Home > Old Post dari Unilanet > Block MAC Address FREEBSD+SQUID 2.6.xx

Block MAC Address FREEBSD+SQUID 2.6.xx


Banyak pertanyaan mengenai blocking MAC address pake SQUID dan FreeBSD

berikut sedikit share pengalaman “HOW TO” compile SQUID featuring mac blocking

  • Masuk ke direktory ports
  • router-inherent# cd /usr/ports/www/squid

router-inherent# make config

aktifkan enable ARP ACL dan CARP┌────────────────────────────────────────────────────────────────────┐
│                     Options for squid 2.6.13                       │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2         Enable Web Cache Coordination Prot. v2 │ │
│ │[X] SQUID_STRICT_HTTP    Be strictly HTTP compliant             │ │
│ │[X] SQUID_IDENT          Enable ident (RFC 931) lookups         │ │
│ │[X] SQUID_REFERER_LOG    Enable Referer-header logging          │ │
│ │[X] SQUID_USERAGENT_LOG  Enable User-Agent-header logging       │ │
│ │[X] SQUID_ARP_ACL        Enable ACLs based on ethernet address  │ │
│ │[X] SQUID_PF             Enable transparent proxying with PF    │ │
│ │[X] SQUID_IPFILTER       Enable transp. proxying with IPFilter  │ │
│ │[X] SQUID_FOLLOW_XFF     Follow X-Forwarded-For headers         │ │
│ │[X] SQUID_ICAP           Enable ICAP client functionality       │ │
│ │[X] SQUID_AUFS           Enable the aufs storage scheme         │ │
│ │[X] SQUID_COSS           Enable the COSS storage scheme         │ │
│ │[X] SQUID_KQUEUE         Use kqueue(2) instead of poll(2)       │ │
│ │[X] SQUID_LARGEFILE      Support log and cache files >2GB       │ │
│ │[X] SQUID_STACKTRACES    Create backtraces on fatal errors      │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│                       [  OK  ]       Cancel

 

  • router-inherent# make && make install
  • Tungguin sekitar 2 menit
  • router-inherent# squid -z (Create cache direktori)
  • Done…………………………….

Selamat mesin anda sudah berhasil mengaktifkan fitur mac address blockingCool Cool Cool Cool
tinggal atur configurasi akses list si squid di squid.conf

Ini COntoh konfig di Mesin Gue :

 

http_port 3128 transparent # Enable transparent PROXY
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255

=========================================================
### Trial Lempar cache via telkom, uncomment this to forward  via VSAT
#cache_peer 192.168.1.245     parent    3128  3130  default
… !!

CUTED…………….

… !!

## Tambahin acl untuk mac address

## Syntax  : acl  nama-acl arp mac-address-yang-mo-di-blok

acl MacSiBolang arp 00:18:F3:7E:BF:61  ## -> alamat arp mesti dipisahkan dengan tanda :

http_acccess deny MacSiBolang

========================================================

contoh diatas merupakan konfigurasi minimal yang bisa dipake🙂

 

atau kalo anda punya beberapa mac address yang perlu diblok bisa langsung dibuat di dalam satu file.

Misal :

router-inherent# vi /usr/local/etc/squid/macbbs.acl
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b       # 192.168.1.129 harid
00:18:f3:bf:de:6d       # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13       # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13       # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af       # 192.168.1.128 // lukman (ADM)

wq!

tinggal modif acl yang diarahkan ke file yang dicreate tadi

acl macbbs arp “/usr/local/etc/squid/macbbs.acl”

Jangan lupa tanda kutip ”  sebelum dan sesudah file config

trus reload dah squidnya

squid -k reload

 

 

YUps Beres,,,,,,,,,,,,,,,,  Kalo anda masih penasaran bisa tinggalkan komentar dibawah ini

 

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: