sorry this is the msg :========ERRORThe requested URL could not be retrieved While trying to retrieve the URL: http://riset.gpi-g.com/ The following error was encountered: * Connection to 202.169.51.119 Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is mirza.k@xxxxxxxxxx====== On Fri, Sep 26, 2008 at 10:28 AM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░<mirza.k@xxxxxxxxx> wrote:> from http://amyhost.com/data/1.jpg> and ...> #logformat squid %>a [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh> http_port 2210 transparent> icp_port 3130> snmp_port 3401> cache_mgr admin> emulate_httpd_log off> #cache_peer ip.sumber.squid parent 3128 3130 proxy-only> #cache_peer ip.yang.numpang sibling 3128 3130 proxy-only> #cache_peer 192.168.1.253 sibling 2210 3130 proxy-only> #cache_peer it.gpi-g.com parent 2210 0 no-query default> #cache_peer 202.169.51.119 parent 2210 0 no-query no-digest> no-netdb-exchange default> #cache_peer 125.160.0.0/255.255.0.0 sibling 2210 3130 proxy-only> #cache_peer 202.182.0.0/255.255.0.0 sibling 2210 3130 proxy-only> #cache_peer 203.128.72.226/255.255.255.255 sibling 2210 3130 proxy-only> cache_replacement_policy heap LFUDA> maximum_object_size_in_memory 50 KB> maximum_object_size 50 MB> #minimum_object_size 1 KB>> dead_peer_timeout 10 seconds> acl QUERY urlpath_regex cgi-bin \?> no_cache deny QUERY> visible_hostname gpi-g.com> cache_mem 5 MB> memory_pools off> log_icp_queries on> buffered_logs on> quick_abort_min 0 KB> quick_abort_max 0 KB> quick_abort_pct 95>> #never_direct allow all>> cache_swap_low 70%> cache_swap_high 90%> #cache_dir aufs /var/spool/squid 40000 16 256> cache_dir aufs /var/spool/squid 4000 16 256> cache_dir aufs /var/spool/squid1 4000 16 256> cache_dir aufs /var/spool/squid2 4000 16 256> cache_dir aufs /var/spool/squid3 4000 16 256>> #cache_dir diskd /var/spool/squid 4800 8 64 max-size=-1 Q1=64 Q2=72>> cache_access_log /var/log/squid/access.log> cache_log /var/log/squid/cache.log> cache_store_log /var/log/squid/store.log> pid_filename /var/run/squid.pid>> forwarded_for on>> half_closed_clients off> cache_effective_user proxy> cache_effective_group proxy> cache_mgr mirza.k@xxxxxxxxx>> refresh_pattern ^ftp: 1440 20% 10080> refresh_pattern ^gopher: 1440 0% 1440> refresh_pattern . 0 20% 4320>> acl website dstdomain "/etc/website"> acl domain dstdomain .gpi-g.com> acl gator dstdomain .gator.com> acl gohip dstdomain .gohip.com> acl kazaa dstdomain .kazaa.com> acl real dstdomain .real.com> acl pornsite url_regex 220.73.222.254> acl LAN src 192.168.222.0/255.255.255.0> acl LAN3 src 192.168.0.0/255.255.0.0> acl LAN2 src 172.16.0.0/255.255.0.0> acl NOC src 125.160.0.0/255.255.0.0> #acl GPI src 202.169.51.0/255.255.255.0> acl snmpcommunity snmp_community nama_snmpcommunity> acl all src 0.0.0.0/0.0.0.0> #acl IIX dst_as 7597> #always_direct allow IIX> acl manager proto cache_object> acl localhost src 127.0.0.1> acl SSL_ports port 443 563> acl Safe_ports port 21 80 81 53 143 2443 443 563 70 210 1025-65535> acl Safe_ports port 280> acl Safe_ports port 488> acl Safe_ports port 591> acl Safe_ports port 777> acl CONNECT method CONNECT>> #acl INSIDE dstdomain .it.gpi-g.com> #always_direct allow INSIDE> #never_direct allow all>> #acl INSIDE_IP dst 172.16.0.2> #always_direct allow INSIDE_IP> #never_direct allow all>> #header_access User-Agent deny all> #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha)> #follow_x_forwarded_for allow localhost> #log_uses_indirect_client on> #acl_uses_indirect_client on> #delay_pool_uses_indirect_client on> acl acceleratedHost dst 202.169.51.0/255.255.255.0> acl acceleratedPort port 2210> #httpd_accel_single_host off>> http_access allow manager localhost LAN LAN3> http_access deny !Safe_ports> http_access deny pornsite> http_access deny CONNECT !SSL_ports> snmp_access allow snmpcommunity>> http_access deny website> http_access deny gator> http_access deny gohip> http_access deny real> http_access deny kazaa> http_access allow domain>>> http_access allow LAN> http_access allow LAN3> http_access allow LAN2> http_access allow NOC> #http_access allow GPI> http_access allow localhost> http_access allow acceleratedHost> http_access deny all> snmp_access deny all>> httpd_accel_host virtual> httpd_accel_port 80> httpd_accel_with_proxy on> httpd_accel_uses_host_header on> cachemgr_passwd nasigoreng manager> negative_ttl 1 minutes>> ####> #acl local-host src 192.168.222.2> #acl my_other_proxy src 192.168.222.2> #follow_x_forwarded_for allow local-host> #follow_x_forwarded_for allow my_other_proxy> #acl_uses_indirect_client on> #delay_pool_uses_indirect_client on> #log_uses_indirect_client on>>> ===> with rc.local :> echo "1" > /proc/sys/net/ipv4/ip_forward> /etc/init.d/networking restart> #-----------------------------------------------------> # eth0 = WAN1 = 202.169.51.119> # eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER -> sementara simulai hanya mailserver )> # eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER - sementara di> simulai PROXY SERVER = CLIENT )> #------------------------------------------------------>> # Tukang sapu> /sbin/iptables --flush> /sbin/iptables --table nat --flush> /sbin/iptables --delete-chain> /sbin/iptables --table nat --delete-chain> /sbin/iptables -F -t nat>> # masqurade> /sbin/iptables --table nat --append POSTROUTING --out-interface eth0> -j MASQUERADE> /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT>> # Jembatan gantung DMZ <=> LAN> iptables -A FORWARD -i eth2 -o eth1 -m state --state> NEW,ESTABLISHED,RELATED -j ACCEPT> iptables -A FORWARD -i eth1 -o eth2 -m state --state> ESTABLISHED,RELATED -j ACCEPT>> # Jembatan gantung DMZ <=> Mail Server & Webserver> iptables -A FORWARD -i eth1 -o eth0 -m state --state> ESTABLISHED,RELATED -j ACCEPT> iptables -A FORWARD -i eth0 -o eth1 -m state --state> NEW,ESTABLISHED,RELATED -j ACCEPT>> # Jembatan gantung WAN1 <=> LAN> iptables -A FORWARD -i eth2 -o eth0 -m state --state> ESTABLISHED,RELATED -j ACCEPT> iptables -A FORWARD -i eth0 -o eth2 -m state --state> NEW,ESTABLISHED,RELATED -j ACCEPT>> ## Forward port 25 ke mail server> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d> 202.169.51.119 --dport 25 -j DNAT --to-destination 172.16.0.2>> ## Forward port 80 ke mail server> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d> 202.169.51.119 --dport 80 -j DNAT --to-destination 172.16.0.2>> ## Forward port 80 ke HRD> #iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.120> --dport 80 -j DNAT --to-destination 172.16.0.4>>>> #### TEST> iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.119 -j DNAT> --to-destination 172.16.0.2> #iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.120 -j DNAT> --to-destination 172.16.0.4> ########>>> ## Forward port 110 ke mail server> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d> 202.169.51.119 --dport 110 -j DNAT --to-destination 172.16.0.2>> ## Forward port 2810 ke mail server> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d> 202.169.51.119 --dport 2810 -j DNAT --to-destination 172.16.0.2> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d> 202.169.51.119 --dport 4810 -j DNAT --to-destination 172.16.0.3>>> ## REDIRECT> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT> --to-port 8080>> #transparant proxy - WARNING INI SEMENTARA - LIHAT eth2> /sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp -s> 192.168.222.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.222.2:2210> =======================================>> problem :> i cant browse domain that hosted at webserver ( 172.16.0.3 - at the> picture that is wrong ip - the correct one is 172.16.0.3 )>> how to solved this>> access denied>> --> -=-=-=-=> -- -=-=-=-=
