Firestarter 0 Report post Posted September 9, 2008 Semekom,Disini aku ada masalah nak setup proxy server. Dell ni ade 2 nic. Tapi dia tak boleh nak connect intenet. Jadi tak dapat la aku nak setting jadi proxy. Dell ni guna fedora as OS dia.Masalahnya, aku add default route gateway point ke DSL. Bila aku ping dsl tu memang ade respon. Tapi tak dapat access lak. Bila aku start network, dia kuar error ni: Error adding 192.168.1.100 on eth0. Aku tak tau sebab ape.Ada sesapa yang boleh tolong aku, bagi guide atau link yang berguna. Sekian. Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 9, 2008 Semekom,Disini aku ada masalah nak setup proxy server. Dell ni ade 2 nic. Tapi dia tak boleh nak connect intenet. Jadi tak dapat la aku nak setting jadi proxy. Dell ni guna fedora as OS dia.Masalahnya, aku add default route gateway point ke DSL. Bila aku ping dsl tu memang ade respon. Tapi tak dapat access lak. Bila aku start network, dia kuar error ni: Error adding 192.168.1.100 on eth0. Aku tak tau sebab ape.Ada sesapa yang boleh tolong aku, bagi guide atau link yang berguna. Sekian.FC versi berapa?anyway mmg dedua NIC tuh working well ke? kalau working, ok la.. pasal mcm pelik je error dia.. Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 9, 2008 (edited) Aku guna FC 9. NIC ni work well. Aku restart server baru ok. Aku nak tanya, kalo letak clamav tak berat ke network masuk? Sebab aku cadang nak wat scan dulu. User kat sini ade lebih kurang 500. Line 3mbps.Aku nak letak squid+dansguardian+clamAV. Takut lak slow. Pastu squid tu wat transperant kan? Aku nak jadikan box ni as router. Maknanya box ni akan jadi gateway. Pastu aku disable kan download. Maknanya kalo orang nak download file lebih dari 100mb, tak lepas. Pastu camner nak set by pass proxy ni. Boleh tolong bagi idea. Edited September 9, 2008 by Firestarter Quote Share this post Link to post Share on other sites
athlon_crazy 0 Report post Posted September 9, 2008 (edited) Aku guna FC 9. NIC ni work well. Aku restart server baru ok. Aku nak tanya, kalo letak clamav tak berat ke network masuk? Sebab aku cadang nak wat scan dulu. User kat sini ade lebih kurang 500. Line 3mbps.Aku nak letak squid+dansguardian+clamAV. Takut lak slow. Pastu squid tu wat transperant kan? Aku nak jadikan box ni as router. Maknanya box ni akan jadi gateway. Pastu aku disable kan download. Maknanya kalo orang nak download file lebih dari 100mb, tak lepas. Pastu camner nak set by pass proxy ni. Boleh tolong bagi idea.clamAV is OK! But need a latest version freshclam a.k.a virus database. Otherwise each time you updating the database it will cause you 90-100% cpu usage. As for router - Lebih mudah kalau nak jadikan this *nix machine transparent proxy, jadikan dia sebagai router / gateway n DHCP server. Dengan user seramai 500 org, DHCP global option set kan client menggunakan this *nix machine as a router automatically.p/s : Jangan lupa adjust firewall supaya port 80 atau yang berkenaan forward ke port squid! Edited September 9, 2008 by athlon_crazy Quote Share this post Link to post Share on other sites
TemanX 0 Report post Posted September 9, 2008 Squid ko kalau nak letak untuk user yang bleh access internet je. Yang lain, ko takyah nak set id nagn pass squid kat diorang. Pakai DHCP pun bleh gak. Aku taktaula fedora ada problem ke tak, tapi kat kampeni aku, server diorang pakai Suse 9, kekadang ada masalah server nak assign DHCP tu kat client. Biasanya server takleh assign DHCP lebey kurang dari pukul 11pagi sampai 2 petang. Aku pun tak tau apesal jadik camtu. Terpaksa la aku temporary bagi fix ip...... kuang3 ClaimAV takpenah guna. takleh nak komen. Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 9, 2008 Squid ko kalau nak letak untuk user yang bleh access internet je. Yang lain, ko takyah nak set id nagn pass squid kat diorang. Pakai DHCP pun bleh gak. Aku taktaula fedora ada problem ke tak, tapi kat kampeni aku, server diorang pakai Suse 9, kekadang ada masalah server nak assign DHCP tu kat client. Biasanya server takleh assign DHCP lebey kurang dari pukul 11pagi sampai 2 petang. Aku pun tak tau apesal jadik camtu. Terpaksa la aku temporary bagi fix ip...... kuang3 ClaimAV takpenah guna. takleh nak komen.kena check ngan dhcpd.conf, betul ke tak setting dia tuh.. atau perkara2 lain yg menyebabkan dia "tersangkut" time2 tu Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 10, 2008 Camner nk buat transparent tu? DHCP aku x assign no ip la.. Aku nk install dansguardian gak tu.dhcpd.conf# DHCP Server Configuration file. #  see /usr/share/doc/dhcp*/dhcpd.conf.sample #  see 'man 5 dhcpd.conf' # ddns-update-style interim ignore client-updates subnet 192.168.0.0 netmask 255.255.255.0 {   # The range of IP addresses the server   # will issue to DHCP enabled PC clients   # booting up on the network   range 192.168.0.3 192.168.0.220;   # Set the amount of time in seconds that   # a client may keep the IP address   default-lease-time 3600;   max-lease-time 86400;   # Set the default gateway to be used by   # the PC clients   option routers 192.168.0.1;   # Don't forward DHCP requests from this   # NIC interface to any other NIC   # interfaces   option ip-forwarding off;   # Set the broadcast address and subnet mask   # to be used by the DHCP clients   option broadcast-address 192.168.0.255;   option subnet-mask 255.255.255.0;     # Set the NTP server to be used by the   # DHCP clients   #option ntp-servers 192.168.1.100;   # Set the DNS server to be used by the   # DHCP clients   option domain-name-servers 202.188.0.133, 202.188.1.5;   # If you specify a WINS server for your Windows clients,   # you need to include the following option in the dhcpd.conf file:   #option netbios-name-servers 192.168.1.100;   # You can also assign specific IP addresses based on the clients'   # ethernet MAC address as follows (Host's name is "laser-printer": # host laser-printer {   #    hardware ethernet 08:00:2b:4c:59:23;   #  fixed-address 192.168.1.222;   #} #} # # List an unused interface here # subnet 192.168.2.0 netmask 255.255.255.0 { } Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 10, 2008 Sekarang ni dhcp aku tak jalan lak. Squid aku jalan tapi nape keluar error bila aku add:httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy onBila aku buang ok lak squid aku. Quote Share this post Link to post Share on other sites
athlon_crazy 0 Report post Posted September 10, 2008 Sekarang ni dhcp aku tak jalan lak. Squid aku jalan tapi nape keluar error bila aku add:httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy onBila aku buang ok lak squid aku.Linux distro work automatically the "accel" setting.Dhcp - apa error messages? Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 10, 2008 Error? Esok la aku post. Fedora aku 32bit. Tapi aku install kat 64bit architecture. Aku tak tau la sama ade clash ke tak. Sebab nak load tu lambat sangat. Esok aku nak test guna centos x86_64. Sib baik ade 2 hdd. Leh gak memain dengan server ni. Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 11, 2008 Proxy dan dhcp dah jalan. Tapi client tak dapat access keluar la. Ni iptables aku:[root@proxy ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Thu Sep 11 10:00:54 2008 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i eth1 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 3128 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 80 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j ACCEPT -A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 80 -j ACCEPT COMMIT # Completed on Thu Sep 11 10:00:54 2008 # Generated by iptables-save v1.3.5 on Thu Sep 11 10:00:54 2008 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 COMMIT # Completed on Thu Sep 11 10:00:54 2008 Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 11, 2008 Alhamdulillah, proxy aku dah up. Aku ucapkan terima kasih pada sesapa yang bantu aku. Pasal iptables tu, aku guna iptables generator untuk selesaikan masalah aku. Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 12, 2008 Oleh kerana aku ada soalan lagi, jadi aku buka semula topik ni.Aku nak tanya boleh tak squid ni diset untuk aku tengok balik site yang dilawati oleh setiap user? Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 14, 2008 Camner nk buat transparent tu? DHCP aku x assign no ip la.. Aku nk install dansguardian gak tu.dhcpd.conf# DHCP Server Configuration file. #  see /usr/share/doc/dhcp*/dhcpd.conf.sample #  see 'man 5 dhcpd.conf' # ddns-update-style interim ignore client-updates subnet 192.168.0.0 netmask 255.255.255.0 {   # The range of IP addresses the server   # will issue to DHCP enabled PC clients   # booting up on the network   range 192.168.0.3 192.168.0.220;   # Set the amount of time in seconds that   # a client may keep the IP address   default-lease-time 3600;   max-lease-time 86400;   # Set the default gateway to be used by   # the PC clients   option routers 192.168.0.1;   # Don't forward DHCP requests from this   # NIC interface to any other NIC   # interfaces   option ip-forwarding off;   # Set the broadcast address and subnet mask   # to be used by the DHCP clients   option broadcast-address 192.168.0.255;   option subnet-mask 255.255.255.0;     # Set the NTP server to be used by the   # DHCP clients   #option ntp-servers 192.168.1.100;   # Set the DNS server to be used by the   # DHCP clients   option domain-name-servers 202.188.0.133, 202.188.1.5;   # If you specify a WINS server for your Windows clients,   # you need to include the following option in the dhcpd.conf file:   #option netbios-name-servers 192.168.1.100;   # You can also assign specific IP addresses based on the clients'   # ethernet MAC address as follows (Host's name is "laser-printer": # host laser-printer {   #    hardware ethernet 08:00:2b:4c:59:23;   #  fixed-address 192.168.1.222;   #} #} # # List an unused interface here # subnet 192.168.2.0 netmask 255.255.255.0 { } default-lease-time 3600; max-lease-time 86400;nih ko jgn wat pasal bang value ni dalam seconds, kalau 3600 tuh dalam sejam la.. so better taruk dedua 86400 ( 24jam ) baru ip tuh expired dan client perlu request baru..option domain-name-servers 202.188.0.133, 202.188.1.5;nih kalau nak bagi "lagi sedap" tambah a few more DNS server yg open, ambik IANA ngan OpenDNS pun boleh, TMNET punye reserve pun boleh ( aku mmg buat camni pun ) option domain-name-servers 202.188.1.23, 208.67.222.222, 202.188.1.25, 208.67.220.220, 161.142.201.17, 192.228.128.16, 202.188.0.133, 202.188.1.5;161.XXX dan 192.XXX tuh dns jaring, 208.XXX tuh OpenDNS even boleh taruk IANA ROOT-SERVERS, lg gilebabun..;; ADDITIONAL SECTION:A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::fG.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30;; Query time: 369 msec;; SERVER: 198.41.0.4#53(198.41.0.4);; WHEN: Sun Sep 14 09:48:20 2008;; MSG SIZE rcvd: 500cara2 nak test dns server tuh ok ke tak, test:dig @ip_atau_nama_server tu then tgk result query time dia berapa miliseconds.. lg kecik value lg bagus..;; Query time: 63 msec;; SERVER: 202.188.1.23#53(202.188.1.23);; Query time: 61 msec;; SERVER: 161.142.201.17#53(161.142.201.17);; Query time: 61 msec;; SERVER: 192.228.128.16#53(192.228.128.16)selamat mencuba Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 14, 2008 (edited) Proxy aku cam berat je. Aku tak tau la sebab ade orang download file ke tak. Tapi bila nk buka local site slow sangat. Aku pasang dansguardian, satu harap site tak leh masuk. Aku guna iptables generator untuk wat iptables tu.Aku tak tau la..Maybe setting aku kat dansguardian tu salah kot.Ni flow aku..internet ---> eth0 192.168.1.100 Squid/iptables/dansguardian eth1 192.168.2.0 ---> client cam aku nak tambah iprange dlm dhcp tu camner? Katakan aku nak ip 192.168.2.5 - 192.168.2.254, 192.168.3.1 - 192.168.3.254. dhcpd.conf authoritative; default-lease-time        20800; max-lease-time            86400; ddns-update-style          none; shared-network eth1 {     subnet 192.168.0.1 netmask 255.255.255.0 {       range 192.168.0.5 192.168.0.254;       default-lease-time 28800;       max-lease-time 86400;       option routers 192.168.0.1;       option subnet-mask 255.255.255.0;       option domain-name-servers 202.188.0.133,202.188.1.5;       option domain-name "jasper.my";       ping-check false;       group {           default-lease-time 28800;           max-lease-time 86400;       }     } } Edited September 14, 2008 by Firestarter Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 15, 2008 Proxy aku cam berat je. Aku tak tau la sebab ade orang download file ke tak. Tapi bila nk buka local site slow sangat. Aku pasang dansguardian, satu harap site tak leh masuk. Aku guna iptables generator untuk wat iptables tu.Aku tak tau la..Maybe setting aku kat dansguardian tu salah kot.Ni flow aku..internet ---> eth0 192.168.1.100 Squid/iptables/dansguardian eth1 192.168.2.0 ---> client cam aku nak tambah iprange dlm dhcp tu camner? Katakan aku nak ip 192.168.2.5 - 192.168.2.254, 192.168.3.1 - 192.168.3.254. dhcpd.conf authoritative; default-lease-time        20800; max-lease-time            86400; ddns-update-style          none; shared-network eth1 {     subnet 192.168.0.1 netmask 255.255.255.0 {       range 192.168.0.5 192.168.0.254;       default-lease-time 28800;       max-lease-time 86400;       option routers 192.168.0.1;       option subnet-mask 255.255.255.0;       option domain-name-servers 202.188.0.133,202.188.1.5;       option domain-name "jasper.my";       ping-check false;       group {           default-lease-time 28800;           max-lease-time 86400;       }     } }range ip? kalau ada 3 subnet possibly boleh tambah, tapi nak asingkan tuh yg jd persoalan.. pc kat mana patut dpt subnet mana? kan kluar dr network card yg sama? ( eth1 )ok pasal proxy tuh.. a[pa kata ko off dulu dansguardian ke apa2, let squid alone dulu.. kalau lancar then on la dansguardian etc.. then suddenly slow.. maka prob kat dansguardian la.. sure ke setting squid dan cun? Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 15, 2008 Aku rase squid aku takde masalah. squid.confhttp://pastebin.com/m166ad106Aku guna iptables generator jadi susah aku nak edit iptables. Maklum la sebelom ni aku tak penah handle keje system admin ni. Aku nak sekali kan ip tu supaya semua leh lalu ikut situ. Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 16, 2008 Aku rase squid aku takde masalah. squid.confhttp://pastebin.com/m166ad106Aku guna iptables generator jadi susah aku nak edit iptables. Maklum la sebelom ni aku tak penah handle keje system admin ni. Aku nak sekali kan ip tu supaya semua leh lalu ikut situ.##Default:## cache_swap_low 90# cache_swap_high 95uncomment this..# maximum_object_size 4096 KB# minimum_object_size 0 KBuncomment this..# cache_replacement_policy lru# memory_replacement_policy lruuncomment.. kalau nak pakai yg optimised dan agresif sikit:cache_replacement_policy heap LFUDAmemory_replacement_policy heap GDSFmake sure mmg options tuh ada masa compiled squid, kalau takde@error@tak jalan, pakai standard lru je..# cache_dir ufs /var/spool/squid 100 16 256aiyo bang.. takkan la nak set untuk satu group client pakai 100MB space HDD je? tambah2 la sikit baru leh tampung cache banyak sket.. kasik jd 2-4GB ke...# maximum_object_size_in_memory 8 KBup sikit value ke 100 KB at leastermm..aku tgk squid ni mcm tak set apa2 pun kecuali ACL.. cemana nak kasik jalan cun+optimised nih bang? Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 17, 2008 Maaf la. Aku tak pandai sangat bab seting server ni. Kalo desktop tu aku tau la. Ni pon sebab terdesak je. Anyway time kasih la tapi aku sangkut lagi dekat ip tu. Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 21, 2008 Semalam aku ada setting untuk block sesetengah web site. Jadi dalam squid.conf aku tambah ni:acl bad-sites url_regex -i "/etc/squid/bad-sites" http_access deny bad-sitesBila aku restart squid user still buleh masuk site yang aku block tu. Apa solution dia? Buntu ni..Terima kasih. Quote Share this post Link to post Share on other sites
TRUNASUCI 15 Report post Posted September 23, 2008 Semalam aku ada setting untuk block sesetengah web site. Jadi dalam squid.conf aku tambah ni:acl bad-sites url_regex -i "/etc/squid/bad-sites" http_access deny bad-sitesBila aku restart squid user still buleh masuk site yang aku block tu. Apa solution dia? Buntu ni..Terima kasih.check kat http_access.. ada setkan allow all tak? Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted September 24, 2008 Dah setel, aku letak sebelom allow access. Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted October 6, 2008 (edited) Dalam dhcp ni aku nak more ip. Aku dah wat eth1:1, eth1:2 and eth1:3. Jadi camner aku nk add device dalam dhcp dan assign semua ip situ?authoritative; default-lease-time        20800; max-lease-time            86400; ddns-update-style          none; option routers 192.168.0.1; option domain-name-servers 202.188.0.133,202.188.1.5; option domain-name "jasper.my"; shared-network eth1 {     subnet 192.168.0.1 netmask 255.255.252.0 {         range 192.168.0.10 192.168.3.254;               } }Dah setel. Opis aku dah leh support lebih kurang 1022 ip. Edited October 7, 2008 by Firestarter Quote Share this post Link to post Share on other sites
Firestarter 0 Report post Posted October 8, 2008 Aku terpaksa buka balik topik ni pasal aku ada masalah dengan ip yang diberi. PC yang menggunakan ip 192.168.1.0, 192.168.2.0 dan 192.168.3.0 tidak boleh access internet. Aku dah add ip ni dalam squid.conf. Bila aku restart balik..User still tak leh masuk internet. Jadi ada tak sesape penah alami masalah seperti ini? Quote Share this post Link to post Share on other sites