Block MAC Address pakai SQUID + FREEBSD

Banyak pertanyaan mengenai blocking MAC address pake SQUID dan FreeBSD

berikut sedikit share pengalaman “HOW TO” compile SQUID featuring mac blocking

• Masuk ke direktory ports
• router-inherent# cd /usr/ports/www/squid

router-inherent# make config

aktifkan enable ARP ACL dan CARP

┌────────────────────────────────────────────────────────────────────┐
│                                         |               Options for squid 2.6.13                       │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2         Enable Web Cache Coordination Prot. v2                                     │ │
│ │[X] SQUID_STRICT_HTTP    Be strictly HTTP compliant                            │ │
│ │[X] SQUID_IDENT          Enable ident (RFC 931) lookups                        │ │
│ │[X] SQUID_REFERER_LOG    Enable Referer-header logging                  │ │
│ │[X] SQUID_USERAGENT_LOG  Enable User-Agent-header logging         │ │
│ │[X] SQUID_ARP_ACL        Enable ACLs based on ethernet address       │ │
│ │[X] SQUID_PF             Enable transparent proxying with PF                   │ │
│ │[X] SQUID_IPFILTER       Enable transp. proxying with IPFilter               │ │
│ │[X] SQUID_FOLLOW_XFF     Follow X-Forwarded-For headers               │ │
│ │[X] SQUID_ICAP           Enable ICAP client functionality                         │ │
│ │[X] SQUID_AUFS           Enable the aufs storage scheme                      │ │
│ │[X] SQUID_COSS           Enable the COSS storage scheme                   │ │
│ │[X] SQUID_KQUEUE         Use kqueue(2) instead of poll(2)                   │ │
│ │[X] SQUID_LARGEFILE      Support log and cache files >2GB                 │ │
│ │[X] SQUID_STACKTRACES    Create backtraces on fatal errors             │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│                       [  OK  ]       Cancel

• router-inherent# make && make install
• Tungguin sekitar 2 menit
• router-inherent# squid -z (Create cache direktori)
• Done…………………………….

Selamat mesin anda sudah berhasil mengaktifkan fitur mac address blocking       
tinggal atur configurasi akses list si squid di squid.conf

Ini COntoh konfig di Mesin Gue :

http_port 3128 transparent # Enable transparent PROXY
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255

=========================================================
### Trial Lempar cache via telkom, uncomment this to forward  via VSAT
#cache_peer 192.168.1.245     parent    3128  3130  default
… !!

CUTED…………….

… !!

## Tambahin acl untuk mac address

## Syntax  : acl  nama-acl arp mac-address-yang-mo-di-blok

acl MacSiBolang arp 00:18:F3:7E:BF:61  ## -> alamat arp mesti dipisahkan dengan tanda :

http_acccess deny MacSiBolang

========================================================

contoh diatas merupakan konfigurasi minimal yang bisa dipake :-)

atau kalo anda punya beberapa mac address yang perlu diblok bisa langsung dibuat di dalam satu file.

Misal :

router-inherent# vi /usr/local/etc/squid/macbbs.acl
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b       # 192.168.1.129 harid
00:18:f3:bf:de:6d       # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13       # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13       # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af       # 192.168.1.128 // lukman (ADM)

wq!

tinggal modif acl yang diarahkan ke file yang dicreate tadi

acl macbbs arp “/usr/local/etc/squid/macbbs.acl”

Jangan lupa tanda kutip ”  sebelum dan sesudah file config

trus reload dah squidnya

squid -k reload

Jika Salah mohon Maaf ya