Seting router dan transparent Proxy dengan RedHat 9.0
Setting router pada redhat !!!!
=====================================
1. seting ip address pada eth0 (ethernet terluar dengan isp)
#vi /stc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=172.16.0.10
BROADCAST=172.16.0.127
NETMASK=255.255.255.128
GATEWAY=172.16.0.126
USERCTL=NO
2. seting ip address pada eth1 (ethernet -down yang berhubungan dengan LAN)
#vi /stc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.13.10
BROADCAST=192.168.13.63
NETMASK=255.255.255.192
GATEWAY=172.16.0.10
USERCTL=NO
3. SETING DNS NAMESERVER
#vi /etc/resolve.conf
nameserver 172.16.0.126
nameserver 219.83.63.145
4. SETING IPTABLES / FIREWALL
#vi /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
#/etc/rc.d/rc.local
#touch /var/lock/subsys/local
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#konfigurasi squid transparant
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-ports 3128
5. JALANKAN IPTABLES
#service iptables start | stop | restart
=======================================
akhirnya selesai juga !!!!
=======================================
***************************************
===========================================
Seting dan konfigurasi transparent proxy !!
===========================================
1. download squid nya dulu
#wget http://swelltech.com/support/updates/squid/9/i386/squid-2.5.STABLE3-1rh.i386.rpm
2. habis di download, install dech di server lo
#rpm -ivh squid-2.5.STABLE3-1rh.i386.rpm
3. pindahkan file squid yang asli
#mv /etc/squid/squid.conf /etc/squid/squid.conf.original
4. buat konfigurasi squid yang baru.
#vi /etc/squid/squid.conf
-- copy tulisan dibawah ini --
http_port 3128
icp_port 3130
cache_mem 64 MB
connect_timeout 2 minutes
maximum_object_size 20480 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /gambar 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_ip_on_direct on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 6667 7000
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777 110
acl Safe_ports port 5050
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow all
cache_mgr andinovianto@ymail.com
visible_hostname andinovianto@ymail.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-- berakhir diatas tulisan ini --
simpen make esc :wq (tekan enter)
ket: kali ini gue gak make konsep delay pools, males....!!!
5. buat folder gambar di / caranya:
#cd /
#mkdir gambar
atau buat folder cache
#mkdir /cache
6. ubah kepemilikan gambar jadi group
#chown -R squid.squid /gambar
atau
# chown squid.squid /cache -Rf
7. jalankan squid
#/etc/init.d/squid start
8. agar squid dijalankan otomatis saat reboot komputer:
#setup
cari "system services" (tanpa tanda kutip), run tool, kemudian cari squid dan ceklis/aktifkan
9. masukin juga transparant proxynya, agar user gak perlu masukin proxy di program webnya
#/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
#/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-ports 3128
10. agar transparant proxy dijalankan saat server dinyalain masukin juga di rc.local
#vi /etc/rc.local
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp --dport 80 -j REDIRECT --to-ports 3128
simpen dengan menekan esc :wq (kemudian enter)
oya jgn lupa ubah konfigurasi file /etc/sysctl.conf
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
menjadi:
net.ipv4.ip_forward = 1
=====================================
nb : konfigurasi ini diambil dari komputer server penulis kluthix.blogspot.com