klo squid Mati tiba2 kita bisa setting supaya mesin tidak transparent proxy
contoh script nya
================================================
#!/bin/bash
squid="$(/usr/bin/nmap localhost -p 3128 |grep 3128 |/usr/bin/awk '{print $2}')"
tanggal="$(date)"
if [ $squid = "open" ]; then
/bin/echo "$tanggal - SQUID PROXY OK ---> Status TransParent ON" >> /var/log/squid.log
/sbin/aruk2
elif [ $squid = "closed" ]; then
/bin/echo "$tanggal - SQUID PROXY DOWN ---> Status Transparent OFF " >> /var/log/squid.log
/sbin/nosquid
fi
fi
=============================================
/sbin/aruk2 <<< bersini scrip iptables transparent proxy
/sbin/nosquid <<< berisi scrip iptables tidak transparent proxy
Kamis, 22 Januari 2009
Rabu, 07 Januari 2009
DUET 2 ISP ... 1 ISP sebagai BackUP
Punya kasus ada satu warnet pake 2 koneksi 1 Speedy 1 lagi Melsa
kekurangan dan kelemahan dari kedua ISP
speedy >> speed nya OK cuma Penanganan nya JELEK
Melsa >> speed standar Penanganan OK
jadi cenderung koneksi stabil ialah melsa
muncul 1 ide.. gimana klo speedy jadi primari WAN dan melsa jadi Sekunder atau BACKUP
disini saya pake Linux Ubuntu Server
1. install ubuntu seperti biasa jangan lupa sshd dan lain lain
konfig eth nya
eth0 Link encap:Ethernet HWaddr 00:01:02:8f:0f:c1
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::201:2ff:fe8f:fc1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2193370 errors:0 dropped:0 overruns:0 frame:0
TX packets:2786485 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:424287396 (404.6 MB) TX bytes:2410923883 (2.2 GB)
Interrupt:19 Base address:0xa800
eth1 Link encap:Ethernet HWaddr 00:30:84:25:be:b9
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::230:84ff:fe25:beb9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2193783 errors:0 dropped:0 overruns:0 frame:0
TX packets:2756926 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1910186469 (1.7 GB) TX bytes:467332335 (445.6 MB)
Interrupt:18 Base address:0xe800
eth2 Link encap:Ethernet HWaddr 00:1e:90:d7:1c:af
inet addr:202.138.xxx.xx Bcast:202.138.240.255 Mask:255.255.255.0
inet6 addr: fe80::21e:90ff:fed7:1caf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:778204 errors:0 dropped:3 overruns:0 frame:10
TX packets:39090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:135081701 (128.8 MB) TX bytes:5685610 (5.4 MB)
Interrupt:23 Base address:0xe000
eth0 = lokal
eth1 = speedy
eth2 = melsa
modem speedy IP 192.168.1.1
modem melsa bridge
settingan nya normal seperti biasa
kita buat dulu konfig routing nya pake IPtables
root@siddiq:~# vi /sbin/firewal
#!/bin/sh
RULE=/sbin/iptables
PROXY=192.168.0.1:3128
/sbin/iptables --flush
/sbin/iptables -t nat --flush
/sbin/iptables -t mangle --flush
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
route add -net 125.163.0.0/16 gw 192.168.1.1
route add -net 202.138.224.0/19 gw 202.138.240.1
iptables -t nat -F && iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT - -to 202.138.240.42
/usr/sbin/named -u bind -c /etc/bind/named.conf
# B L O C K I N G F U C K I N G S T U F F
$RULE -A FORWARD -i eth0 -p tcp --sport 137:139 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 31337 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 12345:12346 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 20034 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 5742 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 40421 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 30303 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 6028 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 6888 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 61540 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 3306 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 161 -j DROP
# N A T D A E M O N F O R I N T R A N E T
$RULE -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
# T R A N S P A R A N T P R O X Y
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 8088 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 3128 -j DNAT --to $PROXY
jangan lupa di save dan di chmod
root@siddiq:~# chmod 777 /sbin/firewall
selanjutnya kita buat script otomatis
logika nya gini
scrip ini bekerja atau aktif setiap 30 detik jadi dia setiap 30 detik cek koneksi 2 ISP jika speedy nya DOWN dia akan otomatis pindah ke melsa
ok kita buat script nya
root@siddiq:~# vi /sbin/linkstat
#!/bin/bash
speedy="$(/usr/bin/fping 125.163.0.1 |/usr/bin/awk '{print $3}')"
melsa="$(/usr/bin/fping 202.138.240.1 |/usr/bin/awk '{print $3}')"
routestatus="$(/sbin/route -n |/usr/bin/tail -1 |/usr/bin/awk '{print $2}')"
tanggal="$(date)"
if [ $speedy = "alive" ]; then
if [ $routestatus = "192.168.1.1" ]; then
/bin/echo "$tanggal - link speedy OK default router OK" >> /dev/null
elif [ $routestatus = "202.138.240.1" ]; then
/bin/echo "$tanggal - Status ( link speedy UP route default masih ke melsa ) >>> kembalikan route default ke speedy" >> /var/log/linkstat
/sbin/speedy
/sbin/squidspeedy
fi
elif [ $speedy = "unreachable" ]; then
if [ $routestatus = "192.168.1.1" ]; then
/bin/echo "$tanggal - speedy mati default router ke speedy - pindahkan default route ke melsa" >> /var/log/linkstat
/sbin/melsa
/sbin/squidmelsa
elif [ $routestatus = "202.138.240.1" ]; then
/bin/echo "$tanggal - Status ( speedy DOWN default route sudah ke melsa - kondisi normal" >> /var/log/linkstat
fi
fi
di save dan jangan lupa di chmod 777
root@siddiq:~# chmod 777 /sbin/linkstat
di scipt tadi ada sub scrip lain
/sbin/speedy
/sbin/squidspeedy
/sbin/melsa
/sbin/squidmelsa
/sbin/speedy >>> isi nya
echo "" > /etc/resolv.conf
echo "nameserver 203.130.196.5" >> /etc/resolv.conf
echo "nameserver 203.130.196.6" >> /etc/resolv.conf
route del default gw 202.138.240.1
route add default gw 192.168.1.1
/sbin/melsa
echo "" > /etc/resolv.conf
echo "domain melsa.net.id" >> /etc/resolv.conf
echo "nameserver 202.138.224.2" >> /etc/resolv.conf
echo "nameserver 202.138.224.4" >> /etc/resolv.conf
route del default gw 192.168.1.1
route add default gw 202.138.240.1
Bwat Squid
/sbin/squidspeedy
/usr/bin/killall squid
/usr/bin/killall squid
/bin/rm /etc/squid/squid.conf
/bin/cp /etc/squid/squid.speedy /etc/squid/squid.conf
/usr/sbin/squid -z
/usr/sbin/squid -D
/sbin/squidmelsa
/usr/bin/killall squid
/usr/bin/killall squid
/bin/rm /etc/squid/squid.conf
/bin/cp /etc/squid/squid.melsa /etc/squid/squid.conf
/usr/sbin/squid -z
/usr/sbin/squid -D
File /etc/squid/squid.melsa san /etc/squid/squid.speedy hanya du rubah DNS nya saja
karena crontab tidak bisa cron 30 detik
maka di buat scrip
root@siddiq:~# vi /sbin/siddiq.sh
#!/bin/bash
n=0
while [ $n -lt 10 ]; do
/sbin/linkstat
sleep 30
done
supaya script jalan tiap nge restart
root@siddiq:~# vi /etc/rc3.d/S99rc.local
sisipkan
/sbin/firewall
/sbin/siddiq.sh &
BEres
kekurangan dan kelemahan dari kedua ISP
speedy >> speed nya OK cuma Penanganan nya JELEK
Melsa >> speed standar Penanganan OK
jadi cenderung koneksi stabil ialah melsa
muncul 1 ide.. gimana klo speedy jadi primari WAN dan melsa jadi Sekunder atau BACKUP
disini saya pake Linux Ubuntu Server
1. install ubuntu seperti biasa jangan lupa sshd dan lain lain
konfig eth nya
eth0 Link encap:Ethernet HWaddr 00:01:02:8f:0f:c1
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::201:2ff:fe8f:fc1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2193370 errors:0 dropped:0 overruns:0 frame:0
TX packets:2786485 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:424287396 (404.6 MB) TX bytes:2410923883 (2.2 GB)
Interrupt:19 Base address:0xa800
eth1 Link encap:Ethernet HWaddr 00:30:84:25:be:b9
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::230:84ff:fe25:beb9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2193783 errors:0 dropped:0 overruns:0 frame:0
TX packets:2756926 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1910186469 (1.7 GB) TX bytes:467332335 (445.6 MB)
Interrupt:18 Base address:0xe800
eth2 Link encap:Ethernet HWaddr 00:1e:90:d7:1c:af
inet addr:202.138.xxx.xx Bcast:202.138.240.255 Mask:255.255.255.0
inet6 addr: fe80::21e:90ff:fed7:1caf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:778204 errors:0 dropped:3 overruns:0 frame:10
TX packets:39090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:135081701 (128.8 MB) TX bytes:5685610 (5.4 MB)
Interrupt:23 Base address:0xe000
eth0 = lokal
eth1 = speedy
eth2 = melsa
modem speedy IP 192.168.1.1
modem melsa bridge
settingan nya normal seperti biasa
kita buat dulu konfig routing nya pake IPtables
root@siddiq:~# vi /sbin/firewal
#!/bin/sh
RULE=/sbin/iptables
PROXY=192.168.0.1:3128
/sbin/iptables --flush
/sbin/iptables -t nat --flush
/sbin/iptables -t mangle --flush
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
route add -net 125.163.0.0/16 gw 192.168.1.1
route add -net 202.138.224.0/19 gw 202.138.240.1
iptables -t nat -F && iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -j SNAT - -to 202.138.240.42
/usr/sbin/named -u bind -c /etc/bind/named.conf
# B L O C K I N G F U C K I N G S T U F F
$RULE -A FORWARD -i eth0 -p tcp --sport 137:139 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 31337 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 12345:12346 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 20034 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 5742 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 40421 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 30303 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 6028 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 6888 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 61540 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 3306 -j DROP
$RULE -A FORWARD -i eth0 -p udp --sport 161 -j DROP
# N A T D A E M O N F O R I N T R A N E T
$RULE -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
# T R A N S P A R A N T P R O X Y
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 8088 -j DNAT --to $PROXY
$RULE -t nat -A PREROUTING -p tcp -i eth0 --dport 3128 -j DNAT --to $PROXY
jangan lupa di save dan di chmod
root@siddiq:~# chmod 777 /sbin/firewall
selanjutnya kita buat script otomatis
logika nya gini
scrip ini bekerja atau aktif setiap 30 detik jadi dia setiap 30 detik cek koneksi 2 ISP jika speedy nya DOWN dia akan otomatis pindah ke melsa
ok kita buat script nya
root@siddiq:~# vi /sbin/linkstat
#!/bin/bash
speedy="$(/usr/bin/fping 125.163.0.1 |/usr/bin/awk '{print $3}')"
melsa="$(/usr/bin/fping 202.138.240.1 |/usr/bin/awk '{print $3}')"
routestatus="$(/sbin/route -n |/usr/bin/tail -1 |/usr/bin/awk '{print $2}')"
tanggal="$(date)"
if [ $speedy = "alive" ]; then
if [ $routestatus = "192.168.1.1" ]; then
/bin/echo "$tanggal - link speedy OK default router OK" >> /dev/null
elif [ $routestatus = "202.138.240.1" ]; then
/bin/echo "$tanggal - Status ( link speedy UP route default masih ke melsa ) >>> kembalikan route default ke speedy" >> /var/log/linkstat
/sbin/speedy
/sbin/squidspeedy
fi
elif [ $speedy = "unreachable" ]; then
if [ $routestatus = "192.168.1.1" ]; then
/bin/echo "$tanggal - speedy mati default router ke speedy - pindahkan default route ke melsa" >> /var/log/linkstat
/sbin/melsa
/sbin/squidmelsa
elif [ $routestatus = "202.138.240.1" ]; then
/bin/echo "$tanggal - Status ( speedy DOWN default route sudah ke melsa - kondisi normal" >> /var/log/linkstat
fi
fi
di save dan jangan lupa di chmod 777
root@siddiq:~# chmod 777 /sbin/linkstat
di scipt tadi ada sub scrip lain
/sbin/speedy
/sbin/squidspeedy
/sbin/melsa
/sbin/squidmelsa
/sbin/speedy >>> isi nya
echo "" > /etc/resolv.conf
echo "nameserver 203.130.196.5" >> /etc/resolv.conf
echo "nameserver 203.130.196.6" >> /etc/resolv.conf
route del default gw 202.138.240.1
route add default gw 192.168.1.1
/sbin/melsa
echo "" > /etc/resolv.conf
echo "domain melsa.net.id" >> /etc/resolv.conf
echo "nameserver 202.138.224.2" >> /etc/resolv.conf
echo "nameserver 202.138.224.4" >> /etc/resolv.conf
route del default gw 192.168.1.1
route add default gw 202.138.240.1
Bwat Squid
/sbin/squidspeedy
/usr/bin/killall squid
/usr/bin/killall squid
/bin/rm /etc/squid/squid.conf
/bin/cp /etc/squid/squid.speedy /etc/squid/squid.conf
/usr/sbin/squid -z
/usr/sbin/squid -D
/sbin/squidmelsa
/usr/bin/killall squid
/usr/bin/killall squid
/bin/rm /etc/squid/squid.conf
/bin/cp /etc/squid/squid.melsa /etc/squid/squid.conf
/usr/sbin/squid -z
/usr/sbin/squid -D
File /etc/squid/squid.melsa san /etc/squid/squid.speedy hanya du rubah DNS nya saja
karena crontab tidak bisa cron 30 detik
maka di buat scrip
root@siddiq:~# vi /sbin/siddiq.sh
#!/bin/bash
n=0
while [ $n -lt 10 ]; do
/sbin/linkstat
sleep 30
done
supaya script jalan tiap nge restart
root@siddiq:~# vi /etc/rc3.d/S99rc.local
sisipkan
/sbin/firewall
/sbin/siddiq.sh &
BEres
Langganan:
Postingan (Atom)
