IKLAN

Pelatihan
&
Jasa Setting Proxy High Perfomance

Di Jamin Youtube tercache & Game online terupdate cepat
  • Pelatihan & Setting On the site
Mobile Phone:085868788968
Pin BB:52595EA2
BUTUH MOBIL BARU/BEKAS?

DP minimal 30 % dari harga mobil baru atau bekas. Syarat untuk karyawan/pns: Fotokopi KTP pemohon, Kartu Keluarga, Rincian Gaji, Rekening Listrik, Surat/Akta nikah, Telepon, PDAM, PBB, Rekening Tabungan & NPWP
Syarat untuk wiraswata:Plus SIUP/TDP, Laporan keuangan terakhir
Contact Person : Eka (082227594993)
Pin BB : 52595EA2

Jasa Pembuatan RT RW Net dan Warnet

Modal Hanya 5 JT-an..!!!

Meliputi:

=>Radio Access Point TP-LINK

=>Antena OMNI

=>Pigtail

=>Kabel UTP 25 meter

=>CPU P3 Mikrotik 2nd, CPU Dual COre Proxy Server 2nd dan Tower 3 Pipa Galvanis

Keuntungan

=>Lebih Murah dalam 1 paket komplit

=>RT/RW-Net Siap Pakai

=>PJK akan membantu promosi

Call/SMS = 085868788968
Pin BB :52595EA2


SEWA MOBIL PEKALONGAN DAN BATANG
Sewa/Carter Mobil Dalam Kota / Luar Kota (Se-Jawa) + Sopir.
Hubungi: Eka HP: 085868788968 / 082227594993
Pin BB : 52595EA2
Alamat:
Jl. Akasia Raya No.5 Perumahan Kalisalak Batang
Jl. Trapesium 3 No.15 Perumahan Limas Indah Pekalongan


SPACE INI DI SEWAKAN UNTUK IKLAN

Hubungi :

Mobile Phone:085868788968
Pin BB:52595EA2




Popular Posts

Home » » Configuring Transparent Web Proxy using Squid 2.7STABLE9

Configuring Transparent Web Proxy using Squid 2.7STABLE9

DEPLOYING TRANSPARENT WEB PROXY SERVER USING SQUID 2.7STABLE9

It is expected that reader have at least 01 year of experience in Linux and have good command on terminal.

The purpose of this document is to provide a practical guide to the Linux professionals who desire to deploy a sufficiently secure and transparent squid in their infrastructure.
The squid RPM that is shipped with Linux is an easy start but for a system administrator this RPM might be insufficient since it will be lacking certain advance features like bandwidth control, transparent etc.

In this document we will download the squid 2.7STABLE9 from the www.squid-cache.org and compile it with the desired options.

Step 1:

• Download the squid 2.7STABLE9 from www.squid-cache.org.
• Copy the downloaded .tar.gz file in /tmp directory and perform following steps
a. Open terminal
b. Cd /tmp
c. Mv downloadedfilename.tar.gz squid27.tar.gz
d. tar –zxvf squid27.tar.gz squid27
e. Cd squid27

When you are in the squid directory, it is then possible to use “./configure” command to compile the squid in default mode. Since our goal is to compile squid with advance options therefore I had compiled the squid using the following options according to my needs:

I strongly suggest that you must use the command “./configure --help” and read the description of each switch before proceeding.
Code:

./configure --enable-storeio=”diskd,aufs,ufs” --enable-removal-policies=”lru,heap” --enable-delay-pools --enable-snmp --enable-arp-acl --enable-cache-digests --enable-linux-netfilter --disable-ident-lookups --enable-auth=”basic” –enable-basic-auth-helpers=”NCSA” --with-maxfd=8192 --enable-default-err-language=”English” --enable-err-language=”English” && echo “Configuration successful”

After the squid is compiled successfully you should see Configuration successful message on the screen.
Code:

Type make && echo “Make Successful”

Code:

Type make install && echo “Installation complete”

If all the messages appear correctly then the squid is completely installed. By default, squid places its files under /usr/local/squid path. Moreover the command “service start/stop squid” is not available in this mode. I shall write another small document on this topic but right now we have to know how to start and stop squid.

Before starting squid, we need to configure user permissions and cache directories. By the time squid is installed from source there is no “squid” user or group exists on the machine and you have to create them if you want to, however, the default user and group “nobody” can also be used to serve the same purpose.

To enable cache effective user type

vi /usr/local/squid/etc/squid.conf and search for the word “nobody”, the default user for the parameter “cache_effective_user” is “nobody” you can replace it with “squid” if you want.
After setting user, now search for “cache_dir ufs”. The default path and settings to this directory is “/usr/local/squid/var/cache 3000 64 512” on my machine. You can change the path and the settings as well but remember that these directories should be read and writable to the user “nobody or squid”.
Now since you have verified the physical path, it is time to set permission for the user. In my environment, I am using “nobody” therefore I shall perform command for this user.

Type “cd /usr/local/squid/var” and type “ll” to view the existing directories. There should be two directories “logs” and “cache”. If any of these is missing then you should create it manually by using the command:

Code:

mkdir dirname

Set the permissions on both folders for user “nobody”.
Code:

chmod –R nobody.nobody cache
chown 775 –R cache
chmod –R nobody.nobody logs
chown 775 –R logs

To create the cache directories run the command

Code:

/usr/local/squid/sbin/squid -z

The squid shall create the necessary directories in the “cache” folder
After applying the above mentioned command, the basic configuration of squid is complete; we can now proceed for detailed configuration.

Start squid: /usr/local/squid/sbin/squid –D

To verify that squid process is running, type ps aux | grep squid. This command should display the squid parent as well as child process on the screen.

Stop squid: /usr/local/squid/sbin/squid –k shutdown

To verify the squid process has finished, type ps aux | grep squid. This time the command should not display the squid process.

Note:
Add following 03 lines to “rc.local” file. The first line shall start squid automatically and the other two lines will help accessing ftp sites without any problem.

Code:

echo “/usr/local/squid/sbin/squid –k D” >> /etc/rc.local
echo “modprobe ip_conntrack_ftp” >> /etc/rc.local
echo “modprobe ip_nat_ftp” >> /etc/rc.local

Applying basic squid configuration

a. Define basic rules of http access
b. Authorize additional safe ports
c. Control bandwidth with delay pool

Type “vi /usr/local/squid/etc/squid.conf” and apply following settings.

a. Define basic rules of http access
Port Settings:
Code:

http_port 10.1.1.1:3128 transparent

General Settings:
Code:

visible_hostname main_it_center
cache_mgr webmaster

ACLs Settings:
Code:

acl blocklist url_regex –i “/usr/local/squid/etc/blocklist.txt”
http_access deny blocklist

acl singlip src 10.1.1.4
acl http_access allow singleip

acl someips src 10.1.1.5 10.1.1.7 10.1.1.15
http_access allow someips
acl manyips src “/usr/local/squid/etc/many.txt”
acl http_access allow manyips


http_access allow localhost

b. Authorize additional safe ports

Search the word “Safe_ports” and add following ports before the line “acl CONNECT method CONNECT”

Code:

acl Safe_ports port 995 # pop3 of gmail
acl Safe_ports port 587 # smtp of gmail
acl Safe_ports port 465 # smtp of gmail
acl Safe_ports port 993 # smtp of gmail
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop3
acl Safe_ports port 143 # pop3


c. Control bandwidth with delay pool

I am writing a very simple rule that will reduce the network bandwidth of the target ips. The rest of ips shall receive full bandwidth

Code:

acl ipgroup src "/etc/squid/delayedips"
delay_pools 1
delay_class 1 1
delay_parameters 1 12000/24000
delay_access 1 allow ipgroup
delay_access 1 deny all


Configure iptables

Configuring iptables is important for transparent proxy setting. The further advantage is that messengers will be able to directly access internet without the need of proxy settings.


Code:

/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service iptables save
service iptables restart

Configure IP Forwarding

vi /etc/sysctl.conf
Change the value of “net.ipv4.ip_forward” to 1:

net.ipv4.ip_forward = 1

Save the file and type “sysctl –p” to refresh and apply new settings

Note:
In order to apply changes while squid is running, use the command

/usr/local/squid/sbin/squid –k reconfigure


The transparent squid is configured with outlook support and now you do not need to provide the proxy address in the client browsers.

Quote:
Author: Sabir Mustafa [RHCE, MCSA, OELACA (Oracle)]
Review by: Baber Zahoor
Number of machines: 01 [HP 8000 series desktop PC with 1024 GB of RAM]
Operating System: RedHat Enterprise Linux 5.4 [32-bit]
Web Proxy server: SQUID 2.7STABLE9 [Compiled from source]
# of NICs: 02
NICs configuration: eth0 [Connected to public interface (192.168.1.8)]
eth1 [Connected to private interface (10.1.1.1)]