Tag Archives: Squid

Squid – Proxy Server (Ubuntu 10.04)

Leave a reply

Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance.

Installation

At a terminal prompt, enter the following command to install the Squid server:

 

sudo apt-get install squid

 

Configuration

Squid is configured by editing the directives contained within the /etc/squid/squid.conf configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.

[Tip]  

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary.

Copy the /etc/squid/squid.conf file and protect it from writing with the following commands entered at a terminal prompt:

 

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
sudo chmod a-w /etc/squid/squid.conf.original

 

 

  • To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:

    http_port 8888

  • Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer's hostname. In this example it is set to weezie

    visible_hostname weezie

  • Using Squid's access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl fortytwo_network src 192.168.42.0/24

    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow fortytwo_network

  • Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we'll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/42 subnetwork:

    Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file:

    acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00

    Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file:

    http_access allow biz_network biz_hours

 

[Note]  

After making changes to the /etc/squid/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:

 

sudo /etc/init.d/squid restart

 

Sources

Setting up ubuntu 10.04 (Lucid) server with squid 3 as a Transparent Proxy

Leave a reply

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Thanks to Jayson for this guide

Complete Steps in Setting up UBUNTU Server 10 with SQUID 3 as a Transparent Proxy.

Step 1. Install the Ubuntu Server 10, include LAMP if you want

Step 2. Change the network interfaces from dhcp to static

sudo nano /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.88

post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

Step 3. Install Web Admin (webmin) (Optional)

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.510-2_all.deb
dpkg –install webmin_1.510-2_all.deb
sudo apt-get -f install

https://localhost-IP ADDRES:10000

*Note Make sure you give permission to the IPTABLES ruleset to for you to access webmin over the net.

Step 4. Install ClamAV and ClamAV-freshclam

sudo apt-get install clamav clamav-freshclam

Step 5. The first step is to install squid 3

sudo apt-get install squid3

edit the squid 3 configuration file in your favorite editor

sudo nano /etc/squid3/squid.conf

and set the transparency and the allowed hosts

http_port 3128 transparent
acl our_networks src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet

where 192.168.2.0/24 is the IP range of local network. Probably you need to adjust the swap size

cache_dir ufs /var/spool/squid3 7000 16 256

here the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by

sudo /etc/init.d/squid3 restart

Step 6. Edit the /etc/sysctl.conf

sudo nano /etc/sysctl.conf

Uncomment the line that enable packet forwarding for IPv4 and IPv6

Net.ipv4.ip_forward = 1
Net.ipv6.conf.all.forwarding = 1

Step 7. Edit the IPTABLE ruleset of NAT and FILTER

sudo nano /etc/iptables.up.rules

*nat

-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j DNAT –to-destination 192.168.2.1:3128
-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j REDIRECT –to-ports 3128
-A POSTROUTING –s 192.168.2.0/24 –o eth0 –j MASQUERADE

*filter

-A INPUT –i lo –j ACCEPT
-A INPUT –m state –i eth0 –state REALATED,ESTABLISHED –j ACCEPT
-A INPUT eth1 –j ACCEPT
-A INPUT –p tcp –m tcp –dport 22 –j ACCEPT # permit ssh using putty
-A INPUT –p tcp –m tcp –dport 10000 –j ACCEPT # permit webmin access
-A INPUT –j LOG
-A INPUT –j DROP
-A FORWARD –i eth1 –j ACCEPT
-A OUTPUT –o lo –j ACCEPT
-A OUTPUT –o eth1 –j ACCEPT
-A FOWARD –o eth1 –j ACCEPT
-A FORWARD –s 192.168.2.0/24 –o eth0 –j ACCEPT
-A FORWARD –d 192.168.2.0/24 –m state –state ESTABLISHED,REALTED –I eth0 –j ACCEPT

STEP 8. Edit rc.local

sudo nano /etc/rc.local

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE

Step 9. reboot the server

Step 10. Configure the workstation for static IP Address making the LAN IP of the Ubuntu box as the gateway. Make sure that the IP Address of the work station is within the network you setup

sources