Find the answer to your Linux question:
Results 1 to 9 of 9
Hi friends I am a newbie to Linux, and currently is messed up while creating a proxy server for linux using squid. I hav connected my Linux machine with a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    23

    Proxy server configuration pattern required


    Hi friends

    I am a newbie to Linux, and currently is messed up while creating a proxy server for linux using squid.
    I hav connected my Linux machine with a static IP connection and also with a switch connected to my office LAN. Now all i want is to create a Proxy server, so that my other office (Window) machines can access internet too through Linux machine.
    Can anybody provide me a step by step configuration for this kinda proxy server, along with guidance to wat i need to do with my network settings.
    Mentionable:- M using two network cards on my system, one with Static IP and another with LAN, and both connections are working fine.

    thanks in Advance....

  2. #2
    Just Joined!
    Join Date
    Sep 2009
    Location
    Taiwan
    Posts
    19
    Which Linux distro you are using?
    Did you want to configure squid to be a transport proxy server?

  3. #3
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    90
    Hi,

    The basic setup for a working squid would be to configure your ACL's and then allow access to the ACL

    Create an ACL like (replace 192.168.1.0/24 with your own internal subnet):
    Code:
    acl mynetwork src 192.168.1.0/24
    then
    Code:
    http_access allow mynetwork
    Add the above lines to the relevant sections in the file; http_access line perhaps after the line http_access allow localnet

    Ensure that traffic to port 3128 (default squid port) is allowed in iptables. Also configure proxy settings in the web browser on clients...

    You could further tweak your config files to set up time based / host based restrictions, restrict websites that can be surfed etc....

    --Syd

  4. #4
    Just Joined!
    Join Date
    Oct 2009
    Posts
    23
    Hi

    yes m using squid, and applied the ACL n all that stuff too, but i read somewhere, that i need to masquerade my ip in order to let my LAN get connected to internet thats running on the server. M trying for that only, but still not able to crack through..

    Any ideas, wat to do, n how??

    thanks for all your present and future kind help..

  5. #5
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    90
    Hi,

    You would need to masquerade your local network if you want the systems on the LAN to access the net directly without the squid functionality. This would route all incoming traffic to the internet by substituting the local IP with public IP before sending the packets out on the internet.

    If you want to configure transparent proxy then you would need to configure some REDIRECT rules in iptables and change some settings in the squid.conf file.

    But for basic squid functionality the steps mentioned previously should work. Some extracts from my working squid config file - just two lines that i've added

    Code:
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl mynetwork src 192.168.1.0/24 (i've added this)
    Code:
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    
    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow mynetwork (i've added this)
    You could disable firewall to rule out iptables issue. Also ensure that
    Code:
    cat /proc/sys/net/ipv4/ip_forward
    gives you an output of 1. This enables forwarding of traffic from one NIC to other

  6. #6
    Just Joined!
    Join Date
    Oct 2009
    Posts
    23
    hi friends,

    the issue with Squid is resolved, i was giving wrong IP range

    thanks alot for uy kind support, but.....B U T..but...i hav another issue..he he

    m trying to configure iptables, to get the server access without proxy, and applied these 2 commands

    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    whre eth1 is connected to LAN and eth0 connected to WAN, and 3128 is the default port
    Can anybody guide for iptable configuration as wel...

    thanks

  7. #7
    Just Joined!
    Join Date
    Oct 2009
    Posts
    19
    Hi oracletest....

    what are the lines that you have added to your squid configuration? do you want your proxy to be transparent, or do you want your windows machine to configure their web browser with the proxy configurations? what linux do you have...centos, ubuntu?

    i can give you a step by step configuration but you need to help me with this info first

  8. #8
    Just Joined!
    Join Date
    Oct 2009
    Posts
    23
    hi andrescamino

    i hav configured the squid now, but i want my proxy to be transparent. M using proxy server, with my client browsers configured with proxy. But all i want is a transparent proxy, so i hav not to configure my client browser b4 using internet.
    I am using centOS at my server end and windows XP at clients.

  9. #9
    Just Joined!
    Join Date
    Oct 2009
    Posts
    19
    Hi oracletest

    Okay, so if squid is working fine, you added the word "transparent" after the port 3128 right?
    if you did that, you also created an acl with the name of the lan and also the http_access for that lan.....
    also the cache_mem and cache_dir ufs (for memory capabilities)

    If you haven't done that let me know so I can help you with those lines

    Okay the second thing is to make your iptables work fine, you first have to flush all of your iptable configurations, go in the terminal and write these commands

    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    service iptables save

    once you do that you make sure your iptables look something like this:
    *filter
    :INPUT ACCEPT [15259:8575015]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [15294:8577259]
    COMMIT
    # Completed on Wed Oct 7 16:58:38 2009
    # Generated by iptables-save v1.3.5 on Wed Oct 7 16:58:38 2009
    *nat
    :PREROUTING ACCEPT [7:2296]
    :POSTROUTING ACCEPT [141:10027]
    :OUTPUT ACCEPT [144:10697]

    and if they look like this go again to the terminal and write these two lines

    iptables -t nat -A PREROUTING -s 192.168.2.0/255.255.255.0 -p tcp --dport 80 -j REDIRECT --to-ports 3128
    iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.0 -j MASQUERADE
    service iptables save

    by the way I am assuming that you have the 192.168.2.0 network for your entire lan, and off course this must be the same lan created in the acl of your squid.conf

    you should see those two lines in your iptables after you save them

    you also have to change your network forward in /etc/sysctl.conf and change ipv4/ip_forward=0 to ipv4/ip_forward=1 (that's how you enable forwarding packets)

    then restart your squid and you should be good
    another thing is that you have to make sure that your windows computer have the network configuration right in the 192.168.2.0 network and with default gateway 192.168.2.1 (off course assuming that your ethernet card connected to the lan has that ip address) and also you should enter the same DNS as your proxy machine has

    and that's how is done....i hope it's not too messy, but if you got stucked at some point let me know it and I'll explain with more details

    best regards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •