TRANSPARENT PROXY CONFIGURATION IN LINUX

Protecting your Linux box
Post Reply
pazha_malai
Cadet
Posts: 7
Joined: Mon Feb 18, 2008 6:36 pm

TRANSPARENT PROXY CONFIGURATION IN LINUX

Post by pazha_malai »

i want to confgure a transparent proxy configuration

plz guide do this

thank u
Top
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:
Contact mudasir

Post by mudasir »

AOA,

Dear pazha_malai,

There is a search option in this forum, please use that before you POST any thing. There are many posts that have covered this topic in great detail.

http://www.geocities.com/cool_mudasir/linux/links.html

Here you will fine squid.conf file, that is configured to work with Squid 2.5.STABLE14.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Top
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:
Contact x2oxen

How to configure Squid

Post by x2oxen »

Here are the Basic Configurations of Squid what we got taught during RHCE Training. It might help you to configure and understand.

Proxy Server:
Proxy means on behalf of other person/machine. A proxy can be providing following facilities.

i) ICS (Internet Connection Sharing)
ii) Firewall
iii) Cache

There are several proxy servers used in windows environment like ISA, Wingate, Winproxy etc.
In Unix/Linux operating systems most usually used proxy server is Squid.

Squid Configuration:

Code: Select all

Following packages must be installed

		Packages: 		squid
		Configuration File: 	/etc/squid/squid.conf

		Following services takes part in this process so should be up

		Services:		squid
Download and install required packages and lets move for further configuration.

Configuration:
In configuration file find the following parameters and change those to your own ones.

(i) NETWORK OPTIONS

Code: Select all

http_ports	8080	(Multiple ports can also be defined)
(ii) OPTIONS WHICH AFFECT THE CACHE SIZE

Code: Select all

	cache_mem			8 MB	(Size of RAM being used for active cache)
	maximum_object_size	4 MB
(iii) LOG FILE PATHNAMES AND CACHE DIRECTORIES

Code: Select all

	cache_dir ufs /var/spool/squid 1000 16 256		(define your own cache size)
	cache_access_log /var/log/squid/access.log		(define your own log path)

(iv) ACCESS CONTROLS

Here we will be defining our acls for allowing or denying any network

Code: Select all

acl	mynetwork	src	192.168.0.0/255.255.255.0	(Allow ur network)
http_access	allow	mynetwork				(Allow ur network)
(v) ADMINISTRATIVE PARAMETERS

Code: Select all

cache_mgr			you@yournetwork.com	(your email here)
cache_effective_user		squid
cache_effective_group	squid
visible_hostname		yourname
(vi) HTTPD ACCELERATOR OPTIONS
We need to put these parameters to make squid work in transparent mode but keep in mind in squid 2.6.xx we do not need to use these parameters.

Code: Select all

httpd_accel_port			80
httpd_accel_host			virtual
httpd_accel_with_proxy		on
httpd_accel_uses_host_header	on
Now save and exit the configuration file.
Now add the following lines into your /etc/rc.local file.

Code: Select all

	echo "1" > /proc/sys/net/ipv4/ip_forward
	iptables –t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
	iptables –t nat –A POSTROUTING –o eht1 –j MASQUERADE
Note:
Use your input or local network interface in place of eth0 and your internet or wan interface in place of eth1.

Change Permissions on Cache Directory:

Code: Select all

	# chown 	squid:squid	/var/spool/squid	(or your own cache dir)
	# chmod	-R 755		/var/spool/squid
	# squid		-z					(for creating cache dir)
Now reboot your machine and start squid service and we are ready to go.

Code: Select all

	# service squid start
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
Top
Post Reply

Return to “Security”