TRANSPARENT PROXY CONFIGURATION IN LINUX

Protecting your Linux box

TRANSPARENT PROXY CONFIGURATION IN LINUX

Postby pazha_malai » Fri Mar 07, 2008 11:01 am

i want to confgure a transparent proxy configuration

plz guide do this

thank u
pazha_malai
Cadet
 
Posts: 7
Joined: Mon Feb 18, 2008 6:36 pm

Postby mudasir » Sat Mar 08, 2008 3:43 am

AOA,

Dear pazha_malai,

There is a search option in this forum, please use that before you POST any thing. There are many posts that have covered this topic in great detail.

http://www.geocities.com/cool_mudasir/linux/links.html

Here you will fine squid.conf file, that is configured to work with Squid 2.5.STABLE14.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

How to configure Squid

Postby x2oxen » Sat Mar 08, 2008 12:19 pm

Here are the Basic Configurations of Squid what we got taught during RHCE Training. It might help you to configure and understand.

Proxy Server:
Proxy means on behalf of other person/machine. A proxy can be providing following facilities.

i) ICS (Internet Connection Sharing)
ii) Firewall
iii) Cache

There are several proxy servers used in windows environment like ISA, Wingate, Winproxy etc.
In Unix/Linux operating systems most usually used proxy server is Squid.

Squid Configuration:

Code: Select all

Following packages must be installed

      Packages:       squid
      Configuration File:    /etc/squid/squid.conf

      Following services takes part in this process so should be up

      Services:      squid


Download and install required packages and lets move for further configuration.

Configuration:
In configuration file find the following parameters and change those to your own ones.

(i) NETWORK OPTIONS

Code: Select all

http_ports   8080   (Multiple ports can also be defined)


(ii) OPTIONS WHICH AFFECT THE CACHE SIZE

Code: Select all

   cache_mem         8 MB   (Size of RAM being used for active cache)
   maximum_object_size   4 MB


(iii) LOG FILE PATHNAMES AND CACHE DIRECTORIES

Code: Select all

   cache_dir ufs /var/spool/squid 1000 16 256      (define your own cache size)
   cache_access_log /var/log/squid/access.log      (define your own log path)


(iv) ACCESS CONTROLS

Here we will be defining our acls for allowing or denying any network

Code: Select all

acl   mynetwork   src   192.168.0.0/255.255.255.0   (Allow ur network)
http_access   allow   mynetwork            (Allow ur network)


(v) ADMINISTRATIVE PARAMETERS

Code: Select all

cache_mgr         you@yournetwork.com   (your email here)
cache_effective_user      squid
cache_effective_group   squid
visible_hostname      yourname


(vi) HTTPD ACCELERATOR OPTIONS
We need to put these parameters to make squid work in transparent mode but keep in mind in squid 2.6.xx we do not need to use these parameters.

Code: Select all

httpd_accel_port         80
httpd_accel_host         virtual
httpd_accel_with_proxy      on
httpd_accel_uses_host_header   on


Now save and exit the configuration file.
Now add the following lines into your /etc/rc.local file.

Code: Select all

   echo "1" > /proc/sys/net/ipv4/ip_forward
   iptables –t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
   iptables –t nat –A POSTROUTING –o eht1 –j MASQUERADE


Note:
Use your input or local network interface in place of eth0 and your internet or wan interface in place of eth1.

Change Permissions on Cache Directory:

Code: Select all

   # chown    squid:squid   /var/spool/squid   (or your own cache dir)
   # chmod   -R 755      /var/spool/squid
   # squid      -z               (for creating cache dir)


Now reboot your machine and start squid service and we are ready to go.

Code: Select all

   # service squid start
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron