berikut sedikit share pengalaman “HOW TO” compile SQUID featuring mac blocking
- Masuk ke direktory ports
- router-inherent# cd /usr/ports/www/squid
aktifkan enable ARP ACL dan CARP
┌────────────────────────────────────────────────────────────────────┐
│ | Options for squid 2.6.13 │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2 Enable Web Cache Coordination Prot. v2 │ │
│ │[X] SQUID_STRICT_HTTP Be strictly HTTP compliant │ │
│ │[X] SQUID_IDENT Enable ident (RFC 931) lookups │ │
│ │[X] SQUID_REFERER_LOG Enable Referer-header logging │ │
│ │[X] SQUID_USERAGENT_LOG Enable User-Agent-header logging │ │
│ │[X] SQUID_ARP_ACL Enable ACLs based on ethernet address │ │
│ │[X] SQUID_PF Enable transparent proxying with PF │ │
│ │[X] SQUID_IPFILTER Enable transp. proxying with IPFilter │ │
│ │[X] SQUID_FOLLOW_XFF Follow X-Forwarded-For headers │ │
│ │[X] SQUID_ICAP Enable ICAP client functionality │ │
│ │[X] SQUID_AUFS Enable the aufs storage scheme │ │
│ │[X] SQUID_COSS Enable the COSS storage scheme │ │
│ │[X] SQUID_KQUEUE Use kqueue(2) instead of poll(2) │ │
│ │[X] SQUID_LARGEFILE Support log and cache files >2GB │ │
│ │[X] SQUID_STACKTRACES Create backtraces on fatal errors │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│ [ OK ] Cancel
│ | Options for squid 2.6.13 │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2 Enable Web Cache Coordination Prot. v2 │ │
│ │[X] SQUID_STRICT_HTTP Be strictly HTTP compliant │ │
│ │[X] SQUID_IDENT Enable ident (RFC 931) lookups │ │
│ │[X] SQUID_REFERER_LOG Enable Referer-header logging │ │
│ │[X] SQUID_USERAGENT_LOG Enable User-Agent-header logging │ │
│ │[X] SQUID_ARP_ACL Enable ACLs based on ethernet address │ │
│ │[X] SQUID_PF Enable transparent proxying with PF │ │
│ │[X] SQUID_IPFILTER Enable transp. proxying with IPFilter │ │
│ │[X] SQUID_FOLLOW_XFF Follow X-Forwarded-For headers │ │
│ │[X] SQUID_ICAP Enable ICAP client functionality │ │
│ │[X] SQUID_AUFS Enable the aufs storage scheme │ │
│ │[X] SQUID_COSS Enable the COSS storage scheme │ │
│ │[X] SQUID_KQUEUE Use kqueue(2) instead of poll(2) │ │
│ │[X] SQUID_LARGEFILE Support log and cache files >2GB │ │
│ │[X] SQUID_STACKTRACES Create backtraces on fatal errors │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│ [ OK ] Cancel
- router-inherent# make && make install
- Tungguin sekitar 2 menit
- router-inherent# squid -z (Create cache direktori)
- Done…………………………….
Selamat mesin anda sudah berhasil mengaktifkan fitur mac address blocking
tinggal atur configurasi akses list si squid di squid.conf
tinggal atur configurasi akses list si squid di squid.conf
Ini COntoh konfig di Mesin Gue :
http_port 3128 transparent # Enable transparent PROXY
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
=========================================================
### Trial Lempar cache via telkom, uncomment this to forward via VSAT
#cache_peer 192.168.1.245 parent 3128 3130 default
… !!
### Trial Lempar cache via telkom, uncomment this to forward via VSAT
#cache_peer 192.168.1.245 parent 3128 3130 default
… !!
CUTED…………….
… !!
## Tambahin acl untuk mac address
## Syntax : acl nama-acl arp mac-address-yang-mo-di-blok
acl MacSiBolang arp 00:18:F3:7E:BF:61 ## -> alamat arp mesti dipisahkan dengan tanda :
http_acccess deny MacSiBolang
========================================================
contoh diatas merupakan konfigurasi minimal yang bisa dipake
atau kalo anda punya beberapa mac address yang perlu diblok bisa langsung dibuat di dalam satu file.
Misal :
router-inherent# vi /usr/local/etc/squid/macbbs.acl
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b # 192.168.1.129 harid
00:18:f3:bf:de:6d # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13 # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13 # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af # 192.168.1.128 // lukman (ADM)
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b # 192.168.1.129 harid
00:18:f3:bf:de:6d # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13 # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13 # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af # 192.168.1.128 // lukman (ADM)
wq!
tinggal modif acl yang diarahkan ke file yang dicreate tadi
acl macbbs arp “/usr/local/etc/squid/macbbs.acl”
Jangan lupa tanda kutip ” sebelum dan sesudah file config
trus reload dah squidnya
squid -k reload
Jika Salah mohon Maaf ya
No comments:
Post a Comment