4. Proxy pfsense tidak bisa di NAT Transparent Proxy oleh mikrotik

Proxy pfsense tidak bisa di NAT Transparent Proxy oleh mikrotik

  • K

    Mohon bantuan rekan2 yang menggunakan pfsense sebagai proxynya.
    saya sudah berhasil menginstall lusca di pfsense.
    di test oleh browser, input ip proxy dan portnya. proxynya berfungsi.

    yang jadi masalah, adalah ketika dari mikrotik saya buat nat untuk transparent proxy ke kroxy pfsense, ternyata gagal. tidak bisa browsing sama sekali.

    bagian mana yang mesti saya setting supaya tranparent proxy nya bekerja ?

    0
  • S

    apakah link berikut bermanfaat brother …

    http://forum.pfsense.org/index.php/topic,35987.0.html

    masak kudu disuapin mulu [becanda] …  ;D

    0
  • K

    sudah coba

    ini nat di mikrotiknya, sengaja di disable, klo di aktifkan, koneksi internet bermasalah

    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
        chain=unused-hs-chain action=passthrough

    1 X ;;; NAT-Modem
        chain=srcnat action=masquerade out-interface=ether1-Modem

    2  ;;; NAT Public
        chain=srcnat action=masquerade out-interface=speedy

    6 X ;;; TRANSPARENT PROX + BYPASS CACHE SERVER LOKAL
        chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp dst-address-list=!Proxy in-interface=WiFi_All dst-port=80,8080,3128

    7 X ;;; TRANSPARENT PROXY
        chain=dstnat action=dst-nat to-addresses=192.168.99.2 to-ports=3128 protocol=tcp src-address-list=Local+Server dst-address-list=!Proxy
        dst-port=80,8080,3128

    0
  • K

    ini log firewallnya
    saya pake ip 192.168.99.166

    Act   Time                 If Source                 Destination         Proto
    block    Jul 18 14:50:29 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:49:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:48:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:47:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:46:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:45:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:44:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:43:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:42:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:41:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:40:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:40:00 LAN 0.0.0.0:68 255.255.255.255:67 UDP
    block    Jul 18 14:39:48 LAN 0.0.0.0:68 255.255.255.255:67 UDP
    block    Jul 18 14:39:48 LAN 0.0.0.0:68 255.255.255.255:67 UDP
    block    Jul 18 14:39:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:38:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:37:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:36:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:35:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:34:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:33:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:32:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:32:05 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:32:05 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:37 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:37 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:31:22 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:22 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:16 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:16 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:13 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:13 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:11 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:11 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51910 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:31:10 LAN 192.168.99.166:51908 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:30:28 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:29:51 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:29:30 LAN 192.168.99.166:47107 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:29:27 LAN 192.168.1.100:5678 255.255.255.255:5678 UDP
    block    Jul 18 14:29:21 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:29:06 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:28:59 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:28:56 LAN 192.168.99.166:47107 192.168.99.2:3128 TCP:FA
    block    Jul 18 14:28:55 LAN 192.168.99.166:47254 192.168.99.2:3128 TCP:FA

    0
  • K

    mohon petunjuk nya, yang ingin saya ketahui adalah apakah masalah berasal dari pfsense atau mikrotiknya ?

    0
  • C

    Udah coba di perhatikan kembali access list yang ada di setting lusca?

    Kalo kita pake ip standart "LAN Pfsense" Emank gak masalah tetapi bila qita ingin mentranslate ip lain yang menggunakan proxy harusnya diberikan izin untuk mengakses Lusca tersebut.

    Semoga membantu..

    0
  • C

    @j_boy:

    hmm..acl di lusca udah di add, firewall udah di allow…

    maksud ip standar "LAN pfsense" yg mana ya, bro sis.net.id? ??? (yg default ini maksudnya bukan?-> 192.168.1.1...)
    udah coba jg yg itu tpi masih blum bisa jg...

    pada saat browsing trafficnya di rb750 kelihatan...tpi tetap g bisa ngenet

    cek di system log- firewall   gak nampak... ::) ::)    (padahal awal nginstall trus ngeredirect lancar, coba2 reinstall semua malah g bisa, padahal konfigurasi gak ada berubah/persis sama dg yg pertama)

    masih blm berhasil...kira2 apa ya... ::) ::) ::)

    Untuk d MT-nya cukup dengan.

    ;;; proxy
        chain=dstnat action=dst-nat to-addresses=192.168.200.1 to-ports=3128
        protocol=tcp in-interface=Local dst-port=80

    Di pf-nya
    centang allow user interface + transparent proxy


    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy