(HowTo) Install and Configu..

[HowTo] Install and Configure Squid as Transparent Proxy | Ivan Kristi...
http://www.ivankristianto.com/os/ubuntu/howto-install-and-configure-s...
Ivan Kristianto Blog Source for programming, linux/unix, and technology, tutorials, news update, tips and tricks, hobbies and entertainment Home Privacy Policy Link Exchange Freebies! Portfolio About
Ads by Google
Proxy Server
Ubuntu
Squid Proxy Log
Port Configure
Install Download Enhanced Internet Explorer 9 with Bing and MSN. www.ie9enhanced.com Squid Find practical business information on squid. www.allbusiness.com Open Ubuntu Forums The ultimate user made discussion fourm no rules apply ;) www.openubuntu.com Osprey fishing Lures Softgel/wobbler/spinner/jigging Wholesales and Oem contract supply www.otter-tackles.com
You are here: Home / Operating System / Ubuntu / [HowTo] Install and Configure Squid as Transparent Proxy July 12, 2009 by Ivan
Install www.ie9enhanced.com Download Enhanced Internet Explorer 9 with Bing and MSN. Squid www.allbusiness.com Find practical business information on squid. Open Ubuntu Forums www.openubuntu.com The ultimate user made discussion fourm no rules apply ;) Osprey fishing Lures www.otter-tackles.com Softgel/wobbler/spinner/jigging Wholesales and Oem contract supply
Squid cache logo
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. An intercepting proxy (also known as a transparent proxy) combines a proxy server with a gateway. Connections made by client browsers through the gateway are redirected through the proxy without client-side configuration (or often knowledge). Sothe client never realize and dont have to configure the client machine to use the proxy, but they are using it.
1 of 11
16/03/2011 16:09
Install Squid Cache Proxy I will show you how to install Squid Web Proxy (*only for Ubuntu/Debian): 1. Open up your shell and type this command: sudo apt-get install squid 2. Finish. For other OS you can download the binary package here. Configure Squid Cache Proxy as Transparent Proxy To configure squid proxy as transparent proxy you need to edit squid.conf file in /etc/squid/squid.conf as follow:
acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl all src all manager proto cache_object localhost src 127.0.0.1/32 localnet src 192.168.1.0/24 SSL_ports port 443 563 Safe_ports port 80 # http Safe_ports port 21 # ftp Safe_ports port 443 # https Safe_ports port 70 # gopher Safe_ports port 210 # wais Safe_ports port 1025-65535 # unregistered ports Safe_ports port 280 # http-mgmt Safe_ports port 488 # gss-http Safe_ports port 591 # filemaker Safe_ports port 777 # multiling http CONNECT method CONNECT allow manager localhost deny manager deny !Safe_ports deny CONNECT !SSL_ports
http_access http_access http_access http_access
http_access allow localnet http_access allow localhost http_access deny all http_reply_access allow localnet http_reply_access deny all icp_access allow localnet icp_access deny all http_port 8080 transparent hierarchy_stoplist cgi-bin ? cache_mem 256 MB cache_dir ufs /var/spool/squid 2048 16 256 cache_mgr admin@email.com cache_effective_user squid cache_effective_group squid access_log /var/log/squid/access.log squid refresh_pattern refresh_pattern refresh_pattern refresh_pattern ^ftp: 1440 ^gopher: 1440 (cgi-bin|\?) 0 . 0 20% 20% 10080 0% 1440 0% 0 4320
visible_hostname yourdomain.com icp_port 3130 always_direct allow all
forwarded_for off coredump_dir /var/spool/squid
The most important line is http_port 8080 transparent : This line means, Squid proxy run as transparent proxy at port 8080 (by default 3128). Later you need to edit the iptables to bypass every request/response connection through this port. Note: That setting is for Squid v2.6 or v2.7. For later version like Squid v3.1, transparent option is being deprecated, you need to use option intercept instead. There are many things that squid can do, like limiting download speed for certain ip, denied some time wasting sites,
2 of 11 16/03/2011 16:09
denied some ports, denied download some files in certain hours, and many more case that you can name. So take your time to read their documentation guide here. Configure Iptables To make Squid as the transparent proxy (man in the middle), you need to configure the iptables. I got this script to help you:
#!/bin/sh # -----------------------------------------------------------------------------------# See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html # (c) 2006, nixCraft under GNU/GPL v2.0+ # ------------------------------------------------------------------------------------# squid server IP SQUID_SERVER="192.168.1.1" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP
Okay, thats all of it. If you like it please leave me a comment. What people search: squid transparent proxy howto, squid transparent proxy, squid transparent proxy centos, windows proxy transparent, FATAL: getpwnam failed to find userid for effective user proxy Squid Cache (Version 2 6 STABLE21): Terminated abnormally transparent proxy squid Squid Cache (Version 3 1 10): Terminated abnormally setup transparent Related Posts:
1.
[HowTo] Install Curl in PHP5 and Apache
3 of 11
16/03/2011 16:09
2.
[HowTo] Broadcast Radio With Winamp + SHOUTcast to Ubuntu with IceCast2
3.
[HowTo] Radio Streaming Server in Ubuntu Using IceCast2
4.
[HowTo] Upgrade Ubuntu 8.10 to Ubuntu 9.04 Help me share the words:
Article by Ivan Kristianto Ivan Kristianto is a freelancer web developer and blogger. Focus on writing computer and technology articles. Very interest with free and open source software. Follow his Twitter: @ivankrisdotcom or Facebook profile IvanKristiantoBlog Category: Ubuntu Tags: centos squid web proxy, faster internet, how to, linux, permission denied on terminal bash when i tried to configure squid, proxy, squid, squid transparent proxy client iptables, squid transparent proxy howto, transparent proxy, web cache, web proxy Emre Hi, I'm configuring my iptables and squid proxy like your's. But can't be transparent, sorry for my english. I have two ethernet karts and eth1 > internet, eth0>LAN configured them for my network but still runing normal proxy, not transparent. Please help, and so thanks! Emre Hi, Im configuring my iptables and squid proxy like yours. But cant be transparent, sorry for my english. I have two ethernet karts and eth1 > internet, eth0>LAN configured them for my network but still runing normal proxy, not transparent. Please help, and so thanks! Anonymous Hi Emre, there are some point you need to configure:
4 of 11
16/03/2011 16:09
1. Please be sure this line is in your squid.conf "http_port 8080 transparent" (without quotes), that's mean you run squid on port 8080 as transparent. 2. You need to configure the iptables script: SQUID_SERVER="192.168.1.1" => your squid's ip INTERNET="eth0" => your ethernet that go to the internet LAN_IN="eth1" => your ethernet that go to the your network SQUID_PORT="3128" => the squid's port 3128 is the default squid port, for my example use 8080 Hope this help you. Cheers. Ivan http://www.ivankristianto.com Ivan Hi Emre, there are some point you need to configure: 1. Please be sure this line is in your squid.conf http_port 8080 transparent (without quotes), thats mean you run squid on port 8080 as transparent. 2. You need to configure the iptables script: SQUID_SERVER=192.168.1.1 => your squids ip INTERNET=eth0 => your ethernet that go to the internet LAN_IN=eth1 => your ethernet that go to the your network SQUID_PORT=3128 => the squids port 3128 is the default squid port, for my example use 8080 Hope this help you. Cheers. Ivan kevin how i can install anonymous proxy. please help me with my config. please make complete tutorial or just email me kevin how i can install anonymous proxy. please help me with my config. please make complete tutorial or just email me Anonymous Hi Kevin, To install squid as anonymous proxy, you can do the following: 1. disable all log, edit your squid.conf to: access_log none cache_store_log none 2. you need to have a public ip and allow any ip you like, edit the squid.conf: acl IPALLOW 210.83.0.0/19 (Note you can add as many ip you like here) http_access allow IPALLOW http_access deny all 3. Then you need to edit this line in squid.conf: visible_hostname <your public IP> 4. restart your squid. http://www.ivankristianto.com Ivan Hi Kevin, To install squid as anonymous proxy, you can do the following: 1. disable all log, edit your squid.conf to: access_log none
5 of 11
16/03/2011 16:09
cache_store_log none 2. you need to have a public ip and allow any ip you like, edit the squid.conf: acl IPALLOW 210.83.0.0/19 (Note you can add as many ip you like here) http_access allow IPALLOW http_access deny all 3. Then you need to edit this line in squid.conf: visible_hostname 4. restart your squid. clive How do I connect(physical) the transparent proxy server in my network? I have a DSL modem and a LinkSys wireless router. clive How do I connect(physical) the transparent proxy server in my network? I have a DSL modem and a LinkSys wireless router. Anonymous If you have a router with squid transaprent proxy installed, just point your computer gateway and dns to your router ip. http://www.ivankristianto.com Ivan If you have a router with squid transaprent proxy installed, just point your computer gateway and dns to your router ip. Siva Hi all, Can someone give me the configuration guide to make a Squid transparent proxy in Vista OS. I have tried but not succeeded. Please guide me the Ethernet configuration(iptables script) on Vista also. My network: DNS Modem > [T-Proxy] > Swtich > Client machines Thanks in advance, Siva Siva Hi all, Can someone give me the configuration guide to make a Squid transparent proxy in Vista OS. I have tried but not succeeded. Please guide me the Ethernet configuration(iptables script) on Vista also. My network: DNS Modem > [T-Proxy] > Swtich > Client machines Thanks in advance, Siva Siva Hi, Can someone give the configuration steps of Squid Transparent proxy in Vista. I have tried, but not able to succeed. Please give the ethernet NIC (iptable similar for Win) configuration info for Vista. Thanks in advance, Siva Siva Hi, Can someone give the configuration steps of Squid Transparent proxy in Vista. I have tried, but not able to succeed. Please give the ethernet NIC (iptable similar for Win) configuration info for Vista. Thanks in advance,
6 of 11
16/03/2011 16:09
Siva Anonymous Hi Siva, i haven't tried yet. But why do you want make your vista as cache server? isn't that waste to much resources? http://www.ivankristianto.com Ivan Hi Siva, i havent tried yet. But why do you want make your vista as cache server? isnt that waste to much resources? Siva Thanks for the reply..! Yes you are right. I changed my plan now. Could you please tell me, can we install Squid Transparent proxy in "CentOS" if yes, please tell me which version I should download and configure. Note: All my clients are running Vista. Guide me in IP setting also, we've one DNS Static IP. My Network: DNS Modem > [T-Proxy server] > Swtich > Client machines Please aid me in the Ethernet card configuration. Siva Thanks for the reply..! Yes you are right. I changed my plan now. Could you please tell me, can we install Squid Transparent proxy in CentOS if yes, please tell me which version I should download and configure. Note: All my clients are running Vista. Guide me in IP setting also, weve one DNS Static IP. My Network: DNS Modem > [T-Proxy server] > Swtich > Client machines Please aid me in the Ethernet card configuration. Anonymous Hi Siva, Just follow my guide in this article, it also work for CentOS. But replace command "apt-get install squid" to "yum install squid" (without quotes). It will install squid v2.6 STABLE21. And the rest configuration is same. Good luck. http://www.ivankristianto.com Ivan Hi Siva, Just follow my guide in this article, it also work for CentOS. But replace command apt-get install squid to yum install squid (without quotes). It will install squid v2.6 STABLE21. And the rest configuration is same. Good luck. Siva Ivan, I have done all the configuration, but my Squid access.log is not populating. And tell me do i need to configure DHCP in my squid server? Siva Ivan, I have done all the configuration, but my Squid access.log is not populating. And tell me do i need to configure DHCP in my squid server? Anonymous
7 of 11
16/03/2011 16:09
You don't need to configure DHCP in your squid. Did you miss iptables config? http://www.ivankristianto.com Ivan You dont need to configure DHCP in your squid. Did you miss iptables config? Santy Hi, Thanks for info My current setup is my two desktop machines gateway is CISCO PIX (IP 192.168.10.1) & DNS is my AD & DNS Server (192.168.10.10).. Currently I am running squid with manual proxy configuration.for squid as transparent proxy is it required to add rules on PIX firewall? to forward port 80 traffic to squid port 3128.. or is it required to change gateway of my all desktop machines to Squid proxy server IP? (192.168.10.20) please suggestthanks in advance.. is it ok if I use eth0 & eth1 password from same subnet (e.g 192.168.10.5 & 192.168.10.6 for eth0 & eth1 respectively) for squid transparent proxy) Santy Hi, Thanks for info My current setup is my two desktop machines gateway is CISCO PIX (IP 192.168.10.1) & DNS is my AD & DNS Server (192.168.10.10).. Currently I am running squid with manual proxy configuration.for squid as transparent proxy is it required to add rules on PIX firewall? to forward port 80 traffic to squid port 3128.. or is it required to change gateway of my all desktop machines to Squid proxy server IP? (192.168.10.20) please suggestthanks in advance.. is it ok if I use eth0 & eth1 password from same subnet (e.g 192.168.10.5 & 192.168.10.6 for eth0 & eth1 respectively) for squid transparent proxy) Santy is it ok if I use eth0 & eth1 IP Address from same the subnet (e.g 192.168.10.5 & 192.168.10.6 for eth0 & eth1 respectively) for squid transparent proxy) Santy is it ok if I use eth0 & eth1 IP Address from same the subnet (e.g 192.168.10.5 & 192.168.10.6 for eth0 & eth1 respectively) for squid transparent proxy) Siva No I ran it, but I don't know how to check it out Can u please give me the configurations for squid as well as iptable. I do no how to trace the issue when its not working. My Server eth0= 192.168.1.21(From Modem) eth1= 192.168.2.31(To LAN N/W) Guide me,no problem if i need to change the IP's also. Siva No I ran it, but I dont know how to check it out Can u please give me the configurations for squid as well as iptable. I do no how to trace the issue when its not working. My Server eth0= 192.168.1.21(From Modem) eth1= 192.168.2.31(To LAN N/W) Guide me,no problem if i need to change the IPs also. Anonymous
8 of 11
16/03/2011 16:09
Hi Santy, Actually i don't understand how your network structure. Can you tell me more clear? And yes, to run squid as transparent proxy you need to to edit rule in iptables. i provided that in my post. Put that in rc.local so everytime your server boot it will automatically configured. http://www.ivankristianto.com Ivan Hi Santy, Actually i dont understand how your network structure. Can you tell me more clear? And yes, to run squid as transparent proxy you need to to edit rule in iptables. i provided that in my post. Put that in rc.local so everytime your server boot it will automatically configured. Anonymous Hi Siva, in the squid.conf please change acl localnet src 192.168.1.0/24 To acl localnet src 192.168.2.0/24 and in iptables config change to: SQUID_SERVER="192.168.1.21" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="8080" Restart squid and run the script. Please point all of your client computer gateway to 192.168.2.31 Cheers http://www.ivankristianto.com Ivan Hi Siva, in the squid.conf please change acl localnet src 192.168.1.0/24 To acl localnet src 192.168.2.0/24 and in iptables config change to: SQUID_SERVER=192.168.1.21 # Interface connected to Internet INTERNET=eth0 # Interface connected to LAN LAN_IN=eth1 # Squid port SQUID_PORT=8080 Restart squid and run the script. Please point all of your client computer gateway to 192.168.2.31 Cheers Siva Thanks a lot.!! I did as u said, now its working perfectly. [Cheers]
Ivan, Presently I don't have control over the client machines. (Like customer own PC) Can i achive this gateway setup through DHCP..? If yes, please guide in the DHCP configuration. Thanks again..!!
9 of 11
16/03/2011 16:09
Siva Thanks a lot.!! I did as u said, now its working perfectly. [Cheers]
Ivan, Presently I dont have control over the client machines. (Like customer own PC) Can i achive this gateway setup through DHCP..? If yes, please guide in the DHCP configuration. Thanks again..!! Anonymous Yes, you should use DHCP instead. Later i will make an article how to install a DHCP server. http://www.ivankristianto.com Ivan Yes, you should use DHCP instead. Later i will make an article how to install a DHCP server. Siva Ivan, Please help me in this if you can. I have done with all even in reporting through SARG apps. Issue is, I could only view client host IP address in my report. Is there any possiblities to see the client host name instead of IP address in SARG report? Like changing the Squid access.log format instead of IP address remote HOST NAME..! Thanks in advance!! Siva Ivan, Please help me in this if you can. I have done with all even in reporting through SARG apps. Issue is, I could only view client host IP address in my report. Is there any possiblities to see the client host name instead of IP address in SARG report? Like changing the Squid access.log format instead of IP address remote HOST NAME..! Thanks in advance!! Anonymous I'm sorry Siva, i don't use SARG apps. So i don't know about it. But i'm using my own report, by see continuous log from the squid. I publish the article on my blog at http://www.ivankristianto.com/2009/07/tips-show-squid-log-continuously-squid-web-proxy/ Hope you like it. Thanks. http://www.ivankristianto.com Ivan Im sorry Siva, i dont use SARG apps. So i dont know about it. But im using my own report, by see continuous log from the squid. I publish the article on my blog at http://www.ivankristianto.com/2009/07/tips-show-squid-log-continuously-squid-web-proxy/ Hope you like it. Thanks. ashar hi dear i m using centos 5.3 &2.6 squid i m using so can u help me for transparent squid i got yahoo problem with this so help me for proper work plz mail me on this id whois_thebest2001@yahoo.com plz help ashar hi dear i m using centos 5.3 &2.6 squid i m using so can u help me for transparent squid i got yahoo problem with this so help me for proper work plz mail me on this id whois_thebest2001@yahoo.com plz help Anonymous Hi Ashar,
10 of 11
16/03/2011 16:09
What is the problem? Please follow my guide step by step. It will work. I'm using CentOS 5.1 with Squid 2.6. And it running for 2 years now. Cheers. http://www.ivankristianto.com Ivan Hi Ashar, What is the problem? Please follow my guide step by step. It will work. Im using CentOS 5.1 with Squid 2.6. And it running for 2 years now. Cheers. Rbas Is it possible to implement transparent proxy for https? I know it is not allowed because it will be a 'man-in-the-middle attack'. Any options to allow https accesses through transparent proxy? Any help will be appreciated. Thanks a lot in advance. -RB Rbas Is it possible to implement transparent proxy for https? I know it is not allowed because it will be a man-in-the-middle attack. Any options to allow https accesses through transparent proxy? Any help will be appreciated. Thanks a lot in advance. -RB cembeliq i save file in iptable.sh Then i run : root@cembeliq-laptop:/home/cembeliq/Documents# ./iptable.sh 1 ./iptable.sh: 28: gt: not found ./iptable.sh: 28: /proc/sys/net/ipv4/ip_forward: Permission den
11 of 11
16/03/2011 16:09

(HowTo) Install and Configu..

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

(HowTo) Install and Configu..

Diunggah oleh

Hak Cipta:

Format Tersedia

[HowTo] Install and Configure Squid as Transparent Proxy | Ivan Kristi...

Squid Proxy Log

Squid cache logo