SETTING IP ADDRESS:
misal eth0 = menuju ke Modem / WAN (misal IP: 202.134.0.1)
eth1= menuju ke LAN / Client (misal IP: 192.168.1.1)
masuk setting IP di :
$ sudo gedit /etc/network/interfaces
ketikkan / cek baris2 berikut :
iface eth0 inet static
address 202.134.0.1
netmask 255.255.255.0
broadcast 202.134.0.255
network 202.134.0.0
gateway 202.134.0.154 // ini dr IP WAN Public Speedy /Astinet/Leas L //
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
SIMPAN dan KELUAR
Masuk squid.conf di
$ sudo gedit /etc/squid/squid.conf
Ketikkan baris-baris berikut :
acl klien src 192.168.1.0/24
http_access allow localhost
http_access allow klien
http_access allow manager localhost
http_access deny manager
cache_effective_user proxy
cache_effective_group proxy
visible_hostname nama.proxy.moe
http_reply_access allow all
SIMPAN dan KELUAR dari gedit
RESTART squid
$ sudo /etc/init.d/squid restart
EDIT IPTABLES
$sudo gedit /etc/rc.local
ketikkan :
iptables -t nat -A POSTROUTING -s 192.168.1.0 /24 -o eth0 -j MASQUERADE
SIMPAN dan KELUAR
EDIT IP FORWARD
$sudo gedit /etc/sysctl.conf
net.ipv4.ip_forward = 1
RESTART OS LINUX SYSTEM
Setting CLient
masuk Browser (IE)
Klik Tools - Option - Internet Options
masukkan IP Gateway : 192.168.1.1 dengan port 3128
Sembunyikan Connection Tab
Hidden Connection Tab pada Internet Options-Tools Browser InternetXplorer
Regedit ---->
HKEY_CURRENT_USER\Sotware\Policies\Microsoft\.................\
Internet Explorer\Control Panel\
buat key (folder) Dword dng nama ConnectionsTab
Tekan ENTER --> Masukkan Value 1 untuk HIDDEN
TUTUP REGEDIT
Cek Kembali Browser IE pada Tools-Option-Internet Options
Semoga bermanfaat kalo memang bermanfaat
My Setup:
i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)
Eth0 connected to internet and eth1 connected to local lan i.e. system act as router.
Server Configuration
- Step #1 : Squid configuration so that it will act as a transparent proxy
- Step #2 : Iptables configuration
- a) Configure system as router
- b) Forward all http requests to 3128 (DNAT)
- Step #3: Run scripts and start squid service
First, Squid server installed (use up2date squid) and configured by adding following directives to file:# vi /etc/squid/squid.conf
Modify or add following squid directives:httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
Where,
- httpd_accel_host virtual: Squid as an httpd accelerator
- httpd_accel_port 80: 80 is port you want to act as a proxy
- httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
- httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
- acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
- http_access allow localhost: Squid access to LAN and localhost ACL only
- http_access allow lan: — same as above –
Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ):# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
OR, try out sed (thanks to kotnik for small sed trick)# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'
Output:hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
Iptables configuration
Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j DNAT –to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
Here is complete shell script. Script first configure Linux system as router and forwards all http request to port 3128 (Download the fw.proxy shell script):#!/bin/sh
# squid server IP
SQUID_SERVER=“192.168.1.1″
# Interface connected to Internet
INTERNET=“eth0″
# Interface connected to LAN
LAN_IN=“eth1″
# Squid port
SQUID_PORT=“3128″
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Save shell script. Execute script so that system will act as a router and forward the ports:# chmod +x /etc/fw.proxy
# /etc/fw.proxy
# service iptables save
# chkconfig iptables on
Start or Restart the squid:# /etc/init.d/squid restart
# chkconfig squid on
Desktop / Client computer configuration
Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.
How do I test my squid proxy is working correctly?
See access log file /var/log/squid/access.log:# tail -f /var/log/squid/access.log
Above command will monitor all incoming request and log them to /var/log/squid/access_log file. Now if somebody accessing a website through browser, squid will log information.
Problems and solutions
(a) Windows XP FTP Client
All Desktop client FTP session request ended with an error:
Illegal PORT command.
I had loaded the ip_nat_ftp kernel module. Just type the following command press Enter and voila!# modprobe ip_nat_ftp
Please note that modprobe command is already added to a shell script (above).
(b) Port 443 redirection
I had block out all connection request from our router settings except for our proxy (192.168.1.1) server. So all ports including 443 (https/ssl) request denied. You cannot redirect port 443, from debian mailing list, “Long answer: SSL is specifically designed to prevent “man in the middle” attacks, and setting up squid in such a way would be the same as such a “man in the middle” attack. You might be able to successfully achive this, but not without breaking the encryption and certification that is the point behind SSL“.
Therefore, I had quickly reopen port 443 (router firewall) for all my LAN computers and problem was solved.
(c) Squid Proxy authentication in a transparent mode
You cannot use Squid authentication with a transparently intercepting proxy.
Further reading:
- How do I use Iptables connection tracking feature?
- How do I build a Simple Linux Firewall for DSL/Dial-up connection?
- Update: Forum topic discussion: Setting up a transparent proxy with Squid peering to ISP squid server
- Squid, a user’s guide
- Squid FAQ
- Transparent Proxy with Linux and Squid mini-HOWTO
Updated for accuracy.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or full RSS feed to get all updates.
Related Linux / UNIX Tips:
- Squid Proxy Server Limit the number of simultaneous Web connections from a client with maxconn ACL
- Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5
- Linux: How to disable the IPv6 protocol
- nixCraft FAQ Roundup ~ Nov 1, 2007
- Top 10 Hits and Zeitgeist of 2006 for your edification and fun
Speedy salah satu produk andalan PT.Telkom untuk layanan koneksi internet, kini semakin memperbaiki kelengkapan produk serta performance demi kepuasan pelanggan. Awal bulan ini Speedy melakukan promo besar-besaran untuk registrasi pelanggan baru, terutama di sini adalah untuk mendukung kemajuan lembaga pendidikan di Indonesia. Untuk para calon pelanggan baru yang mendapat diskon 50 % untuk biaya aktivasi dan 50% biaya bulanan untuk semua paket, mulai dari Time Based - Paket Office, Paket Warnet dll, Ini adalah paket koneksi Internet tercepat dan termurah yang pernah kita tahu.
Misal dengan paket Time Based paket 50 jam per bulan, pelanggan hanya dikenakan biaya Rp.100.000 + PPN 10% , apabila overtime dari 50 jam maka per jam dihitung hanya Rp.1.500 / jam.
Throughput Test
Tes kecepatan speedy dengan backbone kabel mampu menyaingi kecepatan Wireless. Berikut bukti screenshoot
1. Lembaga Pendidikan Formal SD, SMP, SMA
2. Pondok Pesantren
3. Guru, Dosen (dibuktikan dengan surat rekomendasi dari Kepala Sekolah/Rektor)
4. Fotokopi KTP
5. Fotokopi Rekening Telpon
6. Pembayaran biaya aktivasi pada tagihan bulan pertama
7. Meterai 3 lembar @ Rp.6.000,-
Diskon ini berlaku sejak mulai Aktivasi sampai 1 tahun kedepan (misal aktivasi tanggal 1 Desember 2007 berlaku hingga 1 Desember 2008) untuk aktivasi sampai dengan Akhir Maret 2008.
Untuk Registrasi baru (Semarang), bisa menghubungi :
P.Yunianto (Anto) .
HP. 08132 60660 74
08154 254 3354 Baca Selanjutnya...
Lalu lintas Internet di Indonesia akan diawasi secara penuh mulai Januari 2008 mendatang oleh lembaga pengawas internet, Indonesia Security Response Internet Infrastructure (ID-SIRTII).
Ketua Pelaksana ID-SIRTII Richardus Eko Indrajit mengungkapkan, pihaknya saat ini masih menyiapkan infrastruktur jaringan dan database untuk keperluan penyimpanan log file dan pengawasan trafik konten yang diperkirakan selesai akhir Desember tahun ini.
“Desember mulai kami ujicobakan sehingga Januari tahun depan database dan trafik monitoring sudah bisa berjalan,” ujarnya di sela seminar tentang ID-SIRTII di Hotel Bidakara, Jakarta, Rabu (31/10/2007).
Wakil Ketua ID-SIRTII Muhammad Salahuddien menambahkan, server ID-SIRTII yang tengah dibangun akan menyimpan data log file pengguna Internet seluruh dengan kapasitas sebesar enam tera bytes (TB). Server tersebut yang dibangun oleh PT Sigma Cipta Caraka terhubung ke pengguna Internet, misalnya dari perusahaan dan perkantoran, melalui penyelenggara jasa Internet (ISP).
“Kami hanya akan mengawasi trafik dari ISP resmi yang berizin dari Ditjen Postel sementara PJI yang mengambil bandwidth dari luar negeri secara ilegal menjadi tanggung jawab lembaga pengawas di negara tempat Internet Protocol atau bandwidth itu berasal,” jelasnya.
ID-SIRTII, menurut Eko, akan menjalin kerja sama strategis dengan lembaga serupa di negara-negara lain sehinga bila terdapat serangan dari luar negeri maka dapat diselesaikan antarlembaga.
“Kami tidak memiliki kewenangan melakukan tindakan hukum kepada pelaku kejahatan dunia maya. Kami hanya akan menyampaikan data dan fakta kepada pihak yang berwenang seperti kepolisian, kejaksaan, dan Ditjen Postel. Biar mereka yang menentukan definisinya,” ujar dia.
Salahuddien menandaskan, dengan server yang dimiliki ID-SIRTII nantinya akan sanggup untuk mengawasi trafik Internet di Indonesia yang setiap harinya bisa mencapai 3 Giga bytes per detik (Gbps) dan 4 Gbps pada masa-masa tertentu seperti Pemilu.
Sumber: detikinet.com
PC Media Anti Virus buatan local (Indonesia) yang sudah mulai mendunia release terbaru versi RC21 sudah ada. Silakan Download di sini UTAWI WONTEN MRIKI NGGIH pilih yang Free ya biar nggak bayar walaupun cuma berlaku 90 hari.jangan pilih yang Premium. UNtuk Download RC21.vdb di sini ya.....
PC Media can remove many kinds viruses likes: brontok varian, worm varian ext
Tq