{"id":863,"date":"2011-07-08T08:40:11","date_gmt":"2011-07-08T08:40:11","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=863"},"modified":"2012-08-08T00:11:00","modified_gmt":"2012-08-08T00:11:00","slug":"freebsd-squid-enable-ipv6-forwarding-request-from-ipv4-client","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/07\/08\/freebsd-squid-enable-ipv6-forwarding-request-from-ipv4-client\/","title":{"rendered":"FreeBSD – Squid enable IPv6 forwarding request from IPv4 Client"},"content":{"rendered":"

Sesuai dengan judul diatas, kali ini saya berkesempatan untuk menulis dokumentasi\u00a0 bagaimana agar mesin proxy kita bisa meneruskan paket-paket traffik IPv6 dari address client yang masih menggunakan alamat IPv4. baca lebih lanjut untuk mengetahuinya.<\/p>\n

Prasyarat mutlak dan harus dipenuhi adalah mesin proxy sudah terlebih dulu tersambung ke jaringan global IPv6 Dunia, jika anda tidak memiliki alokasi IPv6 jangan khawatir metode dual stack dengan tunneling bisa menjadi alternatif solusi, ringkasnya silahkan langsung baca tulisan saya berikut http:\/\/gigihfordanama.wordpress.com\/2011\/06\/16\/ipv6-create-bgp-tunnel-to-hurricane-electric-on-freebsd-with-quagga\/<\/a> atau pada link ini\u00a0 http:\/\/gigihfordanama.wordpress.com\/2011\/03\/31\/tunneling-ipv6-with-ubuntu-linux-behind-nat-why-not\/<\/a> , jika anda sudah masuk kelevel seperti tulisan saya tadi artinya anda sudah sukses masuk ke Jaringan Global IPv6. dibuktikan dengan query traceroute ke arah host IPv6, seperti dibawah ;<\/p>\n

unila-inherent-gtw# traceroute6 ipv6.google.com<\/strong>\n traceroute6 to ipv6.l.google.com (2404:6800:800b::69) from 2001:470:18:aa7::2, 64 hops max, 12 byte packets<\/em>\n  1\u00a0 2001:470:18:aa7::1\u00a0 71.562 ms\u00a0 71.297 ms\u00a0 73.929 ms<\/em>\n  2\u00a0 gige-g3-13.core1.hkg1.he.net\u00a0 73.838 ms\u00a0 68.810 ms\u00a0 69.192 ms<\/em>\n  3\u00a0 google3-10G.hkix.net\u00a0 71.065 ms\u00a0 141.767 ms\u00a0 71.811 ms<\/em>\n  4\u00a0 2001:4860::1:0:1063\u00a0 81.185 ms\u00a0 73.436 ms 2001:4860::1:0:16\u00a0 71.319 ms<\/em>\n  5\u00a0 2001:4860::1:0:9d0\u00a0 107.941 ms 2001:4860::1:0:3c0\u00a0 108.609 ms\u00a0 108.584 ms<\/em>\n  6\u00a0 2001:4860::2:0:3c6\u00a0 109.112 ms\u00a0 107.904 ms\u00a0 107.334 ms<\/em>\n  7\u00a0 2001:4860:0:1::25b\u00a0 108.377 ms\u00a0 113.902 ms 2001:4860:0:1::257\u00a0 120.058 ms<\/em>\n  8\u00a0 2404:6800:800b::69\u00a0 107.642 ms\u00a0 107.402 ms\u00a0 107.161 ms<\/em>\n unila-inherent-gtw#<\/strong><\/pre>\n
Apabila anda ingin check keberadaan host IPv6 anda, silahkan trace dari http:\/\/lg.unila.ac.id <\/a>yang juga menyediakan query tool untuk alamat IPv4\/IPv6. OK sampe disini asumsinya bahwa tidak ada masalah untuk me-reach network IPv6 via tunneling. lanjut ke tahapan selanjutnya adalah kita menginstall software proxy dengan fitur enable IPv6, saat ini software proxy terpopuler dan gratis serta support IPv6 adalah squid.<\/p>\n
Installing squid:<\/strong><\/p>\n
Requirement,<\/p>\n
PC\/Server high end apabila melayani user cukup banyak, jika di warnet kelas PC biasa sudah cukup,<\/p>\n
unila-inherent-gtw# sysctl -a | grep model<\/strong>\n hw.model: Intel(R) Xeon(TM) CPU 3.00GHz\n unila-inherent-gtw# sysctl -a | grep mem<\/strong>\n hw.realmem: 3221020672\n unila-inherent-gtw#<\/strong><\/pre>\n
Yah saya memiliki server dengan processor Xeon 3.00 GHz, dan memory 3 G, cukuplah untuk melayani user 1 kampus \ud83d\ude00<\/p>\n
Next-adalah instalasi software proxy squid (ingat untuk gunakan versi 3.0 keatas karena support IPv6)<\/p>\n
unila-inherent-gtw# cd \/usr\/ports\/www\/squid31\/<\/em>\n unila-inherent-gtw# make config<\/em>\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n \u2502\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Options for squid 3.1.14\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2502\n \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n \u2502 \u2502[X]<\/strong> SQUID_KERB_AUTH\u00a0\u00a0\u00a0\u00a0\u00a0 Install Kerberos authentication helpers\n \u2502 \u2502[X] <\/strong>SQUID_LDAP_AUTH\u00a0\u00a0\u00a0\u00a0\u00a0 Install LDAP authentication helpers\u00a0\u00a0\u00a0\u00a0\n \u2502 \u2502[X] <\/strong>SQUID_NIS_AUTH\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Install NIS\/YP authentication helpers\u00a0\u00a0\n \u2502 \u2502[ ]\u00a0 <\/strong>SQUID_SASL_AUTH\u00a0\u00a0\u00a0\u00a0\u00a0 Install SASL authentication helpers\u00a0\u00a0\u00a0\u00a0\n \u2502 \u2502[X] SQUID_IPV6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Enable IPv6 support\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/strong>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\n \u2502 \u2502[X] <\/strong>SQUID_DELAY_POOLS\u00a0\u00a0\u00a0 Enable delay pools\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \n \u2502 \u2502[X] <\/strong>SQUID_SNMP\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Enable SNMP support\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \n \u2502 \u2502[ ] <\/strong>SQUID_SSL\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Enable SSL support for reverse proxies\u00a0\u00a0 \n \u2502 \u2502[ ] <\/strong>SQUID_PINGER\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Install the icmp helper<\/pre>\n
Pastikan bahwa anda sudah mencheck list Enable IPv6 support<\/strong> (Ingaa..Ingaa…Ingaa.. Tiiing…)<\/p>\n
unila-inherent-gtw# make install<\/strong><\/em>\n ===>\u00a0 Vulnerability check disabled, database not found\n ===>\u00a0 License GPLv2 accepted by the user\n ===>\u00a0 Found saved configuration for squid-3.1.14\n ===>\u00a0 Extracting for squid-3.1.14\n => SHA256 Checksum OK for squid3.1\/squid-3.1.14.tar.bz2.\n ===>\u00a0\u00a0 squid-3.1.14 depends on file: \/usr\/local\/bin\/perl5.8.8 - found\n ^C<\/pre>\n
Tinggal menunggu proses instalasi squid mateng. eh salah selesai maksudnya.<\/p>\n
jika sudah selesai maka direktori \/usr\/local\/etc\/squid akan terbentuk ubah owner direktori squid ini dgn perintah sbb<\/p>\n
unila-inherent-gtw# chown -R squid:squid \/usr\/local\/etc\/squid<\/strong><\/em> , dengan penampakan isi adalah sebagai berikut;<\/pre>\n
unila-inherent-gtw# ls<\/strong><\/em>\n cachemgr.conf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 errors\u00a0\u00a0\u00a0\u00a0 mime.conf.default\u00a0\u00a0\u00a0\u00a0\u00a0 squid.conf.default\n cachemgr.conf.default\u00a0 icons\u00a0\u00a0\u00a0\u00a0\u00a0 msntauth.conf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 squid.conf.documented\n errorpage.css\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mib.txt\u00a0\u00a0\u00a0 msntauth.conf.default\n errorpage.css.default\u00a0 mime.conf\u00a0 squid.conf\n unila-inherent-gtw#<\/strong><\/em><\/pre>\n
Pastikan baca contoh lengkap configurasi squid secara teliti pada file\u00a0 squid.conf.documented<\/strong> (lengkap dibahas disini).<\/p>\n
Selanjutnya\u00a0 tinggal kita aktifkan dual Mode IPv4 sekaligus IPv6 request dengan modifikasi squid.conf, seperti contoh berikut<\/p>\n
# Squid normally listens\u00a0 port defaultnya adalah 3128\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 http_port 3128 <\/strong><\/em><\/pre>\n
# Definiskan host IPv4 yang boleh menggunakan layan proxy ini<\/pre>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 acl localnet src 10.0.0.0\/8\u00a0\u00a0\u00a0\u00a0 # RFC1918 possible internal network<\/strong><\/em>\n \u00a0\u00a0\u00a0\u00a0 acl localnet src 172.16.0.0\/12\u00a0 # RFC1918 possible internal network<\/strong><\/em>\n \u00a0\u00a0\u00a0\u00a0 acl localnet src 192.168.0.0\/16 # RFC1918 possible internal network<\/strong><\/em>\n \u00a0\u00a0\u00a0 http_access allow localnet<\/strong><\/em>\n <\/strong><\/em>\n # Buat acl baru yang membolehkan tujuan ke IPv6<\/pre>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 acl to_ipv6 dst ipv6<\/strong><\/em><\/pre>\n
# Definisikan TCP Outgoing jika proxy server ingin digunakan Dual IPv4\/IPv6 (Ingat Alokasi IP adalah alokasi IPv4\/IPv6 yang terpasang diinterface Proxy server, bukan default Gateway IPv4\/IPv6<\/strong>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tcp_outgoing_address 2001:470:18:aa7::2\u00a0 to_ipv6<\/strong><\/em>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tcp_outgoing_address 103.3.46.254\u00a0 !to_ipv6<\/strong><\/em><\/pre>\n
Terakhir jalankan squid,<\/p>\n
unila-inherent-gtw# \/usr\/local\/etc\/rc.d\/squid start<\/strong><\/pre>\n
Kemudian kita check dari client dengan terlebih dahulu set proxy dengan parameter sbb IPPROXY:3128<\/strong>, dari browser langsung saja buka ipv6.google.com<\/strong><\/a> atau www.kame.net<\/strong><\/a> atau www.unila.ac.id<\/strong><\/a> , atau langsung direct buka ipv6 address http:\/\/[2001:200:dff:fff1:216:3eff:feb1:44d7]\/<\/a> <— untuk kame.net , dan taraaaaaa, harusnya anda bisa melihat dancing KAME<\/strong> khas jika kita akses dari alamat IPv6 .<\/p>\n
Sekalian dimonitor apakah sudah ada request ke tujuan IPv6 dari access.log nya si squid<\/p>\n
192.168.1.204 TCP_MISS\/500 4252 GET http:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.4\/jquery.min.js - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/304 277 GET http:\/\/[2001:200:dff:fff1:216:3eff:feb1:44d7]\/style.css - DIRECT\/2001:200:dff:fff1:216:3eff:feb1:44d7<\/strong>\n 192.168.1.204 TCP_MISS\/500 4278 GET http:\/\/www.momonga.org\/icon\/momo-b2.gif - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/500 4150 GET http:\/\/www.ipv6forum.com\/ipv6_enabled\/sa\/SA1.php? - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/304 278 GET http:\/\/[2001:200:dff:fff1:216:3eff:feb1:44d7]\/<\/strong>img\/kame-anime-small.gif - DIRECT\/2001:200:dff:fff1:216:3eff:feb1:44d7 -\n 265 192.168.1.204 TCP_MISS\/200 4339 GET http:\/\/[2001:200:dff:fff1:216:3eff:feb1:44d7]\/index.html - DIRECT\/2001:200:dff:fff1:216:3eff:feb1:44\n 192.168.1.204 TCP_MISS\/500 4154 GET http:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.4\/jquery.min.js - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/500 4124 GET http:\/\/www.momonga.org\/icon\/momo-b2.gif - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/200 1546 GET http:\/\/www.ipv6forum.com\/ipv6_enabled\/sa\/SA1.php? - DIRECT\/2001:a18:1:20::42 text\/html<\/strong>\n 192.168.1.204 TCP_MISS\/500 4300 GET http:\/\/www.itb.ac.id\/ - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/500 4077 GET http:\/\/www.squid-cache.org\/Artwork\/SN.png - NONE\/- text\/html\n 192.168.1.204 TCP_MISS\/503 4344 GET http:\/\/www.itb.ac.id\/ - DIRECT\/2403:8000:1:32::46<\/strong> text\/html\n 192.168.1.204 TCP_MISS\/500 4077 GET http:\/\/www.squid-cache.org\/Artwork\/SN.png - NONE\/- text\/html<\/pre>\n
Done selamat anda sudah berhasil menjalankan Squid dan support IPv6,<\/p>\n
Oh iya jika ingin menggunakan FREE TRIAL IPV6 Proxy dari UNILA silahkan mengarahkan proxy anda ke alamat berikut<\/p>\n
EXTERNAL NETWORK UNILA :<\/strong><\/pre>\n
IP :\u00a0 103.3.46.58<\/pre>\n
Port : 3128<\/pre>\n
INTERNAL NETWORK UNILA :<\/strong><\/pre>\n
IP : 192.168.1.245<\/pre>\n
Port : 3128<\/pre>\n
INHERENT - INDONESIA HIGHER EDUCATION NETWORK :<\/strong><\/pre>\n
IP : 167.205.143.10<\/pre>\n
Port : 3128<\/pre>\n
Dengan limit waktu yang kita tentukan nanti. INGA INI HANYA IPV6 SAJA YAAA !!!!!!!!!!<\/strong>
\nDemikian Tulisan ini dibuat semoga ada manfaatnya….<\/p>\n
MARI MEMASYARAKATKAN\u00a0 IPV6 DAN MENG IPv6-kan MASYARAKAT<\/strong><\/p>\n
\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Sesuai dengan judul diatas, kali ini saya berkesempatan untuk menulis dokumentasi\u00a0 bagaimana agar mesin proxy kita bisa meneruskan paket-paket traffik IPv6 dari address client yang masih menggunakan alamat IPv4. baca lebih lanjut untuk mengetahuinya. Prasyarat mutlak dan harus dipenuhi adalah mesin proxy sudah terlebih dulu tersambung ke jaringan global IPv6 Dunia, jika anda tidak memiliki … Continue reading “FreeBSD – Squid enable IPv6 forwarding request from IPv4 Client”<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,9],"tags":[237,491,499,1099,1100,1101],"class_list":["post-863","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-world-of-ict","tag-configurasi-squid-enable-ipv6-from-ipv4-client","tag-ipv6-on-inherent","tag-ipv6-unila","tag-squid-enable-ipv6","tag-squid-ipv6","tag-squid-proxy-ipv6"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/863"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=863"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/863\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}