_dns_ttl 6 hours

# TAG: negative_dns_ttl time-units
#Default:
# negative_dns_ttl 1 minute

# TAG: broken_vary_encoding
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TIMEOUTS
# -----------------------------------------------------------------------------

# TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute
connect_timeout 5 minute


# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

# TAG: cache_mgr
#
#Default:
# cache_mgr root
cache_mgr "apriandi"

# TAG: mail_from
#Default:
# none
mail_from apriandi@smansumsel-sa.sch.id

# TAG: visible_hostname
visible_hostname squid

# DNS OPTIONS
# -----------------------------------------------------------------------------

# TAG: dns_nameservers
dns_nameservers 8.8.4.4

# TAG: hosts_file
#Default:
# hosts_file /etc/hosts


# MISCELLANEOUS
# -----------------------------------------------------------------------------

# TAG: coredump_dir
#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

D. Masalahnya seperti ini
Sewaktu saya lihat di access.log nya..

TCP_denied 403 atau Miss ( maaf... lupa di screenshoot )

Mohon pencerahannya ?


User avatar
bluez

Post 14 Dec 2011, 15:32

mikrotik web proxynya sendiri enable juga yah om??


User avatar
Slincerdream

Post 14 Dec 2011, 19:02

saran ja om, web proxy mikrotik disable aja, port 80 dari client lgsung di belokkan ke proxy ubuntu.
ether1 = wan
ether2= Lan
ether3= Proxy

semoga membantu, (RB1100 13 Lan port?)mohon dikoreksi kalau salah


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 15 Dec 2011, 08:38

udah saya disable..tpi tetep..gk bisa browsing client-nya...anehnya ada yg bisa dg scope/pool ip address yg sama...


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 15 Dec 2011, 08:43

kira2 di settingan squid proxy saya ada yg salah kagak gan..ada tahapan yg sy lupa / lewatkan...? atau mungkin trik belokin dari mikrotik ke external proxy yg kurang pas..iya RB1100 punya 13 port

Mari belajar bersama..ini akan menjadi tutorial ubuntu forum..kelinci percobaannya network saya..walaah :crazy: ..ahahaha


User avatar
Slincerdream

Post 15 Dec 2011, 13:04

ANDI_WONG wrote:kira2 di settingan squid proxy saya ada yg salah kagak gan..ada tahapan yg sy lupa / lewatkan...? atau mungkin trik belokin dari mikrotik ke external proxy yg kurang pas..iya RB1100 punya 13 port

Mari belajar bersama..ini akan menjadi tutorial ubuntu forum..kelinci percobaannya network saya..walaah :crazy: ..ahahaha
coba ke trit ini. bisa jadi referensi, :)


User avatar
bang_andi
Been thanked: 5 times
Contact:

Post 19 Dec 2011, 11:24

oke gan...ke TKP....btw settingan saya sudah running...jd tinggal tune up squid dn bberapa editan lg di hotspot usernya ( hotspot user masih terblok )..hehe :grin:


Post Reply

Who is online

Users browsing this forum: No registered users and 124 guests