Konfigurasi squid

Installasi squid

#install squid 5 menit only :D

[root@codar ~]# yum install squid

tunggu sampe system selesai menginstall otomatis

setelah installasi selesai, saat nya untuk mengkonfigurasi squid di squid.conf

[root@codar ~]# vi /etc/squid/squid.conf

--contoh konfigurasi squid—

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUER

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

access_log /var/log/squid/access.log squid

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl net src 192.168.0.0/24

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow net

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all

http_reply_access allow all

icp_access allow all

visible_hostname codar

coredump_dir /var/spool/squid

*setelah pengkonfigurasian selesai, jangan lupa untuk di save dengan perintah :wq! [enter]

coba sekarang kita jalankan squid

[root@codar ~]#squid –z

[root@codar ~]#/etc/init.d/squid start

lihat status squid

[root@codar ~]#/etc/init.d/squid status

untuk transparent proxy tolong perhatikan dibawah ini

# TAG: http_port

http_port 3128 transparent

# TAG: always_direct

always_direct allow all

#untuk bagian acl :

acl codar src 192.168.0.1/255.255.255.0

http_access allow codar

==================================================

Untuk di Iptables

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128

-A POSTROUTING -o eth0 -j MASQUERADE

*restart iptables

=========================================================================

# ngeblock mac address client

[root@codar ~]#arp < ---- liat mac address

>>tambahkan command di filter firewall

[root@codar ~]# vim /etc/sysconfig/iptables

-A FORWARD -i eth1 -m mac --mac-source 00:50:EB:04:2D:31 -j DROP

# ngeliat program yg sedang jalan [task manager]

[root@codar ~]#ps -ax