Kamis, 11 September 2008

Redirect Mikrotik ke SquidBox

Translasi dari command ip-tables pada linux ke mikrotik (sumber command syntax linux dari : http://tldp.org/HOWTO/TransparentProxy-6.html)

Method pertama :

  • iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp –dport 80 -j DNAT –to squid-box:3128
  • iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT –to iptables-box
  • iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp –dport 3128 -j ACCEPT

Spesifikasi :

  • Squid Box : 192.168.1.1, Mikrotik: 192.168.1.254
  • Mikrotik versi 2.9.27
  • LAN : ether1, Internet : ether2

Translasi ke mikrotik method pertama :

  • Pada table NAT :
    • tambahkan dst-nat, src-address = !192.168.1.1 protocol=tcp dst-port=80 in-interface=ether1 action=dstnat to-addresses=192.168.1.1 to-port=3128
    • tambahkan src-nat, src-address=192.168.1.0/24 out-interface=ether1 action=srcnat to-addresses=192.168.1.254 to-port=0-65535
    • tambahkan filter rules chain=forward src-address=192.168.1.0/24 dst-address=192.168.1.1 dst-port=3128 in-interface=ether1 out-interface=ether2 action=accept

Method kedua :

  • iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s squid-box
  • iptables -t mangle -A PREROUTING -j MARK –set-mark 3 -p tcp –dport 80
  • ip rule add fwmark 3 table 2
  • ip route add default via squid-box dev eth1 table 2
  • Next, squid-box. Use this command, which should look remarkably similar to a command we’ve seen previously.
  • iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

Translasi ke mikrotik method kedua :

  • Pada table mangle, tambahkan chain=prerouting protocol=tcp dst-port=80 action=mark routing new routing mark=mark80
  • Pada table filter, tambahkan chain=forward routing mark=mark80 action=accept
  • Pada IP-Route, tambahkan destination=0.0.0.0/0 gateway=192.168.1.1 mark=mark80 distance=1 interface=ether1
  • Untuk di Squid Box silakan sesuai dengan firewall yang anda gunakan, saya menggunakan shorewall, cukup menambahkan di file /etc/shorewall/ruless -> REDIRECT local 3128 tcp www - !192.168.1.1

data sub:
-----------------------------------------------------------------------------------
http://cangkirkopi.wordpress.com/2007/07/30/redirect-mikrotik-ke-squidbox/

Label:

Diposting : yudhadewa di 16.17.00  

0 coment-ar:

Posting Komentar

Langganan: Posting Komentar (Atom)