Server B auto eth1 iface eth1 inet static address 10.128.5.27 netmask 255.255.255.0 network 10.128.5.0 broadcast 10.128.5.255 dns-nameservers 10.128.5.100 10.128.5.26 dns-search example.com auto eth2 iface eth2 inet static address 10.128.2.21 netmask 255.255.255.0 auto eth3 iface eth3 inet static address 192.168.1.2 netmask 255.255.255.0 Where: Eth1: LAN access Eth2: WAN access Eth3: Cache communication between server A and B. This interface is used to connect both machines between them using a crossover UTP cable
Configuring quagga
You have to activate the Quagga daemons matching the routing protocols you want to set on your router: Zebra: Interface declaration and static routing Bgpd: BGP routing protocol. OSPFD: OSPF routing protocol. RIPD: RIP v2 routing protocol. RIPNGD: RIP IPv6 routing protocol. We use Zebra for routing and it is necessary create or edit /etc/quagga/zebra.conf The servers A and B use the same configuration. ! Static default route sample. ip route 10.0.0.0/8 10.128.5.1 ip route 192.168.1.0/24 192.168.1.1 ip route 0.0.0.0/0 10.128.2.18 Explanation: All applications to or from the 10.0.0.0 / 8 network will be routed by the interface eth1. All traffic to the 192.168.1.0 network will be routed by the interface eth3 and the rest of traffic (internet) would through the interface eth2
Must also enable the demon by editing: /etc/quagga/daemons and restart the service zebra=yes bgpd=no ospfd=no ospf6d=no ripd=no ripngd=no isisd=no #sudo /etc/init.d/quagga restart
Configuring Squid
The configuration directives for Squid are located in /etc/squid3/squid.conf. Edit this file now by typing: #sudo nano /etc/squid/squid.conf Find in /etc/squid/squid.conf the line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS and insert the following: include /etc/squid3/individual-config.cfg And in the file /etc/squid/individual-config.cfg, in each of the servers you need to add Server A cache_peer 192.168.1.2 sibling 8080 0 proxy-only http_port 10.128.5.26:8080 http_port 192.168.1.1:8080 Server B cache_peer 192.168.1.1 sibling 8080 0 proxy-only http_port 10.128.5.27:8080 http_port 192.168.1.2:8080 These lines specified in each of the servers where squid is the brother who needs to consult before searching internet every request and the port which listens for requests. The above line is the only information in squid.conf different on both servers. When you separate that line, you can copy the file squid.conf from one server to another and so ensure that both servers have the same configuration. The following line ensures access to each server cache servers acl localhost src 127.0.0.1/32 10.128.5.26/32 10.128.5.27/32 10.128.2.20/32 192.168.1.1/32 192.168.1.2/32 10.128.5.218 http_access allow manager localhost
visible_hostname proxy.example.com
auth_param basic program /usr/lib/squid3/squid_ldap_auth -P -R -b "ou=people,dc=mu,dc=edu,dc=et" -D "uid=manager,ou=people,dc=example,dc=com" -w "USERPASSWOD" -f uid=%s -h ldap.example.com auth_param basic children 100 auth_param basic realm University Squid proxy-caching web server auth_param basic credentialsttl 1 hours auth_param basic casesensitive on # And finally deny all other access to this proxy #================================================================================= =========== # All preople from here need Auth #================================================================================= =========== acl auth-people proxy_auth REQUIRED http_access allow auth-people
#================================================================================ # Limit Number of users by IP #================================================================================ acl user-by-ip max_user_ip -s 1 http_access deny user-by-ip #================================================================================ # Deny all from here #================================================================================= http_access deny all Is important to create in /var/www/ auto-config file for use by browsers: /var/www/config.pac function FindProxyForURL( url, host ) { if( isPlainHostName(host) ) return "DIRECT"; if( isInNet(host,"127.0.0.0","255.0.0.0") ) return "DIRECT"; if( shExpMatch(host,"*.example.com")) return "DIRECT"; if( isInNet(host,"10.0.0.0","255.0.0.0") ) return "DIRECT"; return "PROXY proxy.example.com:8080"; }
Configuring DNS
You need to add two lines to the DNS server, editing: /etc/bind/db.example.com proxy Where: First column is name of the proxy Second column is TTL: in the DNS context defines the duration in seconds that the record may be cached in seconds. 100 100 IN IN A A 10.128.5.26 10.128.5.27