Banyak pertanyaan mengenai blocking MAC address pake SQUID dan FreeBSD
berikut sedikit share pengalaman “HOW TO” compile SQUID featuring mac blocking
- Masuk ke direktory ports
- router-inherent# cd /usr/ports/www/squid
router-inherent# make config
aktifkan enable ARP ACL dan CARP┌────────────────────────────────────────────────────────────────────┐
│ Options for squid 2.6.13 │
│ ┌────^(-)────────────────────────────────────────────────────────┐ │
│ │[X] SQUID_WCCPV2 Enable Web Cache Coordination Prot. v2 │ │
│ │[X] SQUID_STRICT_HTTP Be strictly HTTP compliant │ │
│ │[X] SQUID_IDENT Enable ident (RFC 931) lookups │ │
│ │[X] SQUID_REFERER_LOG Enable Referer-header logging │ │
│ │[X] SQUID_USERAGENT_LOG Enable User-Agent-header logging │ │
│ │[X] SQUID_ARP_ACL Enable ACLs based on ethernet address │ │
│ │[X] SQUID_PF Enable transparent proxying with PF │ │
│ │[X] SQUID_IPFILTER Enable transp. proxying with IPFilter │ │
│ │[X] SQUID_FOLLOW_XFF Follow X-Forwarded-For headers │ │
│ │[X] SQUID_ICAP Enable ICAP client functionality │ │
│ │[X] SQUID_AUFS Enable the aufs storage scheme │ │
│ │[X] SQUID_COSS Enable the COSS storage scheme │ │
│ │[X] SQUID_KQUEUE Use kqueue(2) instead of poll(2) │ │
│ │[X] SQUID_LARGEFILE Support log and cache files >2GB │ │
│ │[X] SQUID_STACKTRACES Create backtraces on fatal errors │ │
├─└────────────────────────────────────────────────────────────────┘─┤
│ [ OK ] Cancel
- router-inherent# make && make install
- Tungguin sekitar 2 menit
- router-inherent# squid -z (Create cache direktori)
- Done…………………………….
Selamat mesin anda sudah berhasil mengaktifkan fitur mac address blocking
tinggal atur configurasi akses list si squid di squid.conf
Ini COntoh konfig di Mesin Gue :
http_port 3128 transparent # Enable transparent PROXY
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
=========================================================
### Trial Lempar cache via telkom, uncomment this to forward via VSAT
#cache_peer 192.168.1.245 parent 3128 3130 default
… !!
CUTED…………….
… !!
## Tambahin acl untuk mac address
## Syntax : acl nama-acl arp mac-address-yang-mo-di-blok
acl MacSiBolang arp 00:18:F3:7E:BF:61 ## -> alamat arp mesti dipisahkan dengan tanda :
http_acccess deny MacSiBolang
========================================================
contoh diatas merupakan konfigurasi minimal yang bisa dipake 🙂
atau kalo anda punya beberapa mac address yang perlu diblok bisa langsung dibuat di dalam satu file.
Misal :
router-inherent# vi /usr/local/etc/squid/macbbs.acl
00:18:F3:7E:BF:61
00:18:F3:7E:BF:62
00:08:c7:fa:30:0b # 192.168.1.129 harid
00:18:f3:bf:de:6d # 192.168.1.206 erik (tim redaksi)
00:0e:2e:33:5c:13 # 192.168.1.208 // Pak Komaruddin
00:0e:2e:33:5c:13 # 192.168.1.201 // Mba Fierda
00:0e:2e:33:9e:af # 192.168.1.128 // lukman (ADM)
wq!
tinggal modif acl yang diarahkan ke file yang dicreate tadi
acl macbbs arp “/usr/local/etc/squid/macbbs.acl”
Jangan lupa tanda kutip ” sebelum dan sesudah file config
trus reload dah squidnya
squid -k reload
YUps Beres,,,,,,,,,,,,,,,, Kalo anda masih penasaran bisa tinggalkan komentar dibawah ini