i want to confgure a transparent proxy configuration
plz guide do this
thank u
TRANSPARENT PROXY CONFIGURATION IN LINUX
-
- Cadet
- Posts: 7
- Joined: Mon Feb 18, 2008 6:36 pm
AOA,
Dear pazha_malai,
There is a search option in this forum, please use that before you POST any thing. There are many posts that have covered this topic in great detail.
http://www.geocities.com/cool_mudasir/linux/links.html
Here you will fine squid.conf file, that is configured to work with Squid 2.5.STABLE14.
Dear pazha_malai,
There is a search option in this forum, please use that before you POST any thing. There are many posts that have covered this topic in great detail.
http://www.geocities.com/cool_mudasir/linux/links.html
Here you will fine squid.conf file, that is configured to work with Squid 2.5.STABLE14.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
How to configure Squid
Here are the Basic Configurations of Squid what we got taught during RHCE Training. It might help you to configure and understand.
Proxy Server:
Proxy means on behalf of other person/machine. A proxy can be providing following facilities.
i) ICS (Internet Connection Sharing)
ii) Firewall
iii) Cache
There are several proxy servers used in windows environment like ISA, Wingate, Winproxy etc.
In Unix/Linux operating systems most usually used proxy server is Squid.
Squid Configuration:
Download and install required packages and lets move for further configuration.
Configuration:
In configuration file find the following parameters and change those to your own ones.
(i) NETWORK OPTIONS
(ii) OPTIONS WHICH AFFECT THE CACHE SIZE
(iii) LOG FILE PATHNAMES AND CACHE DIRECTORIES
(iv) ACCESS CONTROLS
Here we will be defining our acls for allowing or denying any network
(v) ADMINISTRATIVE PARAMETERS
(vi) HTTPD ACCELERATOR OPTIONS
We need to put these parameters to make squid work in transparent mode but keep in mind in squid 2.6.xx we do not need to use these parameters.
Now save and exit the configuration file.
Now add the following lines into your /etc/rc.local file.
Note:
Use your input or local network interface in place of eth0 and your internet or wan interface in place of eth1.
Change Permissions on Cache Directory:
Now reboot your machine and start squid service and we are ready to go.
Proxy Server:
Proxy means on behalf of other person/machine. A proxy can be providing following facilities.
i) ICS (Internet Connection Sharing)
ii) Firewall
iii) Cache
There are several proxy servers used in windows environment like ISA, Wingate, Winproxy etc.
In Unix/Linux operating systems most usually used proxy server is Squid.
Squid Configuration:
Code: Select all
Following packages must be installed
Packages: squid
Configuration File: /etc/squid/squid.conf
Following services takes part in this process so should be up
Services: squid
Configuration:
In configuration file find the following parameters and change those to your own ones.
(i) NETWORK OPTIONS
Code: Select all
http_ports 8080 (Multiple ports can also be defined)
Code: Select all
cache_mem 8 MB (Size of RAM being used for active cache)
maximum_object_size 4 MB
Code: Select all
cache_dir ufs /var/spool/squid 1000 16 256 (define your own cache size)
cache_access_log /var/log/squid/access.log (define your own log path)
(iv) ACCESS CONTROLS
Here we will be defining our acls for allowing or denying any network
Code: Select all
acl mynetwork src 192.168.0.0/255.255.255.0 (Allow ur network)
http_access allow mynetwork (Allow ur network)
Code: Select all
cache_mgr you@yournetwork.com (your email here)
cache_effective_user squid
cache_effective_group squid
visible_hostname yourname
We need to put these parameters to make squid work in transparent mode but keep in mind in squid 2.6.xx we do not need to use these parameters.
Code: Select all
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Now add the following lines into your /etc/rc.local file.
Code: Select all
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables –t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables –t nat –A POSTROUTING –o eht1 –j MASQUERADE
Use your input or local network interface in place of eth0 and your internet or wan interface in place of eth1.
Change Permissions on Cache Directory:
Code: Select all
# chown squid:squid /var/spool/squid (or your own cache dir)
# chmod -R 755 /var/spool/squid
# squid -z (for creating cache dir)
Code: Select all
# service squid start