Jump to content
Firestarter

Proxy Server

By Firestarter, in Linux & *nix

Recommended Posts

Firestarter    0

Firestarter
Posted

Semekom,

Disini aku ada masalah nak setup proxy server. Dell ni ade 2 nic. Tapi dia tak boleh nak connect intenet. Jadi tak dapat la aku nak setting jadi proxy. Dell ni guna fedora as OS dia.

Masalahnya, aku add default route gateway point ke DSL. Bila aku ping dsl tu memang ade respon. Tapi tak dapat access lak. Bila aku start network, dia kuar error ni: Error adding 192.168.1.100 on eth0. Aku tak tau sebab ape.

Ada sesapa yang boleh tolong aku, bagi guide atau link yang berguna. Sekian.

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Semekom,

Disini aku ada masalah nak setup proxy server. Dell ni ade 2 nic. Tapi dia tak boleh nak connect intenet. Jadi tak dapat la aku nak setting jadi proxy. Dell ni guna fedora as OS dia.

Masalahnya, aku add default route gateway point ke DSL. Bila aku ping dsl tu memang ade respon. Tapi tak dapat access lak. Bila aku start network, dia kuar error ni: Error adding 192.168.1.100 on eth0. Aku tak tau sebab ape.

Ada sesapa yang boleh tolong aku, bagi guide atau link yang berguna. Sekian.

FC versi berapa?

anyway mmg dedua NIC tuh working well ke? kalau working, ok la.. pasal mcm pelik je error dia..

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted (edited)

Aku guna FC 9. NIC ni work well. Aku restart server baru ok. Aku nak tanya, kalo letak clamav tak berat ke network masuk? Sebab aku cadang nak wat scan dulu. User kat sini ade lebih kurang 500. Line 3mbps.

Aku nak letak squid+dansguardian+clamAV. Takut lak slow. Pastu squid tu wat transperant kan? Aku nak jadikan box ni as router. Maknanya box ni akan jadi gateway. Pastu aku disable kan download. Maknanya kalo orang nak download file lebih dari 100mb, tak lepas. Pastu camner nak set by pass proxy ni. Boleh tolong bagi idea.

Edited by Firestarter

Share this post

Link to post
Share on other sites

athlon_crazy    0

athlon_crazy
Posted (edited)

Aku guna FC 9. NIC ni work well. Aku restart server baru ok. Aku nak tanya, kalo letak clamav tak berat ke network masuk? Sebab aku cadang nak wat scan dulu. User kat sini ade lebih kurang 500. Line 3mbps.

Aku nak letak squid+dansguardian+clamAV. Takut lak slow. Pastu squid tu wat transperant kan? Aku nak jadikan box ni as router. Maknanya box ni akan jadi gateway. Pastu aku disable kan download. Maknanya kalo orang nak download file lebih dari 100mb, tak lepas. Pastu camner nak set by pass proxy ni. Boleh tolong bagi idea.

clamAV is OK! But need a latest version freshclam a.k.a virus database. Otherwise each time you updating the database it will cause you 90-100% cpu usage.

As for router - Lebih mudah kalau nak jadikan this *nix machine transparent proxy, jadikan dia sebagai router / gateway n DHCP server. Dengan user seramai 500 org, DHCP global option set kan client menggunakan this *nix machine as a router automatically.

p/s : Jangan lupa adjust firewall supaya port 80 atau yang berkenaan forward ke port squid!

Edited by athlon_crazy

Share this post

Link to post
Share on other sites

TemanX    0

TemanX
Posted

Squid ko kalau nak letak untuk user yang bleh access internet je. Yang lain, ko takyah nak set id nagn pass squid kat diorang. Pakai DHCP pun bleh gak. Aku taktaula fedora ada problem ke tak, tapi kat kampeni aku, server diorang pakai Suse 9, kekadang ada masalah server nak assign DHCP tu kat client. Biasanya server takleh assign DHCP lebey kurang dari pukul 11pagi sampai 2 petang. Aku pun tak tau apesal jadik camtu. Terpaksa la aku temporary bagi fix ip...... kuang3 :lol:

ClaimAV takpenah guna. takleh nak komen.

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Squid ko kalau nak letak untuk user yang bleh access internet je. Yang lain, ko takyah nak set id nagn pass squid kat diorang. Pakai DHCP pun bleh gak. Aku taktaula fedora ada problem ke tak, tapi kat kampeni aku, server diorang pakai Suse 9, kekadang ada masalah server nak assign DHCP tu kat client. Biasanya server takleh assign DHCP lebey kurang dari pukul 11pagi sampai 2 petang. Aku pun tak tau apesal jadik camtu. Terpaksa la aku temporary bagi fix ip...... kuang3 :lol:

ClaimAV takpenah guna. takleh nak komen.

kena check ngan dhcpd.conf, betul ke tak setting dia tuh.. atau perkara2 lain yg menyebabkan dia "tersangkut" time2 tu

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Camner nk buat transparent tu? DHCP aku x assign no ip la.. Aku nk install dansguardian gak tu.

dhcpd.conf

# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see 'man 5 dhcpd.conf'
#
ddns-update-style interim
ignore client-updates

subnet 192.168.0.0 netmask 255.255.255.0 {

   # The range of IP addresses the server
   # will issue to DHCP enabled PC clients
   # booting up on the network

   range 192.168.0.3 192.168.0.220;

   # Set the amount of time in seconds that
   # a client may keep the IP address

  default-lease-time 3600;
  max-lease-time 86400;

   # Set the default gateway to be used by
   # the PC clients

   option routers 192.168.0.1;
   # Don't forward DHCP requests from this
   # NIC interface to any other NIC
   # interfaces

   option ip-forwarding off;

   # Set the broadcast address and subnet mask
   # to be used by the DHCP clients

  option broadcast-address 192.168.0.255;
  option subnet-mask 255.255.255.0;
  
   # Set the NTP server to be used by the
   # DHCP clients

  #option ntp-servers 192.168.1.100;

   # Set the DNS server to be used by the
   # DHCP clients

  option domain-name-servers 202.188.0.133, 202.188.1.5;

   # If you specify a WINS server for your Windows clients,
   # you need to include the following option in the dhcpd.conf file:

  #option netbios-name-servers 192.168.1.100;

   # You can also assign specific IP addresses based on the clients'
   # ethernet MAC address as follows (Host's name is "laser-printer":

 # host laser-printer {
  #    hardware ethernet 08:00:2b:4c:59:23;
   #  fixed-address 192.168.1.222;
   #}
#}
#
# List an unused interface here
#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Sekarang ni dhcp aku tak jalan lak. Squid aku jalan tapi nape keluar error bila aku add:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on

Bila aku buang ok lak squid aku.

Share this post

Link to post
Share on other sites

athlon_crazy    0

athlon_crazy
Posted

Sekarang ni dhcp aku tak jalan lak. Squid aku jalan tapi nape keluar error bila aku add:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on

Bila aku buang ok lak squid aku.

Linux distro work automatically the "accel" setting.

Dhcp - apa error messages?

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Error? Esok la aku post. Fedora aku 32bit. Tapi aku install kat 64bit architecture. Aku tak tau la sama ade clash ke tak. Sebab nak load tu lambat sangat. Esok aku nak test guna centos x86_64. Sib baik ade 2 hdd. Leh gak memain dengan server ni.

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Proxy dan dhcp dah jalan. Tapi client tak dapat access keluar la. Ni iptables aku:

[root@proxy ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Thu Sep 11 10:00:54 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth1 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 3128 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 80 -j ACCEPT 
-A OUTPUT -o eth0 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j ACCEPT 
-A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -m tcp --sport 80 -j ACCEPT 
COMMIT
# Completed on Thu Sep 11 10:00:54 2008
# Generated by iptables-save v1.3.5 on Thu Sep 11 10:00:54 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 
COMMIT
# Completed on Thu Sep 11 10:00:54 2008

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Alhamdulillah, proxy aku dah up. Aku ucapkan terima kasih pada sesapa yang bantu aku. Pasal iptables tu, aku guna iptables generator untuk selesaikan masalah aku.

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Oleh kerana aku ada soalan lagi, jadi aku buka semula topik ni.Aku nak tanya boleh tak squid ni diset untuk aku tengok balik site yang dilawati oleh setiap user?

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Camner nk buat transparent tu? DHCP aku x assign no ip la.. Aku nk install dansguardian gak tu.

dhcpd.conf

# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see 'man 5 dhcpd.conf'
#
ddns-update-style interim
ignore client-updates

subnet 192.168.0.0 netmask 255.255.255.0 {

   # The range of IP addresses the server
   # will issue to DHCP enabled PC clients
   # booting up on the network

   range 192.168.0.3 192.168.0.220;

   # Set the amount of time in seconds that
   # a client may keep the IP address

  default-lease-time 3600;
  max-lease-time 86400;

   # Set the default gateway to be used by
   # the PC clients

   option routers 192.168.0.1;
   # Don't forward DHCP requests from this
   # NIC interface to any other NIC
   # interfaces

   option ip-forwarding off;

   # Set the broadcast address and subnet mask
   # to be used by the DHCP clients

  option broadcast-address 192.168.0.255;
  option subnet-mask 255.255.255.0;
  
   # Set the NTP server to be used by the
   # DHCP clients

  #option ntp-servers 192.168.1.100;

   # Set the DNS server to be used by the
   # DHCP clients

  option domain-name-servers 202.188.0.133, 202.188.1.5;

   # If you specify a WINS server for your Windows clients,
   # you need to include the following option in the dhcpd.conf file:

  #option netbios-name-servers 192.168.1.100;

   # You can also assign specific IP addresses based on the clients'
   # ethernet MAC address as follows (Host's name is "laser-printer":

 # host laser-printer {
  #    hardware ethernet 08:00:2b:4c:59:23;
   #  fixed-address 192.168.1.222;
   #}
#}
#
# List an unused interface here
#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

default-lease-time 3600;

max-lease-time 86400;

nih ko jgn wat pasal bang :) value ni dalam seconds, kalau 3600 tuh dalam sejam la.. so better taruk dedua 86400 ( 24jam ) baru ip tuh expired dan client perlu request baru..

option domain-name-servers 202.188.0.133, 202.188.1.5;

nih kalau nak bagi "lagi sedap" tambah a few more DNS server yg open, ambik IANA ngan OpenDNS pun boleh, TMNET punye reserve pun boleh ( aku mmg buat camni pun :D )

option domain-name-servers 202.188.1.23, 208.67.222.222, 202.188.1.25, 208.67.220.220, 161.142.201.17, 192.228.128.16, 202.188.0.133, 202.188.1.5;

161.XXX dan 192.XXX tuh dns jaring, 208.XXX tuh OpenDNS :) even boleh taruk IANA ROOT-SERVERS, lg gilebabun..

;; ADDITIONAL SECTION:

A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4

A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30

B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201

C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12

D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90

E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10

F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241

F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f

G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4

H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53

H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235

I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17

J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30

J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30

;; Query time: 369 msec

;; SERVER: 198.41.0.4#53(198.41.0.4)

;; WHEN: Sun Sep 14 09:48:20 2008

;; MSG SIZE rcvd: 500

cara2 nak test dns server tuh ok ke tak, test:

dig @ip_atau_nama_server tu then tgk result query time dia berapa miliseconds.. lg kecik value lg bagus..

;; Query time: 63 msec

;; SERVER: 202.188.1.23#53(202.188.1.23)

;; Query time: 61 msec

;; SERVER: 161.142.201.17#53(161.142.201.17)

;; Query time: 61 msec

;; SERVER: 192.228.128.16#53(192.228.128.16)

selamat mencuba

:)

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted (edited)

Proxy aku cam berat je. Aku tak tau la sebab ade orang download file ke tak. Tapi bila nk buka local site slow sangat. Aku pasang dansguardian, satu harap site tak leh masuk. Aku guna iptables generator untuk wat iptables tu.

Aku tak tau la..Maybe setting aku kat dansguardian tu salah kot.

Ni flow aku..

internet ---> eth0 192.168.1.100 Squid/iptables/dansguardian eth1 192.168.2.0 ---> client
cam aku nak tambah iprange dlm dhcp tu camner? Katakan aku nak ip 192.168.2.5 - 192.168.2.254, 192.168.3.1 - 192.168.3.254. dhcpd.conf 
authoritative;
 default-lease-time         20800;
 max-lease-time             86400;
 ddns-update-style          none;
 shared-network eth1 {
    subnet 192.168.0.1 netmask 255.255.255.0 {
       range 192.168.0.5 192.168.0.254;
       default-lease-time 28800;
       max-lease-time 86400;
       option routers 192.168.0.1;
       option subnet-mask 255.255.255.0;
       option domain-name-servers 202.188.0.133,202.188.1.5;
       option domain-name "jasper.my";
       ping-check false;
       group {
          default-lease-time 28800;
          max-lease-time 86400;
       }
    }
 }

Edited by Firestarter

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Proxy aku cam berat je. Aku tak tau la sebab ade orang download file ke tak. Tapi bila nk buka local site slow sangat. Aku pasang dansguardian, satu harap site tak leh masuk. Aku guna iptables generator untuk wat iptables tu.

Aku tak tau la..Maybe setting aku kat dansguardian tu salah kot.

Ni flow aku..

internet ---> eth0 192.168.1.100 Squid/iptables/dansguardian eth1 192.168.2.0 ---> client
cam aku nak tambah iprange dlm dhcp tu camner? Katakan aku nak ip 192.168.2.5 - 192.168.2.254, 192.168.3.1 - 192.168.3.254. dhcpd.conf 
authoritative;
 default-lease-time         20800;
 max-lease-time             86400;
 ddns-update-style          none;
 shared-network eth1 {
    subnet 192.168.0.1 netmask 255.255.255.0 {
       range 192.168.0.5 192.168.0.254;
       default-lease-time 28800;
       max-lease-time 86400;
       option routers 192.168.0.1;
       option subnet-mask 255.255.255.0;
       option domain-name-servers 202.188.0.133,202.188.1.5;
       option domain-name "jasper.my";
       ping-check false;
       group {
          default-lease-time 28800;
          max-lease-time 86400;
       }
    }
 }

range ip? kalau ada 3 subnet possibly boleh tambah, tapi nak asingkan tuh yg jd persoalan.. pc kat mana patut dpt subnet mana? kan kluar dr network card yg sama? ( eth1 )

ok pasal proxy tuh.. a[pa kata ko off dulu dansguardian ke apa2, let squid alone dulu.. kalau lancar then on la dansguardian etc.. then suddenly slow.. maka prob kat dansguardian la.. sure ke setting squid dan cun?

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Aku rase squid aku takde masalah.

squid.conf

http://pastebin.com/m166ad106

Aku guna iptables generator jadi susah aku nak edit iptables. Maklum la sebelom ni aku tak penah handle keje system admin ni. Aku nak sekali kan ip tu supaya semua leh lalu ikut situ.

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Aku rase squid aku takde masalah.

squid.conf

http://pastebin.com/m166ad106

Aku guna iptables generator jadi susah aku nak edit iptables. Maklum la sebelom ni aku tak penah handle keje system admin ni. Aku nak sekali kan ip tu supaya semua leh lalu ikut situ.

#

#Default:

#

# cache_swap_low 90

# cache_swap_high 95

uncomment this..

# maximum_object_size 4096 KB

# minimum_object_size 0 KB

uncomment this..

# cache_replacement_policy lru

# memory_replacement_policy lru

uncomment.. kalau nak pakai yg optimised dan agresif sikit:

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

make sure mmg options tuh ada masa compiled squid, kalau takde@error@tak jalan, pakai standard lru je..

# cache_dir ufs /var/spool/squid 100 16 256

aiyo bang.. takkan la nak set untuk satu group client pakai 100MB space HDD je? tambah2 la sikit baru leh tampung cache banyak sket.. kasik jd 2-4GB ke...

# maximum_object_size_in_memory 8 KB

up sikit value ke 100 KB at least

ermm..

aku tgk squid ni mcm tak set apa2 pun kecuali ACL.. cemana nak kasik jalan cun+optimised nih bang?

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Maaf la. Aku tak pandai sangat bab seting server ni. Kalo desktop tu aku tau la. Ni pon sebab terdesak je. Anyway time kasih la tapi aku sangkut lagi dekat ip tu.

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Semalam aku ada setting untuk block sesetengah web site. Jadi dalam squid.conf aku tambah ni:

acl bad-sites url_regex -i "/etc/squid/bad-sites"

http_access deny bad-sites

Bila aku restart squid user still buleh masuk site yang aku block tu. Apa solution dia? Buntu ni..

Terima kasih.

Share this post

Link to post
Share on other sites

TRUNASUCI    15

TRUNASUCI
Posted

Semalam aku ada setting untuk block sesetengah web site. Jadi dalam squid.conf aku tambah ni:

acl bad-sites url_regex -i "/etc/squid/bad-sites"

http_access deny bad-sites

Bila aku restart squid user still buleh masuk site yang aku block tu. Apa solution dia? Buntu ni..

Terima kasih.

check kat http_access.. ada setkan allow all tak?

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted (edited)

Dalam dhcp ni aku nak more ip. Aku dah wat eth1:1, eth1:2 and eth1:3. Jadi camner aku nk add device dalam dhcp dan assign semua ip situ?

authoritative;
 default-lease-time         20800;
 max-lease-time             86400;
 ddns-update-style          none;
option routers 192.168.0.1;
option domain-name-servers 202.188.0.133,202.188.1.5;
option domain-name "jasper.my";
 shared-network eth1 {
     subnet 192.168.0.1 netmask 255.255.252.0 {
        range 192.168.0.10 192.168.3.254;
           
     }
 }

Dah setel. Opis aku dah leh support lebih kurang 1022 ip.

Edited by Firestarter

Share this post

Link to post
Share on other sites

Firestarter    0

Firestarter
Posted

Aku terpaksa buka balik topik ni pasal aku ada masalah dengan ip yang diberi. PC yang menggunakan ip 192.168.1.0, 192.168.2.0 dan 192.168.3.0 tidak boleh access internet. Aku dah add ip ni dalam squid.conf. Bila aku restart balik..User still tak leh masuk internet. Jadi ada tak sesape penah alami masalah seperti ini?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...