Sekedar berbagi, implementasi menggunakan Centos 5 + Squid + Shorewall 4.2.6 Pastikan squid dah berjalan normal, nanti kita akan coba set transparent proxy dengan bantuan Shorewall.
Pastikan ip forwarding sudah diset enable, "net.ipv4.ip_forward = 1" (/etc/sysctl.conf)
Download paket shorewall di http://www.shorewall.net bisa pake wget atau apapun yang penting source shorewall kita peroleh. Paket utama yakni shorewall-common dan shorewall-perl
Karena saya menggunakan source maka gunakan perintah dibawah ini untuk extract paketnya :
tar -jxf shorewall-common-4.6.2.tar.bz2 tar -jxf shorewall-perl-4.6.2.tar.bz2
dimasing-masing direktori hasil extract (folder shorewall-common-4.6.2 dan shorewall-perl-4.6.2) diatas, kita lakukan proses install dengan perintah (jangan lupa, masuk foldernya dulu):
./install.sh
Setelah terinstall, shorewall bisa kita set otomatis dijalankan pada saat Startup dengan melakukan editing /etc/shorewall/shorewall.conf dan rubah menjadi STARTUP_ENABLED=Yes.
Setelah, itu lakukan konfigurasi file-file shorewall :
1. /etc/shorewall/zone
#Zone Display Comments
fw firewall
net ipv4 #Internet
loc ipv4 #Local Networks
#LAST LINE – add your entries before this line – DO NOT REMOVE
2. /etc/shorewall/policy
#SOURCE ZONE DESTINATION ZONE POLICY LOGLEVEL LIMIT:BURST
fw net ACCEPT
loc net ACCEPT
net all DROP
all all REJECT
#LAST LINE – add your entries before this line – DO NOT REMOVE
3. /etc/shorewall/interface
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect blacklist
loc eth1 detect
#LAST LINE – add your entries before this line – DO NOT REMOVE
4. /etc/shorewall/masq
#INTERFACE SUBNET ADDRESS (eth0 ke internet, eth1 ke LAN jadi silakan disesuaikan)
eth0 eth1
#LAST LINE – add your entries before this line – DO NOT REMOVE
5. /etc/shorewall/rules
# Rule dari local ke mesin
# Terima koneksi dari DNS ( Port DNS 53 )
ACCEPT loc fw tcp 53
ACCEPT loc fw udp 53
# Terima proxy squid( transparent proxy port 3128 )
ACCEPT loc fw tcp 3128
ACCEPT loc fw tcp 8080
# Terima Koneksi Web port 80
ACCEPT loc fw tcp 80
# Terima koneksi ftp
ACCEPT loc fw tcp 20
ACCEPT loc fw tcp 21
# Terima koneksi untuk SSH
ACCEPT loc fw tcp 22
# Rule dari internet ke mesin router/gateway (centos)
# Terima koneksi DNS
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
# Terima koneksi SSH port 22
ACCEPT net fw tcp 22
# Terima koneksi web Port 80
ACCEPT net fw tcp 80
# Terima koneksi pop3, imap, smtp
ACCEPT net fw tcp 25,110,143
ACCEPT fw net tcp 25,110,143
ACCEPT loc fw tcp 25,110,143
ACCEPT loc net tcp 25,110,143
# Terima koneksi ping
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8
# Redirect request port 80 (http) ke port 3128 (squid, Squid transparent proxy, jangan lupa di squid diaktifkan opsi transparent)
REDIRECT loc 3128 tcp 80
Start shorewall menggunakan perintah :
shorewall start atau /etc/init.d/shorewall start
Selamat mencoba ..
Sumber : internet+pengalaman :)
![[Valid RSS]](images/valid-rss-rogers.png "Validate my RSS feed")
