Skip to content

Proxy lagi ???? capcay deh…..

August 26, 2007
Transparent Proxy
==================
Berikut adalah langkah-langkah yang harus dipersiapkan :
1. Meng-edit konfigurasi squid untuk men-support transparent proxy :
  • Untuk squid versi 2.5
  • httpd_accel_host virtual
  • httpd_accel_port 80
  • httpd_accel_with_proxy on
  • httpd_accel_user_host_header on
  • Untuk squid versi 2.6
    • http_port 3128 transparent
2. Membuat rule firewall dengan tool iptables yang akan me-redirect service http (80) ke service squid (3128) pada gateway.
iptables –t nat –A PREROUTING –p tcp -s 192.168.1.0/24 –dport 80 –j REDIRECT –to-port 3128
contoh :
edit file sysctl.conf
[root@lp3tnf13 ~]# vi /etc/sysctl.conf
====================================================================

# Kernel sysctl configuration file for Mandriva Linux

#

# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details.
# Disables IP dynaddr

net.ipv4.ip_dynaddr = 0

net.ipv4.ip_forward = 1

# Disable ECN

net.ipv4.tcp_ecn = 0

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0
====================================================================

cek ipv4 forward, pakah sudah enable / 1 ?

[root@lp3tnf13 ~]# cat /proc/sys/net/ipv4/ip_forward

1

=====================================================
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j masquerade -o eth0 >>> NAT ip private agar dikenali di internet
===============================================================

command simple untuk mendis/enabled ip forward
chkconfig –list shorewall >> cek service shorewall berjalan
runlevel >>> cek sistem yg berjalan itu berada pada level berapa ?

echo 0 > /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/ip_forward
squid -k check >>> untuk mengecek apakah konfigurasi squid telah benar
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.0/24 –dport 80 -j REDIRECT –to-port 3128 >>>> untuk me-redirect port 80 ke port 80
vi /usr/local/sarg/sarg.conf >> ubah konfigurasi sarg,

dan ganti access_log menjadi

access_log /var/log/squid/access.log

output_dir /var/www/html/squid-reports
mkdir /var/www/html/squid-reports >>> buat folder output sarg sesuai konfigurasi sarg diatas
sarg >>> jalankan sarg
service httpd restart >>> restart apache service
buka browser

http://local host/squid-reports

repot sarg bisa ditemukan disini

From → Linux

One Comment
  1. top dah…..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: