kolom bro

Thursday, 11 June 2015

Block MAC Address pakai SQUID + FREEBSD


Banyak pertanyaan mengenai blocking MAC address pake SQUID dan FreeBSD
berikut sedikit share pengalaman “HOW TO” compile SQUID featuring mac blocking
  • Masuk ke direktory ports
  • router-inherent# cd /usr/ports/www/squid


router-inherent# make config
aktifkan enable ARP ACL dan CARP
┌────────────────────────────────────────────────────────────────────┐
│                                         |               Options for squid 2.6.13                       │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2         Enable Web Cache Coordination Prot. v2                                     │ │
│ │[X] SQUID_STRICT_HTTP    Be strictly HTTP compliant                            │ │
│ │[X] SQUID_IDENT          Enable ident (RFC 931) lookups                        │ │
│ │[X] SQUID_REFERER_LOG    Enable Referer-header logging                  │ │
│ │[X] SQUID_USERAGENT_LOG  Enable User-Agent-header logging         │ │
│ │[X] SQUID_ARP_ACL        Enable ACLs based on ethernet address       │ │
│ │[X] SQUID_PF             Enable transparent proxying with PF                   │ │
│ │[X] SQUID_IPFILTER       Enable transp. proxying with IPFilter               │ │
│ │[X] SQUID_FOLLOW_XFF     Follow X-Forwarded-For headers               │ │
│ │[X] SQUID_ICAP           Enable ICAP client functionality                         │ │
│ │[X] SQUID_AUFS           Enable the aufs storage scheme                      │ │
│ │[X] SQUID_COSS           Enable the COSS storage scheme                   │ │
│ │[X] SQUID_KQUEUE         Use kqueue(2) instead of poll(2)                   │ │
│ │[X] SQUID_LARGEFILE      Support log and cache files >2GB                 │ │
│ │[X] SQUID_STACKTRACES    Create backtraces on fatal errors             │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│                       [  OK  ]       Cancel

  • router-inherent# make && make install
  • Tungguin sekitar 2 menit
  • router-inherent# squid -z (Create cache direktori)
  • Done…………………………….
Selamat mesin anda sudah berhasil mengaktifkan fitur mac address blocking    Cool Cool Cool Cool
tinggal atur configurasi akses list si squid di squid.conf
Ini COntoh konfig di Mesin Gue :

http_port 3128 transparent # Enable transparent PROXY
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
=========================================================
### Trial Lempar cache via telkom, uncomment this to forward  via VSAT
#cache_peer 192.168.1.245     parent    3128  3130  default
… !!
CUTED…………….
… !!
## Tambahin acl untuk mac address
## Syntax  : acl  nama-acl arp mac-address-yang-mo-di-blok
acl MacSiBolang arp 00:18:F3:7E:BF:61  ## -> alamat arp mesti dipisahkan dengan tanda :
http_acccess deny MacSiBolang
========================================================
contoh diatas merupakan konfigurasi minimal yang bisa dipake :-)

atau kalo anda punya beberapa mac address yang perlu diblok bisa langsung dibuat di dalam satu file.
Misal :
router-inherent# vi /usr/local/etc/squid/macbbs.acl
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b       # 192.168.1.129 harid
00:18:f3:bf:de:6d       # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13       # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13       # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af       # 192.168.1.128 // lukman (ADM)
wq!
tinggal modif acl yang diarahkan ke file yang dicreate tadi
acl macbbs arp “/usr/local/etc/squid/macbbs.acl
Jangan lupa tanda kutip ”  sebelum dan sesudah file config
trus reload dah squidnya
squid -k reload

Jika Salah mohon Maaf ya      Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool Cool 

No comments:

Post a Comment